Security Mgt U3, BS7799 (Part 2)

Description

IYM001 Mind Map on Security Mgt U3, BS7799 (Part 2), created by jjanesko on 07/04/2013.
jjanesko
Mind Map by jjanesko, updated more than 1 year ago
jjanesko
Created by jjanesko over 11 years ago
140
20

Resource summary

Security Mgt U3, BS7799 (Part 2)
  1. information security infrastrcture
    1. info sec forum
      1. allocation of responsibilities
        1. information classification
          1. guidelines
            1. ownershipt
              1. labelling
                1. management process
                2. HR and legal
                  1. security in job descriptions
                    1. recruitment screening
                      1. confidentiality and nondisclosure agreements
                    2. info sec coordination
                      1. user training and awareness
                        1. secure areas
                          1. clear desk policy
                            1. guidelines and security for removal of property
                              1. security of data centers and computer rooms
                                1. physical entry controls
                                  1. physical security perimeter
                                  2. secure equipment
                                    1. equipment disposal
                                      1. security of premise equipment
                                        1. equipment maintenance
                                          1. cabling security
                                            1. power supplies
                                              1. asset inventory
                                            2. independent review
                                              1. cooperation between orgs
                                                1. respond to incidents
                                                  1. reporting of security weaknesses
                                                    1. reporting software malfunctions
                                                      1. disciplinary process
                                                      2. specialist advice
                                                        1. authorization process for IT facilities
                                                          1. security of 3rd part access
                                                            1. identify risks
                                                              1. security conditions in contracts
                                                          2. information security management system
                                                            1. ISMS
                                                              1. should reduce likelihood of information security incident from occurring
                                                                1. unwanted disclosure of info
                                                                  1. confidentiality
                                                                  2. unauthorizd changes to content
                                                                    1. integrity
                                                                    2. info not available when needed
                                                                      1. availabiility
                                                                    3. 2 models
                                                                      1. ISO 27001 plan,act,do,check (diagram)

                                                                        Annotations:

                                                                        • [Image: https://lh3.googleusercontent.com/-s39uB51Echw/UWFvWRPIe2I/AAAAAAAAAd8/zdNqs8Vh65g/w490-h428-p-o/plan%252Cact%252Ccheck%252Cdo.png]
                                                                        1. implementation notes from SANS Institute

                                                                          Annotations:

                                                                          • http://www.giac.org/paper/gsec/2693/implementation-methodology-information-security-management-system-to-comply-bs-7799-requi/104600
                                                                          • Plan (establish the ISMS)Step 1: Establish the importance of Information Security in Business Step 2: Define the Scope for ISMSStep 3: Define the Security Policy Step 4: Establish the Security Organization StructureStep 5: Identify and Classify the AssetsStep 6: Identify and Assess the Risks Step 7: Plan for Risk Management Do (Implement and operate the ISMS)Step 8: Implement Risk Mitigation strategyStep 9: Write the Statement of ApplicabilityStep 10. Train the staff and create Security Awareness Check (monitor and review ISMS)Step 11. Monitor and Review the ISMS performance Act (Maintain and improve the ISMS)Step 12. Maintain the ISMS and ensure continual Improvement (4)
                                                                        2. STREAM assurance model

                                                                          Annotations:

                                                                          • [Image: https://lh6.googleusercontent.com/-nJbCRVJ3yvk/UWFxe30hU8I/AAAAAAAAAeM/kJlvfXO0HU4/w529-h375-p-o/streamassurancemodel.png]
                                                                          1. Link to STREAM information

                                                                            Annotations:

                                                                            • http://az290931.vo.msecnd.net/www.infosec.co.uk/__novadocuments/22363x$query$xvx$eq$x634965468272370000
                                                                        3. definition of ISMS (link from Martin Warren)

                                                                          Annotations:

                                                                          • http://securityaa.com/About%20ISMS.html
                                                                        4. information security disciplines
                                                                          1. compliance
                                                                            1. business continuity management
                                                                              1. infosec incident management
                                                                                1. system acquisition
                                                                                  1. access control
                                                                                    1. communication and operations management
                                                                                      1. physical and environmental security
                                                                                        1. human resource security
                                                                                          1. asset management
                                                                                            1. organizational security
                                                                                              1. security policy
                                                                                            2. management framework certification requirements
                                                                                              1. 1. define policy
                                                                                                1. 2. define scope
                                                                                                  1. characteristics of org
                                                                                                    1. location
                                                                                                      1. assets
                                                                                                        1. technology
                                                                                                        2. 3. undertake risk assessment
                                                                                                          1. threats
                                                                                                            1. vulnerabilities
                                                                                                              1. impacts
                                                                                                                1. degree of risks
                                                                                                                2. 4. manage risks
                                                                                                                  1. 5. select control objectives
                                                                                                                    1. identify controls and rationale
                                                                                                                      1. identify excluded controls and rationale
                                                                                                                      2. 6. prepare statement of applicability
                                                                                                                      Show full summary Hide full summary

                                                                                                                      Similar

                                                                                                                      Security Mgt, ISO 27001, PDCA
                                                                                                                      jjanesko
                                                                                                                      Exemplary Assignment Answers
                                                                                                                      jjanesko
                                                                                                                      Security Mgt, Flashcards for ISO 27000 series
                                                                                                                      jjanesko
                                                                                                                      Security Mgt U5, risk analysis and mgt (part 1)
                                                                                                                      jjanesko
                                                                                                                      Security Mgt U8, Information Assurance
                                                                                                                      jjanesko
                                                                                                                      Security Mgt U5, quantitative risk assessment forumula (image)
                                                                                                                      jjanesko
                                                                                                                      Security Mgt U5, risk analysis & mgt (part 2)
                                                                                                                      jjanesko
                                                                                                                      Security Mgt U8, Incident Recovery Image
                                                                                                                      jjanesko
                                                                                                                      Security Mgt U3, BS7799 (Part 1)
                                                                                                                      jjanesko
                                                                                                                      Security Mgt U5, Risk Analysis Methods and Tools (image)
                                                                                                                      jjanesko
                                                                                                                      Security Mgt U10, Scope of Incident Response (chart)
                                                                                                                      jjanesko