MAS Flashcards
4 areas of risk management framework
risk identification, risk assessment, risk treatment & risk monitoring & reporting
2 areas for outsourcing
due diligence, cloud computing
4 areas for development of systems
project management, security requirement & testing, source code review, end user development (business user developing their own systems)
5 areas for service management
change management, program migration, incident management, problem management, capacity management
4 areas for system availability
system availability, disaster recovery plan, disaster recovery testing, data backup management
Infrastructure security management
data loss prevention, technology refresh management, network & security configuration management, vulnerability assessment & penetration testing, patch management, security monitoring
2 areas for access control
user access management, privileged access management
2 areas for IT Audit
audit planning, remediation tracking
3 areas for Data Center Protection & Control
threat & vulnerability risk assessment, physical security, data center resiliency
Areas under Requirement & Testing
system access control, authentication, transaction authorization, data integrity, system activity logging, audit trail, security event tracking, exception handling
Areas to cover during System Security Testing & Source code review
Information leakage, resiliency against input manipulation, unsafe programming practices, deviation from design specifications, encryption function, exception handling, business logic, authorization, logging
Cloud Computing
a service & delivery model for enabling on-demand network resource access to a shared pool of configurable computing resources (servers, storage or services)
