Security Mgt U3, BS7799 (Part 2)

jjanesko
Mind Map by jjanesko, updated more than 1 year ago
jjanesko
Created by jjanesko about 8 years ago
105
20

Description

IYM001 Mind Map on Security Mgt U3, BS7799 (Part 2), created by jjanesko on 04/07/2013.

Resource summary

Security Mgt U3, BS7799 (Part 2)
1 information security infrastrcture
1.1 info sec forum
1.2 allocation of responsibilities
1.2.1 information classification
1.2.1.1 guidelines
1.2.1.2 ownershipt
1.2.1.3 labelling
1.2.1.4 management process
1.2.2 HR and legal
1.2.2.1 security in job descriptions
1.2.2.2 recruitment screening
1.2.2.3 confidentiality and nondisclosure agreements
1.3 info sec coordination
1.3.1 user training and awareness
1.3.2 secure areas
1.3.2.1 clear desk policy
1.3.2.2 guidelines and security for removal of property
1.3.2.3 security of data centers and computer rooms
1.3.2.4 physical entry controls
1.3.2.5 physical security perimeter
1.3.3 secure equipment
1.3.3.1 equipment disposal
1.3.3.2 security of premise equipment
1.3.3.3 equipment maintenance
1.3.3.4 cabling security
1.3.3.5 power supplies
1.3.3.6 asset inventory
1.4 independent review
1.5 cooperation between orgs
1.5.1 respond to incidents
1.5.2 reporting of security weaknesses
1.5.3 reporting software malfunctions
1.5.4 disciplinary process
1.6 specialist advice
1.7 authorization process for IT facilities
1.7.1 security of 3rd part access
1.7.1.1 identify risks
1.7.1.2 security conditions in contracts
2 information security management system
2.1 ISMS
2.1.1 should reduce likelihood of information security incident from occurring
2.1.1.1 unwanted disclosure of info
2.1.1.1.1 confidentiality
2.1.1.2 unauthorizd changes to content
2.1.1.2.1 integrity
2.1.1.3 info not available when needed
2.1.1.3.1 availabiility
2.1.2 2 models
2.1.2.1 ISO 27001 plan,act,do,check (diagram)

Annotations:

  • [Image: https://lh3.googleusercontent.com/-s39uB51Echw/UWFvWRPIe2I/AAAAAAAAAd8/zdNqs8Vh65g/w490-h428-p-o/plan%252Cact%252Ccheck%252Cdo.png]
2.1.2.1.1 implementation notes from SANS Institute

Annotations:

  • http://www.giac.org/paper/gsec/2693/implementation-methodology-information-security-management-system-to-comply-bs-7799-requi/104600
  • Plan (establish the ISMS)Step 1: Establish the importance of Information Security in Business Step 2: Define the Scope for ISMSStep 3: Define the Security Policy Step 4: Establish the Security Organization StructureStep 5: Identify and Classify the AssetsStep 6: Identify and Assess the Risks Step 7: Plan for Risk Management Do (Implement and operate the ISMS)Step 8: Implement Risk Mitigation strategyStep 9: Write the Statement of ApplicabilityStep 10. Train the staff and create Security Awareness Check (monitor and review ISMS)Step 11. Monitor and Review the ISMS performance Act (Maintain and improve the ISMS)Step 12. Maintain the ISMS and ensure continual Improvement (4)
2.1.2.2 STREAM assurance model

Annotations:

  • [Image: https://lh6.googleusercontent.com/-nJbCRVJ3yvk/UWFxe30hU8I/AAAAAAAAAeM/kJlvfXO0HU4/w529-h375-p-o/streamassurancemodel.png]
2.1.2.2.1 Link to STREAM information

Annotations:

  • http://az290931.vo.msecnd.net/www.infosec.co.uk/__novadocuments/22363x$query$xvx$eq$x634965468272370000
2.1.3 definition of ISMS (link from Martin Warren)

Annotations:

  • http://securityaa.com/About%20ISMS.html
2.2 information security disciplines
2.2.1 compliance
2.2.2 business continuity management
2.2.3 infosec incident management
2.2.4 system acquisition
2.2.5 access control
2.2.6 communication and operations management
2.2.7 physical and environmental security
2.2.8 human resource security
2.2.9 asset management
2.2.10 organizational security
2.2.11 security policy
3 management framework certification requirements
3.1 1. define policy
3.2 2. define scope
3.2.1 characteristics of org
3.2.2 location
3.2.3 assets
3.2.4 technology
3.3 3. undertake risk assessment
3.3.1 threats
3.3.2 vulnerabilities
3.3.3 impacts
3.3.4 degree of risks
3.4 4. manage risks
3.5 5. select control objectives
3.5.1 identify controls and rationale
3.5.2 identify excluded controls and rationale
3.6 6. prepare statement of applicability
Show full summary Hide full summary

Similar

Security Mgt, ISO 27001, PDCA
jjanesko
Security Mgt, Flashcards for ISO 27000 series
jjanesko
Exemplary Assignment Answers
jjanesko
Security Mgt U5, risk analysis and mgt (part 1)
jjanesko
Security Mgt U5, quantitative risk assessment forumula (image)
jjanesko
Security Mgt U3, BS7799 (Part 1)
jjanesko
Security Mgt U8, Incident Recovery Image
jjanesko
Security Mgt U8, Information Assurance
jjanesko
Security Mgt U5, risk analysis & mgt (part 2)
jjanesko
Security Mgt U5, Risk Analysis Methods and Tools (image)
jjanesko
Security Mgt U10, Scope of Incident Response (chart)
jjanesko