Welcome to Scribd!

Chapter 03

Uploaded by

0% found this document useful (0 votes)

14 views2 pages

This document discusses information security and risk management. It covers security management responsibilities and using a top-down approach to security. It also discusses security administration controls, organizational security models, information risk management policies, risk analysis, security policies, information classification, layers of responsibility for security roles, and security awareness training. The goal is to provide an overview of establishing an information security program.

Original Description:

Copyright

Available Formats

DOCX, PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Copyright:

Attribution Non-Commercial (BY-NC)

Available Formats

Download as DOCX, PDF, TXT or read online from Scribd

Flag for inappropriate content

0% found this document useful (0 votes)

14 views2 pages

Chapter 03

Uploaded by

Rex Lau

Copyright:

Attribution Non-Commercial (BY-NC)

Available Formats

Download as DOCX, PDF, TXT or read online from Scribd

Flag for inappropriate content

Jump to Page

You are on page 1of 2

Search inside document

CHAPER 03 Information Security and Risk Management p45-152 1. Security Management a. Security Management Responsibilities b.

. The Top-Down Approach to Security 2. Security Administration and Supporting Controls a. Fundamental Principle of Security b. Availability c. Integrity d. Confidentiality e. Security Definitions f. Security Through Obscurity 3. Organizational Security Model a. Security Program Components b. Security Frameworks c. Security Governance d. Security Program Development
i. ii. iii. iv. Plan and organize Implement Operate and Maintain Monitor and evaluate

4. Information Risk Management a. Information Risk Management Policy b. Risk Management Team 5. Risk Analysis a. Risk Analysis Team
i. Risk Ownership

b. c. d. e. f.

The Value of Information and Assets Costs That Make Up the Value Identifying Threats Analysis Failure and Fault Risk Analysis Quantitative
i. Automated Risk Analysis Methods ii. Steps of Risk Analysis 1) Assign Value to Assets 2) Estimate Potential Loss per Threat 3) Perform a Threat Analysis 4) Derive the Overall Annual Loss Potential per Threat 5) Reduce, Transfer, Avoid or Accept the Risk iii. Results of Risk Analysis

g. Qualitative Risk Analysis h. Quantitative vs. Qualitative i. Protection Mechanism j. Putting It Together Risk k. Total Risk vs. Residual l. Handling Risk 6. Policies, Standards, Baselines, Guidelines and Procedures a. Security Policy b. Standards c. Baselines d. Guidelines

CHAPER 03 Information Security and Risk Management p45-152 e. Procedures f. Implementation 7. Information Classification a. Private Business vs. Military Classifications b. Classification Controls 8. Layers of Responsibility a. Whos Involved
i. ii. iii. iv. v. vi. vii. Board of Directors Executive Management The Chief Information Officer The Chief Privacy Officer The Chief Security Officer Committee The IS Security Steering The Audit Committee

b. The Data Owner c. The Data Custodian d. The System Owner e. The Security Administrator f. The Security Analyst g. The Application Owner h. The Supervisor i. The Change Control Analyst j. The Data Analyst k. The Process Owner l. The Solution Provider m. The User n. The Product Line Manager o. The Auditor p. Why so many Roles? q. Personnel r. Structure s. Hiring Practices t. Employee Control u. Termination 9. Security-Awareness Training a. Different Types of Security-Awareness Training b. Evaluating the Program c. Specialized Security Training 10. Summary

