Скачать презентацию Chapter 1 we will talk about Скачать презентацию Chapter 1 we will talk about

4dc03d21d3c8a36aadce5c81238a210d.ppt

  • Количество слайдов: 104

Chapter 1 – we will talk about Chapter 1 – we will talk about

Confidentiality (60) Confidentiality (60)

Integrity (60) Integrity (60)

Integrity Example Integrity Example

Integrity Integrity

Availability Availability

Security Management Security Management

Security Management Security Management

Security Management Security Management

IMPORTANT REMINDER IMPORTANT REMINDER

Security Controls Security Controls

Functional vs. Assurance Functional vs. Assurance

Security Definitions* Security Definitions*

Vulnerability* (61) Vulnerability* (61)

Threat * Threat *

Threat Agent Threat Agent

Risk Risk

Exposure Exposure

Countermeasure or Safeguard Countermeasure or Safeguard

End of risk terms End of risk terms

Organizational Security Models Organizational Security Models

Organization Security Models Organization Security Models

Goals* Goals*

Break? Break?

What are risks* What are risks*

Risks Risks

Risk management Risk management

IRM policy IRM policy

IRM team (83) IRM team (83)

Risk Analysis (83) Risk Analysis (83)

Risk Analysis Goals (83) Risk Analysis Goals (83)

2 types of analysis 2 types of analysis

Quantitative (92) Quantitative (92)

Quantitative Analysis (93) Quantitative Analysis (93)

Step 4: Derive the ALE (95) Step 4: Derive the ALE (95)

Details of Reducing Risk (102) Details of Reducing Risk (102)

Details of Reducing Risk (102) Details of Reducing Risk (102)

Word Problem Word Problem

Word Problem Answer Word Problem Answer

Qualitative Risk Analysis Qualitative Risk Analysis

Qualitative (98) Qualitative (98)

Delphi* (100) Delphi* (100)

Modified Delphi Modified Delphi

Review of Q vs. Q Review of Q vs. Q

Security Policy* (110) Security Policy* (110)

Security Policy (110) Security Policy (110)

Security Policy Security Policy

Standards* (112) Standards* (112)

Baseline* (113) Baseline* (113)

Baseline Baseline

Guidelines* (114) Guidelines* (114)

Procedures* (114) Procedures* (114)

Random Terminology* Random Terminology*

Review of Policies, Standards… Review of Policies, Standards…

Information Classification (117) Information Classification (117)

Information Classification Information Classification

Classification Controls Classification Controls

Classification Controls Classification Controls

Positions and Responsibilities Positions and Responsibilities

Data Owner* (130) Data Owner* (130)

Data Owner* Data Owner*

Data Custodian* (131) Data Custodian* (131)

System Owner (131) System Owner (131)

Security Administrator* (132) Security Administrator* (132)

Security Analyst* (132) Security Analyst* (132)

Application Owner* (132) Application Owner* (132)

Supervisor (132) Supervisor (132)

Data Analyst (133) Data Analyst (133)

Process Owner (133) Process Owner (133)

Solution Provider Solution Provider

User * (134) User * (134)

Auditor* (134) Auditor* (134)

Auditor (not in book) Auditor (not in book)

Enough of the positions Enough of the positions

Separation of Duties* Separation of Duties*

Collusion* (136) Collusion* (136)

Hiring Practices* (136) Hiring Practices* (136)

Rotation of Duties* (138) Rotation of Duties* (138)

Mandatory Vacations* (139) Mandatory Vacations* (139)

Split Knowledge* (138) Split Knowledge* (138)

Dual Control Dual Control

Employee Termination* Employee Termination*

OK chapter review OK chapter review