CIS4360 Chapter 14 Flashcards
IT Security
A process used to ensure and maintain appropriate levels of Confidentiality, Integrity and Availability of the resources within a System
Name Three Fundamental Questions IT Security strives to answer.
What assets do we need to protect?
How are those assets threatened?
What can we do to counter those threats?
List the steps used to address the three fundamental questions.
Determine security objectives and risk
Perform risk assessment
Select suitable controls, plans and procedures
List the Key National and International standards that govern IT Security
ISO and NIST
List the four steps in the iterative security management process.
Plan, Do, Check, Act
Plan
Establish security policy, objectives, processes and procedures.
Perform risk assessment
Develop risk treatment plan
Do
Implement the risk treatment plan
Check
Monitor the risk treatment plan
Act
Maintain and improve the information security risk management process. Respond to incidents
List four processes to identifying IT risks
Baseline Approach
Informal Approach
Detailed risk analysis
Combined Approach
What is the IS013335 recommend approach to identifying IT risks?
Combined Approach
What are the steps in detailed risk analysis?
Prepare for assessment Identify threat sources identify vulnerabilities and predisposing conditions determine likelihood of occurrence determine magnitude of impact determine risk
Asset
A system resource of value to its own requiring protection
Threat
A source that with the potential to exploit a vulnerability in an asset that could compromise security
Vulnerability
A flow or weakness in an assets or its management that could be exploited by a threat.