Computer Security: Principles and Practice, 1/e



Yüklə 15,34 Kb.
səhifə1/6
tarix19.12.2023
ölçüsü15,34 Kb.
#186744
  1   2   3   4   5   6
ch14(1)

Computer Security: Principles and Practice

First Edition

by William Stallings and Lawrie Brown

Lecture slides by Lawrie Brown


Chapter 14 – IT Security Management and Risk Assessment

Overview

  • security requirements means asking
    • what assets do we need to protect?
    • how are those assets threatened?
    • what can we do to counter those threats?
  • IT security management answers these
    • determining security objectives and risk profile
    • perform security risk assessment of assets
    • select, implement, monitor controls

IT Security Management

  • IT Security Management: a process used to achieve and maintain appropriate levels of confidentiality, integrity, availability, accountability, authenticity and reliability. IT security management functions include:
  •  organizational IT security objectives, strategies and policies

     determining organizational IT security requirements

     identifying and analyzing security threats to IT assets

     identifying and analyzing risks

     specifying appropriate safeguards

     monitoring the implementation and operation of safeguards

     developing and implement a security awareness program

     detecting and reacting to incidents

ISO 27000 Security Standards

IT Security Management Process

Plan - Do - Check – Act (Deming Cycle)


establish policy; define
objectives and processes
implement and operate
policy, controls, processes
assess and measure
and report results
take corrective and
preventative actions
(based on audits)

Organizational Context and Security Policy

  • first examine organization’s IT security:
  • maintained and updated regularly
    • using periodic security reviews
    • reflect changing technical/risk environments

Yüklə 15,34 Kb.

Dostları ilə paylaş:
  1   2   3   4   5   6




Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©azkurs.org 2024
rəhbərliyinə müraciət

gir | qeydiyyatdan keç
    Ana səhifə


yükləyin