SlideShare uma empresa Scribd logo

Chapter004

Transferir como PPT, PDF
J
Jeanie Delos Arcos

Information Assurance for the Enterprise

1 de 37
Chapter 4 Building and Documenting an Information Assurance Framework
Objectives ,[object Object],[object Object],[object Object],[object Object]
Control Process ,[object Object],[object Object],[object Object]
Difference Between Policy and Procedure ,[object Object],[object Object],[object Object]
Procedure ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Infrastructure ,[object Object],[object Object],[object Object],[object Object],[object Object]
Five Pillars of Assurance ,[object Object],[object Object],[object Object],[object Object],[object Object]
Instituting a Sustainable Security Operation ,[object Object],[object Object],[object Object]
Role of Policy in Creating an Infrastructure ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Role of Policy in Creating an Infrastructure ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Ensuring a Disciplined Process: Establishing the Culture ,[object Object],[object Object],[object Object],[object Object],[object Object]
Ensuring a Disciplined Process: Establishing the Culture ,[object Object]
Ensuring a Disciplined Process: Establishing the Culture ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Developing An Information Assurance Infrastructure ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Developing An Information Assurance Infrastructure ,[object Object]
Ensuring Common Understanding: Metrics and Security ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Ensuring Common Understanding: Metrics and Security ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Accommodating Human Factors in the Infrastructure ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Documentation: Conveying the Form of the Infrastructure ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Information Assurance Manual ,[object Object],[object Object],[object Object]
Information Assurance Manual ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Ensuring Sustainability: Documentation Set ,[object Object],[object Object],[object Object],[object Object],[object Object]
Implementation: Achieving the Right Level of Detail ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Implementation: Achieving the Right Level of Detail ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Walking the Talk – the Role of Detailed Work Practices ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Tailoring a Concrete Information Assurance System ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Tailoring a Concrete Information Assurance System ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Tailoring a Concrete Information Assurance System ,[object Object],[object Object],[object Object],[object Object],[object Object]
Tailoring a Concrete Information Assurance System ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Tailoring a Concrete Information Assurance System ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Types of Controls ,[object Object]
Types of Controls ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Types of Controls ,[object Object],[object Object],[object Object],[object Object],[object Object]
Management Controls ,[object Object],[object Object],[object Object],[object Object]
Development and Implementation Process Controls ,[object Object],[object Object],[object Object],[object Object]
Operational Controls ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Technical Controls ,[object Object],[object Object],[object Object],[object Object],[object Object]

Recomendados

Chapter003
Chapter003Chapter003
Chapter003Jeanie Delos Arcos
 
Implementing security
Implementing securityImplementing security
Implementing securityDhani Ahmad
 
Fix nix, inc
Fix nix, incFix nix, inc
Fix nix, incFixNix Inc.,
 
Information System Audit and Control
Information System Audit and ControlInformation System Audit and Control
Information System Audit and ControlAsad Raza
 
Information security policy_2011
Information security policy_2011Information security policy_2011
Information security policy_2011codka
 
Tips for Compliance with Safety and Environmental Regulations
Tips for Compliance with Safety and Environmental RegulationsTips for Compliance with Safety and Environmental Regulations
Tips for Compliance with Safety and Environmental RegulationsMedgate Inc.
 
How to write an IT security policy guide - Tareq Hanaysha
How to write an IT security policy guide - Tareq HanayshaHow to write an IT security policy guide - Tareq Hanaysha
How to write an IT security policy guide - Tareq HanayshaHanaysha
 
Simplifying IT GRC
Simplifying IT GRCSimplifying IT GRC
Simplifying IT GRCanand choudhary
 

Recomendados

Chapter003
Chapter003Chapter003
Chapter003Jeanie Delos Arcos
 
Implementing security
Implementing securityImplementing security
Implementing securityDhani Ahmad
 
Fix nix, inc
Fix nix, incFix nix, inc
Fix nix, incFixNix Inc.,
 
Information System Audit and Control
Information System Audit and ControlInformation System Audit and Control
Information System Audit and ControlAsad Raza
 
Information security policy_2011
Information security policy_2011Information security policy_2011
Information security policy_2011codka
 
Tips for Compliance with Safety and Environmental Regulations
Tips for Compliance with Safety and Environmental RegulationsTips for Compliance with Safety and Environmental Regulations
Tips for Compliance with Safety and Environmental RegulationsMedgate Inc.
 
