Security Mgt U3, BS7799 (Part 2)

Mind Map by jjanesko, updated more than 1 year ago
Created by jjanesko about 8 years ago


IYM001 Mind Map on Security Mgt U3, BS7799 (Part 2), created by jjanesko on 04/07/2013.

Resource summary

Security Mgt U3, BS7799 (Part 2)
1 information security infrastrcture
1.1 info sec forum
1.2 allocation of responsibilities
1.2.1 information classification guidelines ownershipt labelling management process
1.2.2 HR and legal security in job descriptions recruitment screening confidentiality and nondisclosure agreements
1.3 info sec coordination
1.3.1 user training and awareness
1.3.2 secure areas clear desk policy guidelines and security for removal of property security of data centers and computer rooms physical entry controls physical security perimeter
1.3.3 secure equipment equipment disposal security of premise equipment equipment maintenance cabling security power supplies asset inventory
1.4 independent review
1.5 cooperation between orgs
1.5.1 respond to incidents
1.5.2 reporting of security weaknesses
1.5.3 reporting software malfunctions
1.5.4 disciplinary process
1.6 specialist advice
1.7 authorization process for IT facilities
1.7.1 security of 3rd part access identify risks security conditions in contracts
2 information security management system
2.1 ISMS
2.1.1 should reduce likelihood of information security incident from occurring unwanted disclosure of info confidentiality unauthorizd changes to content integrity info not available when needed availabiility
2.1.2 2 models ISO 27001 plan,act,do,check (diagram)


  • [Image:] implementation notes from SANS Institute


  • Plan (establish the ISMS)Step 1: Establish the importance of Information Security in Business Step 2: Define the Scope for ISMSStep 3: Define the Security Policy Step 4: Establish the Security Organization StructureStep 5: Identify and Classify the AssetsStep 6: Identify and Assess the Risks Step 7: Plan for Risk Management Do (Implement and operate the ISMS)Step 8: Implement Risk Mitigation strategyStep 9: Write the Statement of ApplicabilityStep 10. Train the staff and create Security Awareness Check (monitor and review ISMS)Step 11. Monitor and Review the ISMS performance Act (Maintain and improve the ISMS)Step 12. Maintain the ISMS and ensure continual Improvement (4) STREAM assurance model


  • [Image:] Link to STREAM information


2.1.3 definition of ISMS (link from Martin Warren)


2.2 information security disciplines
2.2.1 compliance
2.2.2 business continuity management
2.2.3 infosec incident management
2.2.4 system acquisition
2.2.5 access control
2.2.6 communication and operations management
2.2.7 physical and environmental security
2.2.8 human resource security
2.2.9 asset management
2.2.10 organizational security
2.2.11 security policy
3 management framework certification requirements
3.1 1. define policy
3.2 2. define scope
3.2.1 characteristics of org
3.2.2 location
3.2.3 assets
3.2.4 technology
3.3 3. undertake risk assessment
3.3.1 threats
3.3.2 vulnerabilities
3.3.3 impacts
3.3.4 degree of risks
3.4 4. manage risks
3.5 5. select control objectives
3.5.1 identify controls and rationale
3.5.2 identify excluded controls and rationale
3.6 6. prepare statement of applicability
Show full summary Hide full summary


Security Mgt, ISO 27001, PDCA
Security Mgt, Flashcards for ISO 27000 series
Exemplary Assignment Answers
Security Mgt U5, risk analysis and mgt (part 1)
Security Mgt U5, quantitative risk assessment forumula (image)
Security Mgt U3, BS7799 (Part 1)
Security Mgt U8, Incident Recovery Image
Security Mgt U8, Information Assurance
Security Mgt U5, risk analysis & mgt (part 2)
Security Mgt U5, Risk Analysis Methods and Tools (image)
Security Mgt U10, Scope of Incident Response (chart)