Security Mgt U3, BS7799 (Part 1)


IYM001 Mind Map on Security Mgt U3, BS7799 (Part 1), created by jjanesko on 06/04/2013.
Mind Map by jjanesko, updated more than 1 year ago
Created by jjanesko over 11 years ago

Resource summary

Security Mgt U3, BS7799 (Part 1)
  1. BS7799 (ISO 17799)
    1. originally published as a code of practice
      1. standards for information security management
        1. outlines risk analysis and management
          1. don't have to certify whole business
            1. foundations of BS7799 (image)


              • [Image:]
              1. why?
                1. develop best practice
                  1. helps realize security policy
                    1. value proposition
                      1. propmise of value to be deliverd and belief of customer in that value
                      2. introduce benchmark standards
                        1. builds business confidence
                          1. international standard
                            1. easy and flexible architecture
                              1. provide secuity
                                1. # of apps and complexity growing
                                  1. information theft
                                    1. motivations: COMIC
                                      1. Commercial
                                        1. someone gets commercial advantage by using or blocking our information
                                        2. Opportunist
                                          1. people happen upon bad security controls and suddenly have opportunity
                                          2. Monetary
                                            1. someone is paid to steal or attack
                                            2. Idealist
                                              1. hacktivist
                                              2. can-do
                                                1. they do it just because they can
                                            3. CIA
                                              1. confidentiality
                                                1. integrity
                                                  1. availability
                                                2. legislation
                                                  1. human rights act
                                                    1. computer misuse act
                                                      1. covers unauthorized
                                                        1. viewing
                                                          1. copying
                                                            1. modification
                                                          2. computer design and patent act
                                                            1. regulation of investagatory powers act
                                                              1. FAST: federation against software theft


                                                                1. Protect your IP (intellectual property)
                                                                  1. If you do not demonstrate that you had the appropriate controls in place, you will lose a case in court.
                                                            2. critical success factors
                                                              1. KPIs (key performance indicators)
                                                                1. policies, objectives, activities that reflect business objectives
                                                                  1. appropriate resources
                                                                    1. consistency with business culture
                                                                      1. visible commitment from management
                                                                        1. effective awareness, education and training
                                                                          1. distribution to all employees, partners and suppliers
                                                                          2. controls
                                                                            1. key controls
                                                                              1. info sec policy
                                                                                1. info sec education and training
                                                                                  1. security incident reporting
                                                                                    1. virus controls
                                                                                      1. business continuity planning (BCP)
                                                                                        1. software copying control
                                                                                          1. company record safegarding
                                                                                            1. data protection compliance
                                                                                              1. compliance with security policy
                                                                                              2. selection
                                                                                                1. identify business objectives
                                                                                                  1. identify business strategy
                                                                                                    1. identify controls relative to risk
                                                                                                      1. with risk, don't forget areas of inpact such as reputation and customer confidence
                                                                                                  Show full summary Hide full summary


                                                                                                  Security Mgt, ISO 27001, PDCA
                                                                                                  Exemplary Assignment Answers
                                                                                                  Security Mgt, Flashcards for ISO 27000 series
                                                                                                  Security Mgt U5, risk analysis and mgt (part 1)
                                                                                                  Security Mgt U8, Information Assurance
                                                                                                  Security Mgt U3, BS7799 (Part 2)
                                                                                                  Security Mgt U5, quantitative risk assessment forumula (image)
                                                                                                  Security Mgt U8, Incident Recovery Image
                                                                                                  Security Mgt U5, Risk Analysis Methods and Tools (image)
                                                                                                  Security Mgt U5, risk analysis & mgt (part 2)
                                                                                                  Security Mgt U10, Scope of Incident Response (chart)