Security Mgt U3, BS7799 (Part 1)

Anotações:

• [Image: https://lh6.googleusercontent.com/-f6Kk9fXgL-s/UV_a5iweR8I/AAAAAAAAAck/g0rFxMeOSJo/s600/triangle+of+bs7799.png]

1. develop best practice
2. helps realize security policy
3. value proposition
   1. propmise of value to be deliverd and belief of customer in that value
4. introduce benchmark standards
5. builds business confidence
6. international standard
7. easy and flexible architecture
8. provide secuity
   1. # of apps and complexity growing
   2. information theft
      1. motivations: COMIC
         1. Commercial
            1. someone gets commercial advantage by using or blocking our information
         2. Opportunist
            1. people happen upon bad security controls and suddenly have opportunity
         3. Monetary
            1. someone is paid to steal or attack
         4. Idealist
            1. hacktivist
         5. can-do
            1. they do it just because they can
   3. CIA
      1. confidentiality
      2. integrity
      3. availability
9. legislation
   1. human rights act
   2. computer misuse act
      1. covers unauthorized
         1. viewing
         2. copying
         3. modification
   3. computer design and patent act
   4. regulation of investagatory powers act
   5. FAST: federation against software theft

      Anotações:

      • http://www.fastiis.org/
   6. Protect your IP (intellectual property)
      1. If you do not demonstrate that you had the appropriate controls in place, you will lose a case in court.

1. info sec policy
2. info sec education and training
3. security incident reporting
4. virus controls
5. business continuity planning (BCP)
6. software copying control
7. company record safegarding
8. data protection compliance
9. compliance with security policy

1. identify business objectives
2. identify business strategy
3. identify controls relative to risk
   1. with risk, don't forget areas of inpact such as reputation and customer confidence