Security Mgt U3, BS7799 (Part 1)

Descrição

IYM001 Mapa Mental sobre Security Mgt U3, BS7799 (Part 1), criado por jjanesko em 06-04-2013.
jjanesko
Mapa Mental por jjanesko, atualizado more than 1 year ago
jjanesko
Criado por jjanesko mais de 11 anos atrás
145
20

Resumo de Recurso

Security Mgt U3, BS7799 (Part 1)
  1. BS7799 (ISO 17799)
    1. originally published as a code of practice
      1. standards for information security management
        1. outlines risk analysis and management
          1. don't have to certify whole business
            1. foundations of BS7799 (image)

              Anotações:

              • [Image: https://lh6.googleusercontent.com/-f6Kk9fXgL-s/UV_a5iweR8I/AAAAAAAAAck/g0rFxMeOSJo/s600/triangle+of+bs7799.png]
              1. why?
                1. develop best practice
                  1. helps realize security policy
                    1. value proposition
                      1. propmise of value to be deliverd and belief of customer in that value
                      2. introduce benchmark standards
                        1. builds business confidence
                          1. international standard
                            1. easy and flexible architecture
                              1. provide secuity
                                1. # of apps and complexity growing
                                  1. information theft
                                    1. motivations: COMIC
                                      1. Commercial
                                        1. someone gets commercial advantage by using or blocking our information
                                        2. Opportunist
                                          1. people happen upon bad security controls and suddenly have opportunity
                                          2. Monetary
                                            1. someone is paid to steal or attack
                                            2. Idealist
                                              1. hacktivist
                                              2. can-do
                                                1. they do it just because they can
                                            3. CIA
                                              1. confidentiality
                                                1. integrity
                                                  1. availability
                                                2. legislation
                                                  1. human rights act
                                                    1. computer misuse act
                                                      1. covers unauthorized
                                                        1. viewing
                                                          1. copying
                                                            1. modification
                                                          2. computer design and patent act
                                                            1. regulation of investagatory powers act
                                                              1. FAST: federation against software theft

                                                                Anotações:

                                                                • http://www.fastiis.org/
                                                                1. Protect your IP (intellectual property)
                                                                  1. If you do not demonstrate that you had the appropriate controls in place, you will lose a case in court.
                                                            2. critical success factors
                                                              1. KPIs (key performance indicators)
                                                                1. policies, objectives, activities that reflect business objectives
                                                                  1. appropriate resources
                                                                    1. consistency with business culture
                                                                      1. visible commitment from management
                                                                        1. effective awareness, education and training
                                                                          1. distribution to all employees, partners and suppliers
                                                                          2. controls
                                                                            1. key controls
                                                                              1. info sec policy
                                                                                1. info sec education and training
                                                                                  1. security incident reporting
                                                                                    1. virus controls
                                                                                      1. business continuity planning (BCP)
                                                                                        1. software copying control
                                                                                          1. company record safegarding
                                                                                            1. data protection compliance
                                                                                              1. compliance with security policy
                                                                                              2. selection
                                                                                                1. identify business objectives
                                                                                                  1. identify business strategy
                                                                                                    1. identify controls relative to risk
                                                                                                      1. with risk, don't forget areas of inpact such as reputation and customer confidence

                                                                                                  Semelhante

                                                                                                  Security Mgt, ISO 27001, PDCA
                                                                                                  jjanesko
                                                                                                  Exemplary Assignment Answers
                                                                                                  jjanesko
                                                                                                  Security Mgt, Flashcards for ISO 27000 series
                                                                                                  jjanesko
                                                                                                  Security Mgt U3, BS7799 (Part 2)
                                                                                                  jjanesko
                                                                                                  Security Mgt U5, risk analysis and mgt (part 1)
                                                                                                  jjanesko
                                                                                                  Security Mgt U5, Risk Analysis Methods and Tools (image)
                                                                                                  jjanesko
                                                                                                  Security Mgt U5, quantitative risk assessment forumula (image)
                                                                                                  jjanesko
                                                                                                  Security Mgt U5, risk analysis & mgt (part 2)
                                                                                                  jjanesko
                                                                                                  Security Mgt U8, Information Assurance
                                                                                                  jjanesko
                                                                                                  Security Mgt U8, Incident Recovery Image
                                                                                                  jjanesko
                                                                                                  Security Mgt U10, world class security infrastructure
                                                                                                  jjanesko