Security Mgt U8, Information Assurance

Beschreibung

IYM001 Mindmap am Security Mgt U8, Information Assurance, erstellt von jjanesko am 14/04/2013.
jjanesko
Mindmap von jjanesko, aktualisiert more than 1 year ago
jjanesko
Erstellt von jjanesko vor mehr als 11 Jahre
127
20

Zusammenfassung der Ressource

Security Mgt U8, Information Assurance
  1. information assurance concerned with
    1. confidentiality
      1. integrity
        1. availability
          1. legality
          2. business continuity planning (BCP)
            1. Tested plans and procedures built into the normal operations processes which allow a business to protect itself against threats
              1. includes
                1. damage limitation
                  1. recovery
                    1. emergency response
                      1. crisis management
                        1. monitoring
                          1. mitigation
                            1. acceptance of residual risk
                            2. stakeholders
                              1. employees
                                1. bankers
                                  1. suppliers
                                    1. regulators
                                      1. finance
                                        1. competitors
                                          1. shareholders
                                          2. goal
                                            1. recovery reducing the impact from untoward events
                                            2. things to identify during planning (see attached chart)

                                              Anlagen:

                                              1. what is "normal" output
                                                1. minimum acceptable output level for business
                                                  1. how long it will take to get back to full production
                                                    1. steps for replacement and repair
                                                      1. resumption time
                                                        1. this is the time from the incident to the achieving minimal acceptable output level
                                                    2. NOT a technical issue
                                                      1. board level accountability
                                                        1. ownership by business and operations
                                                          1. stress test based
                                                          2. NOT disaster recovery planning
                                                            1. DRP focuses on technology (limited scope) whereas BCP focuses on business processes
                                                          3. legislation, standards and organizations that provide guidance
                                                            1. Nimda
                                                              1. Code Red
                                                                1. SANS
                                                                  1. Turnbull compliance
                                                                    1. Basel 2
                                                                      1. ISO 17799
                                                                      2. why?
                                                                        1. minimize incident impact on org & recover from loss of information assets to an acceptable level through a combo of preventative and recovery controls
                                                                        Zusammenfassung anzeigen Zusammenfassung ausblenden

                                                                        ähnlicher Inhalt

                                                                        Security Mgt, ISO 27001, PDCA
                                                                        jjanesko
                                                                        Exemplary Assignment Answers
                                                                        jjanesko
                                                                        Security Mgt, Flashcards for ISO 27000 series
                                                                        jjanesko
                                                                        Security Mgt U5, risk analysis and mgt (part 1)
                                                                        jjanesko
                                                                        Security Mgt U3, BS7799 (Part 2)
                                                                        jjanesko
                                                                        Security Mgt U5, quantitative risk assessment forumula (image)
                                                                        jjanesko
                                                                        Security Mgt U5, risk analysis & mgt (part 2)
                                                                        jjanesko
                                                                        Security Mgt U8, Incident Recovery Image
                                                                        jjanesko
                                                                        Security Mgt U3, BS7799 (Part 1)
                                                                        jjanesko
                                                                        Security Mgt U5, Risk Analysis Methods and Tools (image)
                                                                        jjanesko
                                                                        Security Mgt U10, Scope of Incident Response (chart)
                                                                        jjanesko