null
US
Sign In
Sign Up for Free
Sign Up
We have detected that Javascript is not enabled in your browser. The dynamic nature of our site means that Javascript must be enabled to function properly. Please read our
terms and conditions
for more information.
Next up
Copy and Edit
You need to log in to complete this action!
Register for Free
4196288
Planning for Security
Description
Mind Map on Planning for Security, created by putri_rae on 08/12/2015.
No tags specified
security
Mind Map by
putri_rae
, updated more than 1 year ago
More
Less
Created by
putri_rae
almost 9 years ago
103
0
0
Resource summary
Planning for Security
Info Security Policy, Standards, and Practices
Communities of interest must consider policies as the basis for all info security efforts
Policies direct how issues should be addresses and tech used
Shaping policy is difficult: Never conflict with laws, Stand up in court if challenged, Be properly administered
Policies (org laws): course of action used by org to convey instructions from mgt to those who perform duties
Types of Policy:
1) Enterprise Information Security Policy (EISP)
Sets strategic direction, scope, and tone for all security efforts within the org
Typically addresses compliance in 2 areas:
Use of specified penalties and disciplinary action
Ensure meeting requirements to establish program and responsibilities assigned to various org components
2) Issue-Specific Security Policy (ISSP)
Addresses specific areas of tech; Requires frequent updates; Contains statement on org's position on specific issue
3) Systems-Specific Policy (SysSP)
Standards and procedures used when configuring/maintaining systems
Fall into 2 groups : Access control lists (ACL - Managerial Guidance SysSp) & Configuration rules - Technical Specifications SysSP
ISO 27000 Series
British Standard BS7799
Adopted in 2000 as an international standard
Framework for IS that states org security policy is needed to provide mgt direction and support
Design of Security Architecture
Defense in depth
Requires org to establish sufficient security controls and safeguards, so that an intruder faces multiple layers of controls
Security perimeter
Org's security protection ends and outside world begins
xx apply to internal attacks from employee threats
Key Technological Components
Firewall, Demilitarised zone (DMZ), Intrusion detection system (IDS)
Security Education, Training, and Awareness Program
A control measure designed to reduce accidental security breaches
General knowledge employees must possess to do their jobs, familiarising them with the way to do their jobs securely
1) Security Education
2) Security Training
Providing members of org with detailed info and hands-on instruction designed to prepare the mto perform their duties securely
Customised in-house training/outsource
3) Security Awareness
Designed to keep info security at the forefront of user's mind/Stimulate them to care about security
Show full summary
Hide full summary
Want to create your own
Mind Maps
for
free
with GoConqr?
Learn more
.
Similar
CCNA Security Final Exam
Maikel Degrande
Security Guard Training
Summit College
ISACA CISM Exam Glossary
Fred Jones
Security
annelieserainey
Securities Regulation
harpratap_singh
2W151 Volume 1: Safety and Security - Quiz 7
Joseph Whilden J
Security Quiz Review
Rylan Blah
Security Policies
indysingh7285
2W151 Volume 1: Safety and Security - Quiz 6
Joseph Whilden J
Security (2)
Daniel Freedman
Certified Security Compliance Specialist
jnkdmls
Browse Library