Security Mgt U3, BS7799 (Part 1)

Mind Map by , created over 6 years ago

IYM001 Mind Map on Security Mgt U3, BS7799 (Part 1), created by jjanesko on 04/06/2013.

Created by jjanesko over 6 years ago
Security Mgt U8, Incident Recovery Image
Security Mgt: Legislation, Organizations, Standards
Security Mgt U3, BS7799 (Part 2)
Sociological Perspectives
Aula Invertida
Security Mgt, ISO 27001, PDCA
Security Mgt, Flashcards for ISO 27000 series
Exemplary Assignment Answers
Security Mgt U5, quantitative risk assessment forumula (image)
Security Mgt U5, risk analysis and mgt (part 1)
Security Mgt U3, BS7799 (Part 1)
1 BS7799 (ISO 17799)
1.1 originally published as a code of practice
1.2 standards for information security management
1.3 outlines risk analysis and management
1.4 don't have to certify whole business
1.5 foundations of BS7799 (image)


  • [Image:]
1.6 why?
1.6.1 develop best practice
1.6.2 helps realize security policy
1.6.3 value proposition propmise of value to be deliverd and belief of customer in that value
1.6.4 introduce benchmark standards
1.6.5 builds business confidence
1.6.6 international standard
1.6.7 easy and flexible architecture
1.6.8 provide secuity # of apps and complexity growing information theft motivations: COMIC Commercial someone gets commercial advantage by using or blocking our information Opportunist people happen upon bad security controls and suddenly have opportunity Monetary someone is paid to steal or attack Idealist hacktivist can-do they do it just because they can CIA confidentiality integrity availability
1.6.9 legislation human rights act computer misuse act covers unauthorized viewing copying modification computer design and patent act regulation of investagatory powers act FAST: federation against software theft


  • Protect your IP (intellectual property) If you do not demonstrate that you had the appropriate controls in place, you will lose a case in court.
2 critical success factors
2.1 KPIs (key performance indicators)
2.2 policies, objectives, activities that reflect business objectives
2.3 appropriate resources
2.4 consistency with business culture
2.5 visible commitment from management
2.6 effective awareness, education and training
2.7 distribution to all employees, partners and suppliers
3 controls
3.1 key controls
3.1.1 info sec policy
3.1.2 info sec education and training
3.1.3 security incident reporting
3.1.4 virus controls
3.1.5 business continuity planning (BCP)
3.1.6 software copying control
3.1.7 company record safegarding
3.1.8 data protection compliance
3.1.9 compliance with security policy
3.2 selection
3.2.1 identify business objectives
3.2.2 identify business strategy
3.2.3 identify controls relative to risk with risk, don't forget areas of inpact such as reputation and customer confidence

Media attachments