Security Mgt U2, summary

Description

IYM001 Mind Map on Security Mgt U2, summary, created by jjanesko on 01/04/2013.
jjanesko
Mind Map by jjanesko, updated more than 1 year ago
jjanesko
Created by jjanesko over 11 years ago
104
19

Resource summary

Security Mgt U2, summary
  1. information security
    1. business issue
      1. has own budget
        1. has own personnel
          1. management must drive decisions
            1. business dependent on IT systems
            2. modern boundaries blurred
              1. gone from IT issue to consumer issue
                1. due to ecommerce
                2. confidentiality, integrity, availabiltiy
                  1. integrity & availability most important
                  2. resource decentralization
                    1. protect information NOT hardware
                      1. protect the business
                        1. sensible controls
                          1. usable controls
                          2. information theft
                            1. you may not notice it
                              1. not audit trail
                                1. lucky if there are logs
                                2. information risk mgt
                                  1. identify threats
                                    1. identifiy likelihood
                                      1. identify impacts
                                        1. what is data loss worth?
                                          1. company reputation
                                            1. leaked business info, competitive edge
                                          2. identify vulnerabilities
                                            1. governance
                                              1. policy
                                                1. procedure
                                              2. adequate (not perfect) protection
                                                1. people
                                                  1. financial
                                                    1. information
                                                      1. infrastructure
                                                    2. risk assessment
                                                      1. 3 components
                                                        1. threats
                                                          1. unwanted event that may result in harm to an asset
                                                          2. vulnerability
                                                            1. susceptability of asset to attack
                                                            2. impact
                                                              1. magnitude of potential loss
                                                            3. CRAM
                                                              1. tool / software / methodology
                                                                1. prompts with threats
                                                                  1. facilitates documentation
                                                                2. anecdotal examples/ comments
                                                                  1. attack sophistication has increased
                                                                    1. even though attackers have little technical knowledge
                                                                    2. security costs money
                                                                      1. identity theft
                                                                        1. phishing / pharming
                                                                          1. spoof websites
                                                                            1. social engineering
                                                                              1. DDOS
                                                                                1. more effective against small companies
                                                                                  1. attacks getting bigger
                                                                                    1. use rapid filtering to manage
                                                                                      1. usually attacks at IP level
                                                                                        1. point DNS to new IP
                                                                                          1. expensive
                                                                                        2. business is reliant on open network
                                                                                    2. governance
                                                                                      1. means by which companies are directed and controlled
                                                                                        1. accountability of board
                                                                                          1. ethical
                                                                                            1. legal
                                                                                              1. performance
                                                                                              2. needs to demonstrate compliance with rules, regulations and law
                                                                                                1. FSA
                                                                                                  1. FED
                                                                                                    1. SOX
                                                                                                      1. BASLE II
                                                                                                        1. ISO 17799
                                                                                                          1. COBIT
                                                                                                            1. ITIL
                                                                                                            2. of info sec
                                                                                                              1. means by which infosec is controlled and directed in company
                                                                                                                1. administered by top level steering committee
                                                                                                                  1. CISO provides assurance to board and regulators
                                                                                                                    1. compliance (checking)
                                                                                                                      1. audit testing
                                                                                                                        1. board level issue
                                                                                                                      2. specifyimg mode of operaion
                                                                                                                        1. policy
                                                                                                                          1. what you want to do (but not how you do it)
                                                                                                                            1. outlines responsibilities
                                                                                                                              1. outliens partner and supplier responsibilities
                                                                                                                                1. should be endorsed at all management levels
                                                                                                                                  1. identify owners of systems
                                                                                                                                    1. infrastructure (generally IT)
                                                                                                                                      1. applictaions
                                                                                                                                        1. processes (end-to-end
                                                                                                                                      2. standards
                                                                                                                                        1. specification of how we do it
                                                                                                                                        2. guidelines
                                                                                                                                          1. good practice but not required
                                                                                                                                          2. procedures
                                                                                                                                            1. specify behavior for end-to-end processes
                                                                                                                                              1. instalation
                                                                                                                                                1. operation
                                                                                                                                                  1. initialisation
                                                                                                                                                    1. support
                                                                                                                                              Show full summary Hide full summary

                                                                                                                                              Similar

                                                                                                                                              Security Mgt, ISO 27001, PDCA
                                                                                                                                              jjanesko
                                                                                                                                              Exemplary Assignment Answers
                                                                                                                                              jjanesko
                                                                                                                                              Security Mgt, Flashcards for ISO 27000 series
                                                                                                                                              jjanesko
                                                                                                                                              Security Mgt U5, risk analysis and mgt (part 1)
                                                                                                                                              jjanesko
                                                                                                                                              Security Mgt U8, Information Assurance
                                                                                                                                              jjanesko
                                                                                                                                              Security Mgt U5, quantitative risk assessment forumula (image)
                                                                                                                                              jjanesko
                                                                                                                                              Security Mgt U5, risk analysis & mgt (part 2)
                                                                                                                                              jjanesko
                                                                                                                                              Security Mgt U8, Incident Recovery Image
                                                                                                                                              jjanesko
                                                                                                                                              Security Mgt U3, BS7799 (Part 2)
                                                                                                                                              jjanesko
                                                                                                                                              Security Mgt U3, BS7799 (Part 1)
                                                                                                                                              jjanesko
                                                                                                                                              Security Mgt U5, Risk Analysis Methods and Tools (image)
                                                                                                                                              jjanesko