Planning for Security

Description

Mind Map on Planning for Security, created by putri_rae on 08/12/2015.
putri_rae
Mind Map by putri_rae, updated more than 1 year ago
putri_rae
Created by putri_rae almost 9 years ago
103
0

Resource summary

Planning for Security
  1. Info Security Policy, Standards, and Practices
    1. Communities of interest must consider policies as the basis for all info security efforts
      1. Policies direct how issues should be addresses and tech used
        1. Shaping policy is difficult: Never conflict with laws, Stand up in court if challenged, Be properly administered
      2. Policies (org laws): course of action used by org to convey instructions from mgt to those who perform duties
      3. Types of Policy:
        1. 1) Enterprise Information Security Policy (EISP)
          1. Sets strategic direction, scope, and tone for all security efforts within the org
            1. Typically addresses compliance in 2 areas:
              1. Use of specified penalties and disciplinary action
                1. Ensure meeting requirements to establish program and responsibilities assigned to various org components
              2. 2) Issue-Specific Security Policy (ISSP)
                1. Addresses specific areas of tech; Requires frequent updates; Contains statement on org's position on specific issue
                2. 3) Systems-Specific Policy (SysSP)
                  1. Standards and procedures used when configuring/maintaining systems
                    1. Fall into 2 groups : Access control lists (ACL - Managerial Guidance SysSp) & Configuration rules - Technical Specifications SysSP
                3. ISO 27000 Series
                  1. British Standard BS7799
                    1. Adopted in 2000 as an international standard
                      1. Framework for IS that states org security policy is needed to provide mgt direction and support
                  2. Design of Security Architecture
                    1. Defense in depth
                      1. Requires org to establish sufficient security controls and safeguards, so that an intruder faces multiple layers of controls
                      2. Security perimeter
                        1. Org's security protection ends and outside world begins
                          1. xx apply to internal attacks from employee threats
                        2. Key Technological Components
                          1. Firewall, Demilitarised zone (DMZ), Intrusion detection system (IDS)
                          2. Security Education, Training, and Awareness Program
                            1. A control measure designed to reduce accidental security breaches
                              1. General knowledge employees must possess to do their jobs, familiarising them with the way to do their jobs securely
                              2. 1) Security Education
                                1. 2) Security Training
                                  1. Providing members of org with detailed info and hands-on instruction designed to prepare the mto perform their duties securely
                                    1. Customised in-house training/outsource
                                    2. 3) Security Awareness
                                      1. Designed to keep info security at the forefront of user's mind/Stimulate them to care about security
                                    Show full summary Hide full summary

                                    Similar

                                    CCNA Security Final Exam
                                    Maikel Degrande
                                    Security Guard Training
                                    Summit College
                                    ISACA CISM Exam Glossary
                                    Fred Jones
                                    Security
                                    annelieserainey
                                    Securities Regulation
                                    harpratap_singh
                                    2W151 Volume 1: Safety and Security - Quiz 7
                                    Joseph Whilden J
                                    Security Quiz Review
                                    Rylan Blah
                                    Security Policies
                                    indysingh7285
                                    2W151 Volume 1: Safety and Security - Quiz 6
                                    Joseph Whilden J
                                    Security (2)
                                    Daniel Freedman
                                    Certified Security Compliance Specialist
                                    jnkdmls