How to write an IT security policy guide - Tareq Hanaysha
How to write an IT security policy guide - Tareq HanayshaHow to write an IT security policy guide - Tareq Hanaysha
How to write an IT security policy guide - Tareq HanayshaHanaysha
 
Simplifying IT GRC
Simplifying IT GRCSimplifying IT GRC
Simplifying IT GRCanand choudhary
 
Chap2 2007 Cisa Review Course
Chap2 2007 Cisa Review CourseChap2 2007 Cisa Review Course
Chap2 2007 Cisa Review CourseDesmond Devendran
 
Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1Sharing Slides Training
 
Ch2 2009 cisa
Ch2 2009 cisaCh2 2009 cisa
Ch2 2009 cisaasrulsani09
 
CISA Training - Chapter 2 - 2016
CISA Training - Chapter 2 - 2016CISA Training - Chapter 2 - 2016
CISA Training - Chapter 2 - 2016Hafiz Sheikh Adnan Ahmed
 
CISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrainCISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrainInfosecTrain
 
Iso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guideIso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guidemfmurat
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 9: Assess Con...
Understanding the Risk Management Framework & (ISC)2 CAP Module 9: Assess Con...Understanding the Risk Management Framework & (ISC)2 CAP Module 9: Assess Con...
Understanding the Risk Management Framework & (ISC)2 CAP Module 9: Assess Con...Donald E. Hester
 
Ebsl Technologies It Operations Internal Presentation
Ebsl Technologies It Operations Internal PresentationEbsl Technologies It Operations Internal Presentation
Ebsl Technologies It Operations Internal PresentationPublicly traded global multi-billion services company
 
it grc
it grc it grc
it grc 9535814851
 
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...Sreekanth Narendran
 
Ais Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based IsAis Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based IsSharing Slides Training
 
Raam risk analysis assessment and management
Raam risk analysis assessment and managementRaam risk analysis assessment and management
Raam risk analysis assessment and managementTerry Penney
 
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMSCISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMSShivamSharma909
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 3: Roles
Understanding the Risk Management Framework & (ISC)2 CAP Module 3: RolesUnderstanding the Risk Management Framework & (ISC)2 CAP Module 3: Roles
Understanding the Risk Management Framework & (ISC)2 CAP Module 3: RolesDonald E. Hester
 
Ais Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And AisAis Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And AisSharing Slides Training
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 2: Introduction
Understanding the Risk Management Framework & (ISC)2 CAP Module 2: IntroductionUnderstanding the Risk Management Framework & (ISC)2 CAP Module 2: Introduction
Understanding the Risk Management Framework & (ISC)2 CAP Module 2: IntroductionDonald E. Hester
 
Data governance guide
Data governance guideData governance guide
Data governance guideAstalapulosListestos
 
CISA Domain 1 - IS Auditing (day 1)
CISA Domain 1 - IS Auditing (day 1)CISA Domain 1 - IS Auditing (day 1)
CISA Domain 1 - IS Auditing (day 1)Cyril Soeri
 
Chap5 2007 C I S A Review Course
Chap5 2007 C I S A Review CourseChap5 2007 C I S A Review Course
Chap5 2007 C I S A Review CourseDesmond Devendran
 
ISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics ImplementationISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics ImplementationNetwork Intelligence India
 
Cobit5
Cobit5Cobit5
Cobit5ISACA-Istanbul
 
Cloud Audit and Compliance
Cloud Audit and ComplianceCloud Audit and Compliance
Cloud Audit and ComplianceQuadrisk
 

Mais conteúdo relacionado

Mais procurados

Chap2 2007 Cisa Review Course
Chap2 2007 Cisa Review CourseChap2 2007 Cisa Review Course
Chap2 2007 Cisa Review CourseDesmond Devendran
 
Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1Sharing Slides Training
 
CISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrainCISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrainInfosecTrain
 
Iso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guideIso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guidemfmurat
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 9: Assess Con...
Understanding the Risk Management Framework & (ISC)2 CAP Module 9: Assess Con...Understanding the Risk Management Framework & (ISC)2 CAP Module 9: Assess Con...
Understanding the Risk Management Framework & (ISC)2 CAP Module 9: Assess Con...Donald E. Hester
 
