null
US
Iniciar Sesión
Regístrate Gratis
Registro
Hemos detectado que no tienes habilitado Javascript en tu navegador. La naturaleza dinámica de nuestro sitio requiere que Javascript esté habilitado para un funcionamiento adecuado. Por favor lee nuestros
términos y condiciones
para más información.
Siguiente
Copiar y Editar
¡Debes iniciar sesión para completar esta acción!
Regístrate gratis
36152
Security Mgt U2, summary
Descripción
IYM001 Mapa Mental sobre Security Mgt U2, summary, creado por jjanesko el 01/04/2013.
Sin etiquetas
iym001
iym001
Mapa Mental por
jjanesko
, actualizado hace más de 1 año
Más
Menos
Creado por
jjanesko
hace más de 11 años
105
19
0
Resumen del Recurso
Security Mgt U2, summary
information security
business issue
has own budget
has own personnel
management must drive decisions
business dependent on IT systems
modern boundaries blurred
gone from IT issue to consumer issue
due to ecommerce
confidentiality, integrity, availabiltiy
integrity & availability most important
resource decentralization
protect information NOT hardware
protect the business
sensible controls
usable controls
information theft
you may not notice it
not audit trail
lucky if there are logs
information risk mgt
identify threats
identifiy likelihood
identify impacts
what is data loss worth?
company reputation
leaked business info, competitive edge
identify vulnerabilities
governance
policy
procedure
adequate (not perfect) protection
people
financial
information
infrastructure
risk assessment
3 components
threats
unwanted event that may result in harm to an asset
vulnerability
susceptability of asset to attack
impact
magnitude of potential loss
CRAM
tool / software / methodology
prompts with threats
facilitates documentation
anecdotal examples/ comments
attack sophistication has increased
even though attackers have little technical knowledge
security costs money
identity theft
phishing / pharming
spoof websites
social engineering
DDOS
more effective against small companies
attacks getting bigger
use rapid filtering to manage
usually attacks at IP level
point DNS to new IP
expensive
business is reliant on open network
governance
means by which companies are directed and controlled
accountability of board
ethical
legal
performance
needs to demonstrate compliance with rules, regulations and law
FSA
FED
SOX
BASLE II
ISO 17799
COBIT
ITIL
of info sec
means by which infosec is controlled and directed in company
administered by top level steering committee
CISO provides assurance to board and regulators
compliance (checking)
audit testing
board level issue
specifyimg mode of operaion
policy
what you want to do (but not how you do it)
outlines responsibilities
outliens partner and supplier responsibilities
should be endorsed at all management levels
identify owners of systems
infrastructure (generally IT)
applictaions
processes (end-to-end
standards
specification of how we do it
guidelines
good practice but not required
procedures
specify behavior for end-to-end processes
instalation
operation
initialisation
support
Mostrar resumen completo
Ocultar resumen completo
¿Quieres crear tus propios
Mapas Mentales
gratis
con GoConqr?
Más información
.
Similar
Security Mgt, ISO 27001, PDCA
jjanesko
Exemplary Assignment Answers
jjanesko
Security Mgt, Flashcards for ISO 27000 series
jjanesko
Security Mgt U3, BS7799 (Part 1)
jjanesko
Security Mgt U3, BS7799 (Part 2)
jjanesko
Security Mgt U5, risk analysis and mgt (part 1)
jjanesko
Security Mgt U5, Risk Analysis Methods and Tools (image)
jjanesko
Security Mgt U5, quantitative risk assessment forumula (image)
jjanesko
Security Mgt U5, risk analysis & mgt (part 2)
jjanesko
Security Mgt U8, Information Assurance
jjanesko
Security Mgt U8, Incident Recovery Image
jjanesko
Explorar la Librería