Security Mgt U2, summary

jjanesko
Mind Map by , created over 6 years ago

IYM001 Mind Map on Security Mgt U2, summary, created by jjanesko on 04/01/2013.

78
19
0
Tags
jjanesko
Created by jjanesko over 6 years ago
Security Mgt U8, Incident Recovery Image
jjanesko
Security Mgt: Legislation, Organizations, Standards
jjanesko
Security Mgt U5, risk analysis & mgt (part 2)
jjanesko
An Inspector Calls
Georgia 27
GCSE CHEMISTRY UNIT 2 STRUCTURE AND BONDING
mustafizk
Security Mgt, ISO 27001, PDCA
jjanesko
Security Mgt U3, BS7799 (Part 1)
jjanesko
Security Mgt, Flashcards for ISO 27000 series
jjanesko
Exemplary Assignment Answers
jjanesko
Security Mgt U5, quantitative risk assessment forumula (image)
jjanesko
Security Mgt U2, summary
1 information security
1.1 business issue
1.1.1 has own budget
1.1.2 has own personnel
1.1.3 management must drive decisions
1.1.4 business dependent on IT systems
1.2 modern boundaries blurred
1.3 gone from IT issue to consumer issue
1.3.1 due to ecommerce
1.4 confidentiality, integrity, availabiltiy
1.4.1 integrity & availability most important
1.5 resource decentralization
1.6 protect information NOT hardware
1.7 protect the business
1.7.1 sensible controls
1.7.2 usable controls
1.8 information theft
1.8.1 you may not notice it
1.8.2 not audit trail
1.8.3 lucky if there are logs
1.9 information risk mgt
1.9.1 identify threats
1.9.2 identifiy likelihood
1.9.3 identify impacts
1.9.3.1 what is data loss worth?
1.9.3.1.1 company reputation
1.9.3.1.2 leaked business info, competitive edge
1.9.4 identify vulnerabilities
1.9.5 governance
1.9.5.1 policy
1.9.5.2 procedure
1.10 adequate (not perfect) protection
1.10.1 people
1.10.2 financial
1.10.3 information
1.10.4 infrastructure
2 risk assessment
2.1 3 components
2.1.1 threats
2.1.1.1 unwanted event that may result in harm to an asset
2.1.2 vulnerability
2.1.2.1 susceptability of asset to attack
2.1.3 impact
2.1.3.1 magnitude of potential loss
2.2 CRAM
2.2.1 tool / software / methodology
2.2.1.1 prompts with threats
2.2.1.2 facilitates documentation
2.3 anecdotal examples/ comments
2.3.1 attack sophistication has increased
2.3.1.1 even though attackers have little technical knowledge
2.3.2 security costs money
2.3.3 identity theft
2.3.4 phishing / pharming
2.3.5 spoof websites
2.3.6 social engineering
2.3.7 DDOS
2.3.7.1 more effective against small companies
2.3.7.2 attacks getting bigger
2.3.7.3 use rapid filtering to manage
2.3.7.4 usually attacks at IP level
2.3.7.4.1 point DNS to new IP
2.3.7.4.1.1 expensive
2.3.7.5 business is reliant on open network
3 governance
3.1 means by which companies are directed and controlled
3.2 accountability of board
3.2.1 ethical
3.2.2 legal
3.2.3 performance
3.3 needs to demonstrate compliance with rules, regulations and law
3.3.1 FSA
3.3.2 FED
3.3.3 SOX
3.3.4 BASLE II
3.3.5 ISO 17799
3.3.6 COBIT
3.3.7 ITIL
3.4 of info sec
3.4.1 means by which infosec is controlled and directed in company
3.4.2 administered by top level steering committee
3.4.3 CISO provides assurance to board and regulators
3.4.3.1 compliance (checking)
3.4.3.2 audit testing
3.4.3.3 board level issue
3.5 specifyimg mode of operaion
3.5.1 policy
3.5.1.1 what you want to do (but not how you do it)
3.5.1.2 outlines responsibilities
3.5.1.3 outliens partner and supplier responsibilities
3.5.1.4 should be endorsed at all management levels
3.5.1.5 identify owners of systems
3.5.1.5.1 infrastructure (generally IT)
3.5.1.5.2 applictaions
3.5.1.5.3 processes (end-to-end
3.5.2 standards
3.5.2.1 specification of how we do it
3.5.3 guidelines
3.5.3.1 good practice but not required
3.5.4 procedures
3.5.4.1 specify behavior for end-to-end processes
3.5.4.1.1 instalation
3.5.4.1.2 operation
3.5.4.1.3 initialisation
3.5.4.1.4 support

Media attachments