Kategorier: Alle - security - controls - policies - training

af Jamal Brown 9 år siden

292

Chapter 2: Personnel & Risk Management

Ensuring the security of an organization involves comprehensive training and education to raise awareness among personnel. Effective security governance is paramount, encompassing third-party governance and thorough documentation review.

Chapter 2: Personnel & Risk Management

Establish Security Training

Overview

Education
Training
Awareness

Chapter 2: Personnel & Risk Management

Apply Risk Management Concepts

Risk Framework
Monitor
Authorize
Assess
Implement
Select
Categorize
Continuous Improvement
Tangible and InTangible that leads to valuation of assets
Monitoring & Measurement
Implementation
Defense in Depth

Types of Controls

Directive

Recovery

Corrective

Compensating

Detective

Preventive

Deterrent

Physical

Administrative

Technical

Countermeasure Selection and Assessment
Provide Fail Safe and/or Fail Secure Options
Overrides to Privileged Users Only
Tamperproof
Risk Assignment/ Acceptance
Understand Control Gap
Rejection
Acceptance
Assignment
Mitigation
Risk Assessment/ Analysis
Qualitative
Quantitative Risk

Calc Safeguard Cost/Benefit

Calc Safeguard Costs

Calc ALE w/ Safeguard

Annualized Loss Expectancy

Annualized Rate of Return

Single Loss Expectancy

Exposure Factor

Identify Threats and Vulnerabilties
Disgruntled Employees
Users Errors
Viruses
Risk Terminology
Breach
Attack
Safeguard
Risk
Exposure
Vulnerability
Threats
Asset Valuation
Asset

Security Governance

Documentation Review
ATO/TATO
3rd Party Governance
Definition

Personnel Security Policies

Employment Items
Vendors & Consultants

Policy

SOX

HIPPA

Compliance

SLA's

Termination
Agreement/ Policies
Screening
Concepts
Job Rotation

Peer Auditing & Collusion

Job Responsibilities

Least Privilege

Separation of Duties

Collusion

Job Description 1st