Information Security (BSP Circulars)

Get Started. It's Free
or sign up with your email address
Information Security (BSP Circulars) by Mind Map: Information Security (BSP Circulars)

1. 982

1.1. 2 Information security governance

1.1.1. 2.1 Security strategic plan

1.1.2. 2.2 Information security program

1.1.3. 2.3 Security culture

1.1.4. 2.4 Responsibility and accountability

1.1.5. 2.5 Resources

1.1.6. 2.6 Compliance with relevant laws and regulations and standards

1.2. 3 Information security program management

1.2.1. 3.1 Information security risk management system

1.2.1.1. 3.1.1 Risk management process

1.2.1.1.1. 3.1.1.1 Insurance

1.2.2. 3.2 Identification

1.2.2.1. 3.2.1 Business processes and functions

1.2.2.2. 3.2.2 Information assets and related access

1.2.2.3. 3.2.3 Threat and vulnerabilities

1.2.2.4. 3.2.4 Interconnections

1.2.2.5. 3.2.5 Security architecture

1.2.3. 3.3 Prevention

1.2.3.1. 3.3.1 Administrative controls

1.2.3.1.1. 3.3.1.1 Policies standards and procedures

1.2.3.1.2. 3.3.1.2 Security training and awareness programs

1.2.3.1.3. 3.3.1.3 Security screening in hiring practices

1.2.3.2. 3.3.2 Physical and environmental control

1.2.3.3. 3.3.3 Technical controls

1.2.3.3.1. 3.3.3.1 Technology design

1.2.3.3.2. 3.3.3.2 Identity and access management

1.2.3.3.3. 3.3.3.3 Network security

1.2.3.3.4. 3.3.3.4 Application security

1.2.3.3.5. 3.3.3.5 Data security

1.2.3.3.6. 3.3.3.6 Malware protection

1.2.3.3.7. 3.3.3.7 Encryption

1.2.3.3.8. 3.3.3.8 Integration with IT process

1.2.4. 3.4 Detection

1.2.4.1. 3.4.1 Log management

1.2.4.2. 3.4.2 Layered detection

1.2.5. 3.5 Response

1.2.5.1. 3.5.1 Incident response and procedures

1.2.5.2. 3.5.2 Incident management process

1.2.5.2.1. 3.5.2.1 Incident analysis and triage assessment

1.2.5.2.2. 3.5.2.2 Impact mitigation and containment

1.2.5.2.3. 3.5.2.3 Testing and continuous improvement

1.2.5.3. 3.5.3 Incident reponse teams

1.2.5.4. 3.5.4 Crisis communication and notification

1.2.5.5. 3.5.5 Forensic readiness

1.2.5.6. 3.5.6 Outsourcing

1.2.6. 3.6 Recovery

1.2.6.1. 3.6.1 Business continuity management

1.2.6.2. 3.6.2 Communication plan

1.2.6.3. 3.6.3 Cyber resilience

1.2.6.3.1. 3.6.3.1 Business impact analysis/ risk assessment

1.2.6.3.2. 3.6.3.2 Defensive strategies

1.2.6.3.3. 3.6.3.3 Recovery arrangements

1.2.7. 3.7 Assurance and testing

1.2.7.1. 3.7.1 Testing program

1.2.7.2. 3.7.2 Types of tests and evaluations

1.3. 4 Cyberthreat intelligence and collaboration

1.3.1. 4.1 Situational awareness and threat monitoring

1.3.1.1. 4.1.1 Security operations center

1.3.2. 4.2 Emerging technologies and innovation

1.3.3. 4.3 Information sharing and collaboration

1.3.4. 4.4 Continuous improvement

2. 808

2.1. 1. Information

2.1.1. 1.1 Information security

2.2. 2. Roles and responsibilities

2.2.1. 2.1 Board of directors and senior management

2.3. 3. Information security standards

2.3.1. 3.1 Information security risk assessment

2.3.2. 3.2 Security controls implementation

2.3.2.1. 3.2.1 Asset classification and control

2.3.2.2. 3.2.2 Physical and environmental protection

2.3.2.3. 3.2.3 Security administration and monitoring

2.3.2.4. 3.2.4 Authentication and access control

2.3.2.5. 3.2.6 Network security

2.3.2.6. 3.2.7 Remote access

2.3.2.7. 3.2.8 Encryption

2.3.2.8. 3.2.9 Malicious code prevention

2.3.2.9. 3.2.10 Personnel security

2.3.2.10. 3.2.11 System development, acquisition and maintenance

2.3.2.11. 3.2.12 Insurance

2.3.3. 3.3 System process monitoring and update

2.3.3.1. 3.3.1 Activity monitoring

2.3.3.2. 3.3.2 IS incident management

2.3.3.3. 3.3.3 Ongoing risk assessment

2.4. 4 Roles of IT audit and security specialist

2.4.1. 4.1 Audit and compliance reviews