CISSP Week 2
The 4 Steps In Risk Analysis
1. Risk Identification • Determine risks, identify hazards, • Who or what can be harmed and how?
2. Risk Assessment
3. Implement policies and controls
4. Monitor systems and practices involved 5. Promote awareness
Stage 1 of the 4 stages of a Security Plan Life Cycle(Plan and Organize)
Plan & Organize
•Establish management commitment
•Establish oversight committees
•Management steering & oversight
Assess business drivers / goals
•Create a threat profile for the organization
•Conduct a risk assessment
• Develop security architecture at an organizational,application, network and component level
•Identify solutions per architecture level
•Obtain management approval to move forward
Stage 2 of the 4 Stages of the Securuty Plan life. cycle (Implement)
Implement
•Assign roles & responsibilities
•Develop and implement security policies, procedures, standards, baselines & guidelines
•Identify sensitive data (at rest and in transit) •Implement safeguards/programs
•Implement solutions (per program)
•Develop auditing and monitoring solutions per program (for compliance purposes)
•Change control procedures •Incident response
•Establish goals and metrics per program
Srage 3 of the 4 Stages Security Plan (Operate and Maintain)
Operate & Maintain
•Follow procedures to ensure that all baselines are met in each implemented program
•Carry out internal and external audits
•Carry out tasks outlined per program
• Manage service level agreements per program
Stage 4 of 4 Stages of Security Plan (Monitor and Evaluate)
Monitor & Evaluate
•Review logs, audit results, and SLAs per program
•Assess goal accomplishments per program
•Quarterly Steering Committee meetings
•Recommend changes for improvement
Roles of the Security Administrator
Assist data owners in determining what type of access an employee should have
•Security administration ensures access control is implemented and monitored
•Data owner is often the senior executive or head of department
•Held responsible for data protection and assigning security classifications
•Can be found negligent if not following due care
3 Types of Securiy Controls(Administrative, Technical, Physical
Administrative Controls :
•Developing and publishing of policies, standards, procedures and guidelines •Risk management
•Screening of personnel
•Security awareness training
•Implementing change control procedures
Technical Controls (Logical Controls):
•Primarily for automated or electronic systems
•Configuration of security device & infrastructure
•Implement and maintain access control mechanisms •Password and resource management
•Identification and authentication methods
•Security devices & infrastructure
3. Physical Controls:
•Tangible mechanism (ex. A fence, a lock, a door)
•Controlling individual access into the facility and different departments
•Locking systems and removing unnecessary drives •
Floppy/CD-Rom, USB
•Protecting the perimeter of the facility
• Monitor for intrusion •Environmental controls
explain Security Through Obscurity
Improper understanding of risks can lead to bad security practices
Security Through Obscurity
•This leads to simple and sloppy mistakes and false sense of security
•Lack of understanding typically leads to believing your opponent (attacker) is less intelligent that you
•Relying on security through confusion or obscurity
Example: Leaving a spare house key in your mailbox
Example: Change web server default port to 8080 •
Example: Rename directory •
Security Through Obscurity
Can be used as a layer of security, but not a •.strategy!
The Three areas of Security Planning
Operational •Short term goals
Tactical •Mid term goals
Strategic •Long term goals
6 principles of CObit security FrameWork
CobiT was derived from COSO framework developed by the Committee of Sponsoring Organizations in 1985 to deal with fraudulent financial reporting •Released in 1996, there is now a CobIT 2019
•CObIT presents six principles for a governance system:
1. Meet stakeholder needs,
2. Holistic approach,
3. Dynamic governance system,
4. Distinct governance from management,
5. Tailored to enterprise needs,
6. End-to-end governance system
The 5Ares of the COSO. Security Framework
There are 5 COSO Areas • The Committee of Sponsoring Organizations of the Treadway Commission (COSO)
1. Control Environment
•Management philosophy & operating style
•Company culture toward fraud and ethics
2. Risk Assessment
•Establish risk level
•Manage change
3. Control Activities
•Policies, procedures & practices to mitigate risk
4. Information and Communication
