Frigør det fulde potentiale i dine projekter.
Vis hele kortet
Kopier og rediger map Kopier

Chapter 2 - Information Security Governance and Risk Management

Andre
LS
LailaQasrina Shaharuddin
Kom i gang. Det er Gratis
eller tilmeld med din email adresse
Lignende mindmaps Mindmap-oversigt
Chapter 2 - Information Security Governance and Risk Management af Mind Map: Chapter 2 - Information Security Governance and Risk Management

1. Fundamentals Principle of Security

1.1. AIC Triad

1.1.1. Availability

1.1.1.1. Ensures reliability and timely access to data and resources to authorized individuals

1.1.2. Integrity

1.1.2.1. Upheld when asuurance of the accuracy and reliability of information and systems is provided and any unauthorized modification is prevented.

1.1.3. Confidentiality

1.1.3.1. Ensures that the necessary level of secrecy is enforced at each junction of data processing and prevents unauthorized disclosure.

2. Security Definitions

2.1. Vulnerability

2.1.1. Lack of countermeasure or a weakness in a countermeasure that is in place.

2.2. Threat

2.2.1. Any potential danger that is associated with the exploitation of a vulnerability.

2.3. Risk

2.3.1. Likelihood of a threat agent exploiting a vulnerability and the corresponding business impact.

2.4. Exposure

2.4.1. An instance of being exposed to losses.

2.5. Control / Countermeasure

2.5.1. Put in a place to reduce the potential of risk.

2.5.1.1. 1. Strong password management

2.5.1.2. 2. Firewalls

2.5.1.3. 3. Encryptiuon

3. Control Types

3.1. Put in a place to reduce the potential of risk an organization faces.

3.1.1. Administrative

3.1.1.1. Referred as "soft controls" as they are more

3.1.1.1.1. 1. Security documentation

3.1.1.1.2. 2. Risk management

3.1.1.1.3. 3. Personnel security

3.1.1.1.4. 4. Training

3.1.2. Technical

3.1.2.1. Software and hardware components

3.1.2.1.1. 1. Firewalls

3.1.2.1.2. 2. IDS

3.1.2.1.3. 3. Encryption

3.1.2.1.4. 4. Identification and authentication mechanism

3.1.3. Physical

3.1.3.1. Items put into place to protect facility, personnel, and resources.

3.1.3.1.1. 1. Security guards

3.1.3.1.2. 2. Locks

3.1.3.1.3. 3. Fencing

3.1.3.1.4. 4. Lighting

3.2. Control Functionalities

3.2.1. 1. Deterrent

3.2.1.1. Intended to discourage a potential attacker

3.2.2. 2. Preventive

3.2.2.1. Intended to avoid an incident from occurring

3.2.3. 3. Corrective

3.2.3.1. Fixes components or systems after an incident has occurred

3.2.4. 4. Recovery

3.2.4.1. Intended to bring the environment back to regular operations

3.2.5. 5. Detective

3.2.5.1. Helps identify an incident's activities and potentially an intruder

3.2.6. 6. Compensating

3.2.6.1. Controls that provide an alternative measure of control