2. where can a security administrator find information on established security frameworks?
1. How can a security framework assist in the design and implementation of a security infrastructure? Show
Designing a working plan for securing the organization s information assets begins by creating or validating an existing security blueprint for the implementation of needed security controls to protect the information assets. A framework is the outline from which a more detailed blueprint evolves. The blueprint is the basis for the design, selection, and implementation of all subsequent security policies, education and training programs, and technologies. The blueprint provides scaleable, upgradeable, and comprehensive security for the coming years. The blueprint is used to plan the tasks to be accomplished and the order in which …show more content…Call to Action, define the responsibilities and Information System Audit and Control Association (ISACA Who in the organization should plan for it? In order to effectively implement security governance, the Corporate Governance Task Force (CGTF) recommends that organizations follow an established framework, such as the IDEAL framework from the Carnegie Mellon University Software Engineering Institute. This framework, which is described in the document “Information Security Governance: Call to Action,” defines the responsibilities of (1) the board of directors or trustees, (2) the senior organizational executive (i.e., CEO), (3) executive team members, (4) senior managers, and (5) all employees and users. This important document can be found at the Information Systems Audit and Control Association (ISACA) Web site at www.isaca.org/ContentManagement/ContentDisplay.cfm?ContentID=34997. 2. Where can a security administrator find information on established security frameworks? A security administrator can look to the Information Technology- Code of Practice for Information Security Management, ISO 17799/BS 7799 as well as ISO 17799/BS 7799, the NIST Security Models including the SP 800-12, 14, 18, 26, and 30, and the VISA International Security Model are just a few of the established security frameworks available. 3. What is the ISO 27000 series of standards? Which How can a security framework assist in the design and implementation of a security infrastructure? What is information security governance? Who in the organization should plan for it?
Quiz 2
At the security blueprint Quiz 3
One of the most widely referenced security models - Standard framework for information security that states organizational security policy is needed to provide management direction and support - Purpose is to give recommendations for information security management - Provides a starting point for developing organizational security Quiz 4
Each environment is unique, framework may not be the best solution. Quiz 5
SP-800 series Quiz 6
Quiz 7
Quiz 8
Quiz 9
Quiz 10
Quiz 11
Quiz 12
As soon as an incident in progress has been identified. Quiz 13
If an incident escalates or is disastrous, focuses on restoring systems at the original site. Quiz 14
Quiz 15
Quiz 16
Quiz 17
Quiz 18
Quiz 19
Quiz 20
What is the ISO 27000 series of standards which individual standards make up the series?The ISO/IEC 27001 family of standards, also known as the ISO 27000 series, is a series of best practices for improving an organization's information security policies and procedures, giving it a framework to address risks and capitalise on opportunities as it moves into the future.
Who is ultimately responsible for managing a technology who is responsible Forenforcing policy that affects the use of a technology?Policy has the ultimate responsibility for managing technology. System administrators and users are responsible for enforcing policy. Based on NIST Special Publication 800-14, there are three types of information security policies.
What is the ISO 27000 framework?What Is ISO/IEC 27000? Also known as the ISO 27000 Family of Standards, it's a series of information security standards that provide a global framework for information security management practices.
What are the differences between a policy a standard and a practice where would each be used?Policy - Written instructions that describe proper behavior. Standard - Detailed statement of what must be done to comply with policy. Practice - Examples of actions that would comply with policy.
|