•Organizational structure to ensure information is provided to the right levels of management
5. Monitoring
•Detect and respond to control deficiencies
COSO vs CObit
CobiT is model for IT (Information Technology) governance
•COSO model for corporate governance
•COSO deals more with strategic level
•CobiT deals more with operational level
•CobiT & COSO identify what achieve is to be achieved not how to it
| Cuestionario |
|---|
| social studys |
| blood and lymphatics of head and neck |
| fundamentos e teoria organizacional UNIDADE 1 |
| skull |
| división de la economia |
| pares craneales |
| biomed - innervation of head and neck |
| 2 Do Parcial |
| vjezbe |
| WC ISLAM Test |
| pedagogisk ledarskap |
| Gaby |
| restoration FINAL DATES |
| Embalsamamiento - copia |
| orações subordinadas substantivas subjetiva |
| orações subordinadas |
| migration FULL DATES |
| bio 20 |
| Lectures 2, 3, 4 |
| Present Perfect |
| Japanska |
| Cuisine: cooking & discussing dishes |
| Korea |
| Anglais voc |
| LEXICON |
| corroto |
| Embalsamamiento |
| Civil |
| Conectors |
| Biologi 2: Nervsystemet |
| rights and responsibilities |
| Ripasso manuale storia medievale |
| Rights and responsibilites citizenship gcse |
| chapitre 6 |
| Autores y obras griego |
| U.7 |
| U.6 |
| U.4 and U.5 |
| U.3 |
| Abbreviations |
| Biologia 1 |
| Fisica 1 |
| Danny |
| tnpsc unit 8 |
| social development: parenting and families |
| manual de operaciones de guerra irregular |
| 1987 Philippine Constitution |
| tema 2 recursos humanos |
| U.2 |
| 2.Biologie 11/2 Dissimilation - Kopie |
| atypical gender devlopment |
| sintaxis |
| 2.Biologie 11/2 Dissimilation Julian |
| synonyms and antonyms |
| Canadian Confederation |
| chapitre 5 |
| Concepto de energía y ley de conservación de la energía |
| Métodos de separación de mezclas |
| Sustancias puras y mezclas homo y hetero |
| Estados de agregación (sólido, líquido y gaseoso)y cambio de estado |
| Ley de conservación de la masa |
| Fenómenos físicos y químicos (materia) |
| ENV 101 |
| codigo de justicia militar |
| UPPLYSNINGEN |
| ÅRTAL FRANSKA REVOLUTIONEN |
| FRANSKA REVOLUTIONEN 2 |
| Tema 1 recursos humNos |
| Dutch |
| MIX 3 (400 PAGS) |
| LAB QUIZ 7 |
| introduction to guidance |
| gr 4 eng |
| Eng fal gr 4 |
| pizze |
| engelska 3 |
| lo |
| Expressões em ingles |
| slt explanations for gender |
| Business |
| Business |
| Interior design: planning, décor and repairs |
| MIX 2 (400 PAGS) |
| FRANSKA REVOLUTIONEN |
| Science review |
| Science |
| Social |
| acides et bases forts faibles |
| bränsle |
| bränsle och utsläpp från bilar |
| tolc |
| psychological treatment for schiz |
| Aminoácidos y sus estructuras |
| root/combing vowel |
| avvikande prov |
| Gaser |
| Diagnóstico, monitoramento e reporte da sustentabilidade corporativa |
| alfabetização e letramento |
| A TEST- Urinary system- molecules |
| 02- come si chiama? |
| Přímačky FZS |
| BIO 2102 EXAM 4 |
| PROF PRAC |
| anatomy |
| Gov't Final (Part I) |
| TYPES OF SPORTS |
| Paes historia- Parte dos |
| 01- come sta? |
| Vegetariers |
| cell division |
| Meteorologia |
| PARTE 2 |
| ABBREVAITION |
| PRUEBA CIVIL |
| musculo-squelettique - copie |
| vocabulario 8 |
| vocabulario 7 |
| Indicatif: Futur Simple |
| Indicatif: Passé Composé |
| Indicatif: Présent |
| Examen 2 |
| consonantal,ditongo, |
| morfologia e sintaxe |
| regência verbal |
| Personalidad S13 |
| historia |
| Motivación y emoción s14 |
| anatomía y fisiología |
| Evolución |
| Leyes de Mendel |
| ADN |
| Características de los seres vivos |
| Metabolismo celular |
| Reproducción |
| Ciclo celular |
| Transporte de membrana |
| Transporte celular |
| Teoría de la evolución |
| Bio elementos |
| Teorias de la biología |
| Ácidos Nucleicos |
| Ramas de la biología |
| french |
| chimie ♡ |
| vocabulario 3.5 |
| Distintivo M |
| Distintivo M |
| Duits schritt 24 (3vwo) |
| systeme musculosquelettique |
| Alexis |
| KSI - youtuber |
| kap 22 |
| Chapitre 4 |
| IZS/MKS |
| Chapter 6 |
| A TEST- Urinary system - Angiotensin system |
| Ak🐷 |
| Muskler |
| hrvatski |
| Chapter 6 convos |
| Partie du corps |
| arabiska (irakiska) |
| human resources |
| Skelettet |
| sociologia della comunicazione |
| Blues, jazz, country |
| BINGO words |
| Farmacia |
| Celulas |
| geo |
| Science test |
| Intención comunicativa del texto periodístico y de opinión |
| Inferencia de ideas en el texto periodístico y de opinión |
| Interpretación de ideas (texto periodístico y de opinión) |
| Interpretación de ideas (texyo periodístico y de opinión) |
| tercer parcial |
| Clasificación de los textos periodísticos |
