Security Mgt U3, BS7799 (Part 1)

jjanesko
Mind Map by , created over 6 years ago

IYM001 Mind Map on Security Mgt U3, BS7799 (Part 1), created by jjanesko on 04/06/2013.

108
20
0
Tags
jjanesko
Created by jjanesko over 6 years ago
Security Mgt U8, Incident Recovery Image
jjanesko
Security Mgt: Legislation, Organizations, Standards
jjanesko
Security Mgt U3, BS7799 (Part 2)
jjanesko
Sociological Perspectives
dousl002
Aula Invertida
The JAZ
Security Mgt, ISO 27001, PDCA
jjanesko
Security Mgt, Flashcards for ISO 27000 series
jjanesko
Exemplary Assignment Answers
jjanesko
Security Mgt U5, quantitative risk assessment forumula (image)
jjanesko
Security Mgt U5, risk analysis and mgt (part 1)
jjanesko
Security Mgt U3, BS7799 (Part 1)
1 BS7799 (ISO 17799)
1.1 originally published as a code of practice
1.2 standards for information security management
1.3 outlines risk analysis and management
1.4 don't have to certify whole business
1.5 foundations of BS7799 (image)

Annotations:

  • [Image: https://lh6.googleusercontent.com/-f6Kk9fXgL-s/UV_a5iweR8I/AAAAAAAAAck/g0rFxMeOSJo/s600/triangle+of+bs7799.png]
1.6 why?
1.6.1 develop best practice
1.6.2 helps realize security policy
1.6.3 value proposition
1.6.3.1 propmise of value to be deliverd and belief of customer in that value
1.6.4 introduce benchmark standards
1.6.5 builds business confidence
1.6.6 international standard
1.6.7 easy and flexible architecture
1.6.8 provide secuity
1.6.8.1 # of apps and complexity growing
1.6.8.2 information theft
1.6.8.2.1 motivations: COMIC
1.6.8.2.1.1 Commercial
1.6.8.2.1.1.1 someone gets commercial advantage by using or blocking our information
1.6.8.2.1.2 Opportunist
1.6.8.2.1.2.1 people happen upon bad security controls and suddenly have opportunity
1.6.8.2.1.3 Monetary
1.6.8.2.1.3.1 someone is paid to steal or attack
1.6.8.2.1.4 Idealist
1.6.8.2.1.4.1 hacktivist
1.6.8.2.1.5 can-do
1.6.8.2.1.5.1 they do it just because they can
1.6.8.3 CIA
1.6.8.3.1 confidentiality
1.6.8.3.2 integrity
1.6.8.3.3 availability
1.6.9 legislation
1.6.9.1 human rights act
1.6.9.2 computer misuse act
1.6.9.2.1 covers unauthorized
1.6.9.2.1.1 viewing
1.6.9.2.1.2 copying
1.6.9.2.1.3 modification
1.6.9.3 computer design and patent act
1.6.9.4 regulation of investagatory powers act
1.6.9.5 FAST: federation against software theft

Annotations:

  • http://www.fastiis.org/
1.6.9.6 Protect your IP (intellectual property)
1.6.9.6.1 If you do not demonstrate that you had the appropriate controls in place, you will lose a case in court.
2 critical success factors
2.1 KPIs (key performance indicators)
2.2 policies, objectives, activities that reflect business objectives
2.3 appropriate resources
2.4 consistency with business culture
2.5 visible commitment from management
2.6 effective awareness, education and training
2.7 distribution to all employees, partners and suppliers
3 controls
3.1 key controls
3.1.1 info sec policy
3.1.2 info sec education and training
3.1.3 security incident reporting
3.1.4 virus controls
3.1.5 business continuity planning (BCP)
3.1.6 software copying control
3.1.7 company record safegarding
3.1.8 data protection compliance
3.1.9 compliance with security policy
3.2 selection
3.2.1 identify business objectives
3.2.2 identify business strategy
3.2.3 identify controls relative to risk
3.2.3.1 with risk, don't forget areas of inpact such as reputation and customer confidence

Media attachments