Study Guide: Certified Information Systems Security Officer
Document33 pages
Study Guide: Certified Information Systems Security Officer
ellococareloco
100% (1)
10341D1 Test1
Document9 pages
10341D1 Test1
my009.tk
No ratings yet
1 Post Class Quiz Answer 2
Document13 pages
1 Post Class Quiz Answer 2
gintokidmc
50% (2)
Information Security Governance and Risk Management
Document6 pages
Information Security Governance and Risk Management
jbrackett239
No ratings yet
Exam Format Score Multiple Choice Questions (60 Score)
Document14 pages
Exam Format Score Multiple Choice Questions (60 Score)
Muhammad Irfan
100% (5)
Concise Guide to CompTIA Security +
From Everand
Concise Guide to CompTIA Security +
alasdair gilchrist
Rating: 3 out of 5 stars
3/5 (2)
Facility Security Plan
Document35 pages
Facility Security Plan
Kayal Vizhi
No ratings yet
AMC To OR - GEN - 200 - A - 1
Document5 pages
AMC To OR - GEN - 200 - A - 1
delp pqm
No ratings yet
MID Term Info Sec
Document56 pages
MID Term Info Sec
wildnixon
100% (1)
0-CISSP Flash Cards Draft 6-6-2010
Document126 pages
0-CISSP Flash Cards Draft 6-6-2010
Maurício Silva
No ratings yet
Air Car Airlines PVT LTD ACAPL/SMS-A/01 Safety Management System Manual
Document14 pages
Air Car Airlines PVT LTD ACAPL/SMS-A/01 Safety Management System Manual
Hemantkumar Tung
No ratings yet
Masryyyy
Document4 pages
Masryyyy
Yousef El Masry
No ratings yet
CSE 6203 - Lecture 01
Document18 pages
CSE 6203 - Lecture 01
Sumit Pramanik
No ratings yet
Cybrary Training
Document113 pages
Cybrary Training
Janki A N
No ratings yet
Module - 5: Protection of Information Assets
Document118 pages
Module - 5: Protection of Information Assets
Raghu Vamsi
No ratings yet
Safetymanagementsystem 12853207285734 Phpapp01
Document19 pages
Safetymanagementsystem 12853207285734 Phpapp01
Bambang Setyo Utomo
No ratings yet
Risk Analysis Nina Godbole
Document23 pages
Risk Analysis Nina Godbole
Rupesh Akula
No ratings yet
A.K Sharma, STQC
Document31 pages
A.K Sharma, STQC
Kings Park
No ratings yet
Asm 1
Document6 pages
Asm 1
hassaanrazaaa
No ratings yet
Safety Management System Structure: What Is A SMS?
Document8 pages
Safety Management System Structure: What Is A SMS?
Sayed Abbas
No ratings yet
00 - Introduction To CRISC Certification v1.01
Document35 pages
00 - Introduction To CRISC Certification v1.01
melita irma
No ratings yet
Class 6 Quiz A Solutions
Document4 pages
Class 6 Quiz A Solutions
Md Mamunur Rashid Mamun
No ratings yet
Safety Educationand Training
Document6 pages
Safety Educationand Training
shamshad ahamed
No ratings yet
CISM D1 Questions
Document7 pages
CISM D1 Questions
Jonathan Evans
No ratings yet
CISM Sample Exam Questions
Document37 pages
CISM Sample Exam Questions
Dark Storm Wolf
No ratings yet
2022 Strategic Forecasting and Risk Analysis - Introduction - Lecture 3
Document89 pages
2022 Strategic Forecasting and Risk Analysis - Introduction - Lecture 3
Vengesai
No ratings yet
Chapter 3
Document19 pages
Chapter 3
Rajib Ali bhutto
No ratings yet
Management & Safety
Document25 pages
Management & Safety
Jawad Ahmad Bin Khan
No ratings yet
01 ISAA Introduction 1
Document31 pages
01 ISAA Introduction 1
Rakesh Patel
No ratings yet
Governance Chapter 11 Nina Mae Diaz
Document3 pages
Governance Chapter 11 Nina Mae Diaz
Niña Mae Diaz
No ratings yet
Course Name: Aviation Safety and Security Systems Assessment Element: Individual Assignment (SMS)
Document8 pages
Course Name: Aviation Safety and Security Systems Assessment Element: Individual Assignment (SMS)
Shin Thant
No ratings yet
How To Prepare For The CISSP Exam: Outline, Study Tips & Strategy
Document37 pages
How To Prepare For The CISSP Exam: Outline, Study Tips & Strategy
Dodo winy
No ratings yet
Governance Chap 4
Document56 pages
Governance Chap 4
Gian Negparanon
No ratings yet
Document
Document13 pages
Document
Gian Negparanon
No ratings yet
Module 5
Document118 pages
Module 5
Naresh Batra Associates
No ratings yet
Chapter11 Corgov
Document2 pages
Chapter11 Corgov
EANNA15
No ratings yet
Course Work
Document7 pages
Course Work
Sadiobankz
No ratings yet
Iso 27001
Document43 pages
Iso 27001
SRISHTI MALHOTRA
100% (1)
CISSP Study Guide
Document73 pages
CISSP Study Guide
Steve Norfolk
92% (12)
Policy Framework
Document3 pages
Policy Framework
puja_sarkar_2
No ratings yet
CISM Outline Description
Document2 pages
CISM Outline Description
CKrishnaKishore
No ratings yet
CISM
Document2 pages
CISM
Zaid H. Abureesh
0% (1)
Industrial Safety Summit 2018: "Building Safe Workplaces - Process Safety and Risk Management"
Document7 pages
Industrial Safety Summit 2018: "Building Safe Workplaces - Process Safety and Risk Management"
Brijesh Gajjar
No ratings yet
Post-Class Quiz:: Information Security and Risk Management Domain
Document13 pages
Post-Class Quiz:: Information Security and Risk Management Domain
helmikurniawan77
No ratings yet
Certification Study Guide - CC by Kevin Henry
Document37 pages
Certification Study Guide - CC by Kevin Henry
R Nil
No ratings yet
Post-Class Quiz:: Information Security and Risk Management Domain
Document13 pages
Post-Class Quiz:: Information Security and Risk Management Domain
Faz Noize
No ratings yet
U3 - Event Risk Management
Document14 pages
U3 - Event Risk Management
Rahul Kandera
No ratings yet
Checklist Risk Management
Document2 pages
Checklist Risk Management
rcamargo
No ratings yet
Isms Report
Document5 pages
Isms Report
Wanambisi Jnr
No ratings yet
Iso 17799
Document44 pages
Iso 17799
deltafx1
No ratings yet
Unit 3
Document4 pages
Unit 3
Akash Shukla
No ratings yet
Latihan 2
Document13 pages
Latihan 2
Cici Aprilia
No ratings yet
MGT 209 - CH 11 Notes
Document7 pages
MGT 209 - CH 11 Notes
Amiel Christian Mendoza
No ratings yet
Exercises Security Risk Management & Ethics
Document12 pages
Exercises Security Risk Management & Ethics
ahmadjoe04
No ratings yet
Business Security Procedures To Protect Assets and Employees
Document4 pages
Business Security Procedures To Protect Assets and Employees
gashraft61
No ratings yet
Robust Security Infrastructure - Short Duration Course - Combined 1
Document75 pages
Robust Security Infrastructure - Short Duration Course - Combined 1
Rizky Rahman
No ratings yet
EC-Council Certified Incident Handler
Document20 pages
EC-Council Certified Incident Handler
dhazh007
No ratings yet
ISO 31000-2009 Risk Management-Principles & Guidelines Checklist
Document6 pages
ISO 31000-2009 Risk Management-Principles & Guidelines Checklist
migant12
No ratings yet
Unit 3 - Threat Modelling
Document13 pages
Unit 3 - Threat Modelling
Nivedhitha
No ratings yet
Building a Corporate Culture of Security: Strategies for Strengthening Organizational Resiliency
From Everand
Building a Corporate Culture of Security: Strategies for Strengthening Organizational Resiliency
John Sullivant
No ratings yet