| Tipología textual (en la totalidad o en fragmentos del texto periodístico/opinió |
| Jerarquización de ideas en el texto periodístico y dé opinión |
| Noticia (qué, quién, cómo, cuándo, dónde y por qué? |
| Figuras retóricas(metáfora, símil, hipérbole, personificación, paradoja |
| Intención comunicativa del texto narrativo y poético |
| Inferencias de ideas (texto narrativo y poético) |
| Interpretación de ideas (texto narrativo y poético) |
| Textos narrativos: novela, cuento, leyenda, mito, fábula y epopeya |
| Jerarquización de ideas en el texto poético y narrativo |
| Texto narrativo: narrador, tipo de personajes, espacio, tiempo y acción |
| Estructura textual del texto narrativo y poético |
| Anatomia |
| Intención comunicativa (texto expositivo y argumentativo) |
| Inferencia de ideas(texyo expositivo y argumentativo) |
| Interpretación de ideas (texto argumentativo y expositivo) |
| Jerarquización de ideas (texto argumentativo y expositivo) |
| Organizador textual(tipo de relaciones para exponer información y argumentación) |
| Estructura textual(partes del texto expositivo y argumentativo) |
| Participación ciudadana en el entorno mexicano, político y social |
| Apertura democrática y princiales artículos constitucionales del estado mexicano |
| Estructura del Estado mexicano |
| Derechos humanos y la participación de las organizaciones sociales en México |
| Impacto en la sociedad de las principales organizaciones y partidos políticos |
| Química |
| Ventajas y desventajas de la globalización |
| El proceso de globalización |
| Características de las globalización |
| Funcionamiento de los sectores económicos y sociales en México |
| Factores de la producción y elementos del flujo circular de una economía abierta |
| Impacto de los modelos económicos implementados en México |
| Características de los modelos económicos de México de 1940 hasta ahora |
| Modelos economicos (en México) |
| Variables económicas (entorno socioeconómico de México) |
| Categorías económicas, crecimiento, desarrollo y su desarrollo (México) |
| Guerra fría |
| Organismos internacionales (entorno socioeconómico de México) |
| Tratados inetarnacionales (entorno socioeconómico de México) |
| Nuevo orden geopolítico (reordenación geopolítica y económica de la posguerra)) |
| whf quiz #57-64 |
| Segunda Guerra mundial |
| Crisis de 1929 en México |
| Ciclo económico capitalista de México |
| Características de los modos de producción (evolución social en Méx) |
| Elementos de la estructura y superestructura de los modelos de producción México |
| Globalización y nuevo orden económico (neoliberalismo en México) |
| Modelo liberal en México y sus repercusiones |
| Neoliberalismo en México |
| Características del neoliberalismo en México |
| Movimientos sociales y sus repercusiones (estado benefactor y su crisis) |
| Organizaciones políticas y sociales (estado benefactor y su crisis) |
| Gobiernos de la crisis (estado benefactor y su crisis) |
| Contexto mundial (Estado benefector y su crisis) |
| Milagro mexicano |
| Proceso de institucionalización del Estado (historia de México contemporáneo) |
| Revolución Mexicana |
| profisões / Jobs and Occupations |
| Crisis del porfiriato |
| Porfiriato |
| Imperialismo (historia de México contemporáneo) |
| La reforma y consolidación del liberalismo en México (historia de México contemporáneo) |
| Proyectos liberal y conservador (historia de México contemporáneo) |
| Proceso de independencia (historia de México contemporáneo) |
| Estructuras coloniales (historia de México contemporáneo) |
| Proceso de conquista (historia de México contemporáneo) |
| Proceso de conquista (historia de México contemporáneo) |
| Europa de los siglos xv y xvi (historia de México contemporáneo) |
| Culturas mesoamericanas |
| Corrientes de interpretación histórica (historia de México contemporáneo) |
| vigilância sanitária legislação e normas |
| Informatica |
| vistoria administrativa vigilância sanitária |
| noções de saúde pública, epidemiologia e saneamento |
| Conceptualización de la historia de México contemporáneo |
| legislação específica das áreas de vigilância sanitária |
| qualidade da água, noções de tratamento de água e abastecimento |
| doença transmitidas por alimentos, exemplos, e definições |
| meio de transportes / means of travels |
| jmherrera 2 |
| advérbio |
| contaminação cruzada |
| Boas práticas de fabricação |
| normas da vigilância sanitária |
| Déviance |
| salario |
| Presentation 14 |
| early devlelopment in the contect of caregiver-child relationship |
| conceptos basicos |
