1604597
Description
Mind Map by virusqin2357, updated more than 1 year ago
|
Created by virusqin2357
about 10 years ago
|
|
information security
- information security maturity
- the impact of this is the more
organisations are in low-end
information security model means
taht more vulnerabilities that have
in terms of business population
- the impact of this is the more
organisations are in low-end
information security model means
taht more vulnerabilities that have
in terms of business population
- core principles
- confidentiality
- integriy
- accountability
- assurance&privacy&availability
- authenticity &non-repudiation
- what can the organisation do
by those principles
- highlights aspects of IS comes into AnO is not only about
infrastructure ,it is something that is virtual,not easily seen.the
principles are provisional good quality information for rights
users in right time to make decisions and operate within the
context of BE
- highlights aspects of IS comes into AnO is not only about
infrastructure ,it is something that is virtual,not easily seen.the
principles are provisional good quality information for rights
users in right time to make decisions and operate within the
context of BE
- confidentiality
- quality , accessibility
and usability are main
concerns
- wrong perception of IS within the organisation will
be the weakest point of the chain at the beginning
- why it is important ? why
does it need to be secured
in context of business
- IS is not meant to slow don a
company but rather to enhance and
facilitate safer growth.
- it can improve organisational performance that reduce the cost,lower overhead only if
organisations make the right. reduce the risk requires clear and demonstrated governance,
achievable IS strategy, dedicated budget,planning and projects that deliver.it can help
organisation project images that have impacts on both customers and business
- IS is not meant to slow don a
company but rather to enhance and
facilitate safer growth.
- it is used in at least two
sense: condition &
safeguards
- condition in which harm does not
arise despite the occurrence of
threat
- safeguards whose
purpose is to achieve
that condition
- condition in which harm does not
arise despite the occurrence of
threat
- Divers
- internal drives : increase needs to provide services
regardless of location and type of end-user and increase
consumer complaints about misuse of personal and
confidential information.
- external drivers: increase legal liability for lack of due care in
the protection of personal information and legislative and
regulatory compliance requirements
- internal drives : increase needs to provide services
regardless of location and type of end-user and increase
consumer complaints about misuse of personal and
confidential information.
- benefits it enables confidence and assurance and the
protection of business assets and the fulfillment of the
organisation's mission and vision
- the things or aspects that
business manager will care
- Vicarious liability
- senior officers can be held criminally
liable for the lack of due care and due
diligence
- senior officers can be held criminally
liable for the lack of due care and due
diligence
- Vicarious liability
- Control
- control types
- Detrrent
- preventive
- detective
- corrective
- recovery
- compensating
- Detrrent
- Due care(establishment of control)
- Control categories
- physical
- Technical
- operational
- administrative
- physical
- Due diligence(maintenance of control)
- differences between those two and those implications
- due care shows that organisation has taken
responsibilities for activities that take place and
protect the organisation and its resources and
employees from the potential threats.
- due diligence is implementing the
control and ensuring the controls
are monitored and updated all the
time
- implications: if the company does not practice those two pertaining to
the security of its assets and can be legally charged with negligence and
held accountable for any ramifications of that negligence
- due care shows that organisation has taken
responsibilities for activities that take place and
protect the organisation and its resources and
employees from the potential threats.
- differences between those two and those implications
- control types
- a shift in security perspecitves
- information security is more than just technology; poor
information security are usually the result of poor management
rather than poor technical controls
- information security is more than just technology; poor
information security are usually the result of poor management
rather than poor technical controls
Media attachments
Want to create your own Mind Maps for free with GoConqr? Learn more.