null
US
Sign In
Sign Up for Free
Sign Up
We have detected that Javascript is not enabled in your browser. The dynamic nature of our site means that Javascript must be enabled to function properly. Please read our
terms and conditions
for more information.
Next up
Copy and Edit
You need to log in to complete this action!
Register for Free
39473
Security Mgt U3, BS7799 (Part 1)
Description
IYM001 Mind Map on Security Mgt U3, BS7799 (Part 1), created by jjanesko on 06/04/2013.
No tags specified
iym001
iym001
Mind Map by
jjanesko
, updated more than 1 year ago
More
Less
Created by
jjanesko
over 11 years ago
144
20
0
Resource summary
Security Mgt U3, BS7799 (Part 1)
BS7799 (ISO 17799)
originally published as a code of practice
standards for information security management
outlines risk analysis and management
don't have to certify whole business
foundations of BS7799 (image)
Annotations:
[Image: https://lh6.googleusercontent.com/-f6Kk9fXgL-s/UV_a5iweR8I/AAAAAAAAAck/g0rFxMeOSJo/s600/triangle+of+bs7799.png]
why?
develop best practice
helps realize security policy
value proposition
propmise of value to be deliverd and belief of customer in that value
introduce benchmark standards
builds business confidence
international standard
easy and flexible architecture
provide secuity
# of apps and complexity growing
information theft
motivations: COMIC
Commercial
someone gets commercial advantage by using or blocking our information
Opportunist
people happen upon bad security controls and suddenly have opportunity
Monetary
someone is paid to steal or attack
Idealist
hacktivist
can-do
they do it just because they can
CIA
confidentiality
integrity
availability
legislation
human rights act
computer misuse act
covers unauthorized
viewing
copying
modification
computer design and patent act
regulation of investagatory powers act
FAST: federation against software theft
Annotations:
http://www.fastiis.org/
Protect your IP (intellectual property)
If you do not demonstrate that you had the appropriate controls in place, you will lose a case in court.
critical success factors
KPIs (key performance indicators)
policies, objectives, activities that reflect business objectives
appropriate resources
consistency with business culture
visible commitment from management
effective awareness, education and training
distribution to all employees, partners and suppliers
controls
key controls
info sec policy
info sec education and training
security incident reporting
virus controls
business continuity planning (BCP)
software copying control
company record safegarding
data protection compliance
compliance with security policy
selection
identify business objectives
identify business strategy
identify controls relative to risk
with risk, don't forget areas of inpact such as reputation and customer confidence
Show full summary
Hide full summary
Want to create your own
Mind Maps
for
free
with GoConqr?
Learn more
.
Similar
Security Mgt, ISO 27001, PDCA
jjanesko
Exemplary Assignment Answers
jjanesko
Security Mgt, Flashcards for ISO 27000 series
jjanesko
Security Mgt U3, BS7799 (Part 2)
jjanesko
Security Mgt U5, risk analysis and mgt (part 1)
jjanesko
Security Mgt U5, Risk Analysis Methods and Tools (image)
jjanesko
Security Mgt U5, quantitative risk assessment forumula (image)
jjanesko
Security Mgt U5, risk analysis & mgt (part 2)
jjanesko
Security Mgt U8, Information Assurance
jjanesko
Security Mgt U8, Incident Recovery Image
jjanesko
Security Mgt U10, world class security infrastructure
jjanesko
Browse Library