null
US
Entrar
Registre-se gratuitamente
Registre-se
Detectamos que o JavaScript não está habilitado no teu navegador. Habilite o Javascript para o funcionamento correto do nosso site. Por favor, leia os
Termos e Condições
para mais informações.
Próximo
Copiar e Editar
Você deve estar logado para concluir esta ação!
Inscreva-se gratuitamente
4196288
Planning for Security
Descrição
Mapa Mental sobre Planning for Security, criado por putri_rae em 08-12-2015.
Sem etiquetas
security
Mapa Mental por
putri_rae
, atualizado more than 1 year ago
Mais
Menos
Criado por
putri_rae
quase 9 anos atrás
103
0
0
Resumo de Recurso
Planning for Security
Info Security Policy, Standards, and Practices
Communities of interest must consider policies as the basis for all info security efforts
Policies direct how issues should be addresses and tech used
Shaping policy is difficult: Never conflict with laws, Stand up in court if challenged, Be properly administered
Policies (org laws): course of action used by org to convey instructions from mgt to those who perform duties
Types of Policy:
1) Enterprise Information Security Policy (EISP)
Sets strategic direction, scope, and tone for all security efforts within the org
Typically addresses compliance in 2 areas:
Use of specified penalties and disciplinary action
Ensure meeting requirements to establish program and responsibilities assigned to various org components
2) Issue-Specific Security Policy (ISSP)
Addresses specific areas of tech; Requires frequent updates; Contains statement on org's position on specific issue
3) Systems-Specific Policy (SysSP)
Standards and procedures used when configuring/maintaining systems
Fall into 2 groups : Access control lists (ACL - Managerial Guidance SysSp) & Configuration rules - Technical Specifications SysSP
ISO 27000 Series
British Standard BS7799
Adopted in 2000 as an international standard
Framework for IS that states org security policy is needed to provide mgt direction and support
Design of Security Architecture
Defense in depth
Requires org to establish sufficient security controls and safeguards, so that an intruder faces multiple layers of controls
Security perimeter
Org's security protection ends and outside world begins
xx apply to internal attacks from employee threats
Key Technological Components
Firewall, Demilitarised zone (DMZ), Intrusion detection system (IDS)
Security Education, Training, and Awareness Program
A control measure designed to reduce accidental security breaches
General knowledge employees must possess to do their jobs, familiarising them with the way to do their jobs securely
1) Security Education
2) Security Training
Providing members of org with detailed info and hands-on instruction designed to prepare the mto perform their duties securely
Customised in-house training/outsource
3) Security Awareness
Designed to keep info security at the forefront of user's mind/Stimulate them to care about security
Quer criar seus próprios
Mapas Mentais
gratuitos
com a GoConqr?
Saiba mais
.
Semelhante
CCNA Security Final Exam
Maikel Degrande
Security Guard Training
Summit College
ISACA CISM Exam Glossary
Fred Jones
Security
annelieserainey
Securities Regulation
harpratap_singh
2W151 Volume 1: Safety and Security - Quiz 7
Joseph Whilden J
Security Quiz Review
Rylan Blah
Security Policies
indysingh7285
2W151 Volume 1: Safety and Security - Quiz 6
Joseph Whilden J
Security (2)
Daniel Freedman
Certified Security Compliance Specialist
jnkdmls
Explore a Biblioteca