Establish Security Training
Overview
Education
Training
Awareness
Chapter 2: Personnel & Risk Management
Apply Risk Management
Concepts
Risk Framework
Monitor
Authorize
Assess
Implement
Select
Categorize
Continuous Improvement
Tangible and InTangible
that leads to valuation of
assets
Monitoring &
Measurement
Implementation
Defense in
Depth
Types of
Controls
Directive
Recovery
Corrective
Compensating
Detective
Preventive
Deterrent
Physical
Administrative
Technical
Countermeasure
Selection and
Assessment
Provide Fail Safe
and/or Fail Secure
Options
Overrides to
Privileged Users
Only
Tamperproof
Risk Assignment/
Acceptance
Understand
Control Gap
Rejection
Acceptance
Assignment
Mitigation
Risk Assessment/
Analysis
Qualitative
Quantitative Risk
Calc Safeguard
Cost/Benefit
Calc Safeguard
Costs
Calc ALE w/
Safeguard
Annualized Loss
Expectancy
Annualized Rate
of Return
Single Loss
Expectancy
Exposure Factor
Identify Threats
and Vulnerabilties
Disgruntled
Employees
Users Errors
Viruses
Risk Terminology
Breach
Attack
Safeguard
Risk
Exposure
Vulnerability
Threats
Asset Valuation
Asset
Security Governance
Documentation Review
ATO/TATO
3rd Party Governance
Definition
Personnel Security
Policies
Employment Items
Vendors &
Consultants
Policy
SOX
HIPPA
Compliance
SLA's
Termination
Agreement/
Policies
Screening
Concepts
Job Rotation
Peer Auditing &
Collusion
Job Responsibilities
Least Privilege
Separation of Duties
Collusion
Job Description 1st
