null
US
Entrar
Registre-se gratuitamente
Registre-se
Detectamos que o JavaScript não está habilitado no teu navegador. Habilite o Javascript para o funcionamento correto do nosso site. Por favor, leia os
Termos e Condições
para mais informações.
Próximo
Copiar e Editar
Você deve estar logado para concluir esta ação!
Inscreva-se gratuitamente
36152
Security Mgt U2, summary
Descrição
IYM001 Mapa Mental sobre Security Mgt U2, summary, criado por jjanesko em 01-04-2013.
Sem etiquetas
iym001
iym001
Mapa Mental por
jjanesko
, atualizado more than 1 year ago
Mais
Menos
Criado por
jjanesko
mais de 11 anos atrás
105
19
0
Resumo de Recurso
Security Mgt U2, summary
information security
business issue
has own budget
has own personnel
management must drive decisions
business dependent on IT systems
modern boundaries blurred
gone from IT issue to consumer issue
due to ecommerce
confidentiality, integrity, availabiltiy
integrity & availability most important
resource decentralization
protect information NOT hardware
protect the business
sensible controls
usable controls
information theft
you may not notice it
not audit trail
lucky if there are logs
information risk mgt
identify threats
identifiy likelihood
identify impacts
what is data loss worth?
company reputation
leaked business info, competitive edge
identify vulnerabilities
governance
policy
procedure
adequate (not perfect) protection
people
financial
information
infrastructure
risk assessment
3 components
threats
unwanted event that may result in harm to an asset
vulnerability
susceptability of asset to attack
impact
magnitude of potential loss
CRAM
tool / software / methodology
prompts with threats
facilitates documentation
anecdotal examples/ comments
attack sophistication has increased
even though attackers have little technical knowledge
security costs money
identity theft
phishing / pharming
spoof websites
social engineering
DDOS
more effective against small companies
attacks getting bigger
use rapid filtering to manage
usually attacks at IP level
point DNS to new IP
expensive
business is reliant on open network
governance
means by which companies are directed and controlled
accountability of board
ethical
legal
performance
needs to demonstrate compliance with rules, regulations and law
FSA
FED
SOX
BASLE II
ISO 17799
COBIT
ITIL
of info sec
means by which infosec is controlled and directed in company
administered by top level steering committee
CISO provides assurance to board and regulators
compliance (checking)
audit testing
board level issue
specifyimg mode of operaion
policy
what you want to do (but not how you do it)
outlines responsibilities
outliens partner and supplier responsibilities
should be endorsed at all management levels
identify owners of systems
infrastructure (generally IT)
applictaions
processes (end-to-end
standards
specification of how we do it
guidelines
good practice but not required
procedures
specify behavior for end-to-end processes
instalation
operation
initialisation
support
Quer criar seus próprios
Mapas Mentais
gratuitos
com a GoConqr?
Saiba mais
.
Semelhante
Security Mgt, ISO 27001, PDCA
jjanesko
Exemplary Assignment Answers
jjanesko
Security Mgt, Flashcards for ISO 27000 series
jjanesko
Security Mgt U3, BS7799 (Part 1)
jjanesko
Security Mgt U3, BS7799 (Part 2)
jjanesko
Security Mgt U5, risk analysis and mgt (part 1)
jjanesko
Security Mgt U5, Risk Analysis Methods and Tools (image)
jjanesko
Security Mgt U5, quantitative risk assessment forumula (image)
jjanesko
Security Mgt U5, risk analysis & mgt (part 2)
jjanesko
Security Mgt U8, Information Assurance
jjanesko
Security Mgt U8, Incident Recovery Image
jjanesko
Explore a Biblioteca