Security Mgt U8, Information Assurance

Mind Map by , created over 6 years ago

IYM001 Mind Map on Security Mgt U8, Information Assurance, created by jjanesko on 04/14/2013.

Created by jjanesko over 6 years ago
Security Mgt U8, Incident Recovery Image
Security Mgt U5, risk analysis and mgt (part 1)
Security Mgt: Legislation, Organizations, Standards
10 Study Techniques
A-level Sociology Quiz
Chuck Amobi
Security Mgt, ISO 27001, PDCA
Security Mgt U3, BS7799 (Part 1)
Security Mgt, Flashcards for ISO 27000 series
Exemplary Assignment Answers
Security Mgt U5, quantitative risk assessment forumula (image)
Security Mgt U8, Information Assurance
1 information assurance concerned with
1.1 confidentiality
1.2 integrity
1.3 availability
1.4 legality
2 business continuity planning (BCP)
2.1 Tested plans and procedures built into the normal operations processes which allow a business to protect itself against threats
2.1.1 includes damage limitation recovery emergency response crisis management monitoring mitigation acceptance of residual risk
2.1.2 stakeholders employees bankers suppliers regulators finance competitors shareholders
2.1.3 goal recovery reducing the impact from untoward events
2.1.4 things to identify during planning (see attached chart)

Attachments: what is "normal" output minimum acceptable output level for business how long it will take to get back to full production steps for replacement and repair resumption time this is the time from the incident to the achieving minimal acceptable output level
2.2 NOT a technical issue
2.2.1 board level accountability
2.2.2 ownership by business and operations
2.2.3 stress test based
2.3 NOT disaster recovery planning
2.3.1 DRP focuses on technology (limited scope) whereas BCP focuses on business processes
3 legislation, standards and organizations that provide guidance
3.1 Nimda
3.2 Code Red
3.3 SANS
3.4 Turnbull compliance
3.5 Basel 2
3.6 ISO 17799
4 why?
4.1 minimize incident impact on org & recover from loss of information assets to an acceptable level through a combo of preventative and recovery controls

Media attachments