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...Sreekanth Narendran
 
Ais Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based IsAis Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based IsSharing Slides Training
 
Raam risk analysis assessment and management
Raam risk analysis assessment and managementRaam risk analysis assessment and management
Raam risk analysis assessment and managementTerry Penney
 
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMSCISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMSShivamSharma909
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 3: Roles
Understanding the Risk Management Framework & (ISC)2 CAP Module 3: RolesUnderstanding the Risk Management Framework & (ISC)2 CAP Module 3: Roles
Understanding the Risk Management Framework & (ISC)2 CAP Module 3: RolesDonald E. Hester
 
Ais Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And AisAis Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And AisSharing Slides Training
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 2: Introduction
Understanding the Risk Management Framework & (ISC)2 CAP Module 2: IntroductionUnderstanding the Risk Management Framework & (ISC)2 CAP Module 2: Introduction
Understanding the Risk Management Framework & (ISC)2 CAP Module 2: IntroductionDonald E. Hester
 
CISA Domain 1 - IS Auditing (day 1)
CISA Domain 1 - IS Auditing (day 1)CISA Domain 1 - IS Auditing (day 1)
CISA Domain 1 - IS Auditing (day 1)Cyril Soeri
 
Chap5 2007 C I S A Review Course
Chap5 2007 C I S A Review CourseChap5 2007 C I S A Review Course
Chap5 2007 C I S A Review CourseDesmond Devendran
 
ISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics ImplementationISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics ImplementationNetwork Intelligence India
 

Mais procurados (20)

Chap2 2007 Cisa Review Course
Chap2 2007 Cisa Review CourseChap2 2007 Cisa Review Course
Chap2 2007 Cisa Review Course
 
Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1
 
Ch2 2009 cisa
Ch2 2009 cisaCh2 2009 cisa
Ch2 2009 cisa
 
CISA Training - Chapter 2 - 2016
CISA Training - Chapter 2 - 2016CISA Training - Chapter 2 - 2016
CISA Training - Chapter 2 - 2016
 
CISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrainCISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrain
 
Iso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guideIso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guide
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 9: Assess Con...
Understanding the Risk Management Framework & (ISC)2 CAP Module 9: Assess Con...Understanding the Risk Management Framework & (ISC)2 CAP Module 9: Assess Con...
Understanding the Risk Management Framework & (ISC)2 CAP Module 9: Assess Con...
 
Ebsl Technologies It Operations Internal Presentation
Ebsl Technologies It Operations Internal PresentationEbsl Technologies It Operations Internal Presentation
Ebsl Technologies It Operations Internal Presentation
 
it grc
it grc it grc
it grc
 
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
 
Ais Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based IsAis Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based Is
 
Raam risk analysis assessment and management
Raam risk analysis assessment and managementRaam risk analysis assessment and management
Raam risk analysis assessment and management
 
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMSCISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 3: Roles
Understanding the Risk Management Framework & (ISC)2 CAP Module 3: RolesUnderstanding the Risk Management Framework & (ISC)2 CAP Module 3: Roles
Understanding the Risk Management Framework & (ISC)2 CAP Module 3: Roles
 
Ais Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And AisAis Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And Ais
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 2: Introduction
Understanding the Risk Management Framework & (ISC)2 CAP Module 2: IntroductionUnderstanding the Risk Management Framework & (ISC)2 CAP Module 2: Introduction
Understanding the Risk Management Framework & (ISC)2 CAP Module 2: Introduction
 
Data governance guide
Data governance guideData governance guide
Data governance guide
 
CISA Domain 1 - IS Auditing (day 1)
CISA Domain 1 - IS Auditing (day 1)CISA Domain 1 - IS Auditing (day 1)
CISA Domain 1 - IS Auditing (day 1)
 
Chap5 2007 C I S A Review Course
Chap5 2007 C I S A Review CourseChap5 2007 C I S A Review Course
Chap5 2007 C I S A Review Course
 
ISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics ImplementationISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics Implementation
 

Destaque

Cloud Audit and Compliance
Cloud Audit and ComplianceCloud Audit and Compliance
Cloud Audit and ComplianceQuadrisk
 
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKPOSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKHaresh Lalwani
 
Cloud Computing Risk Management (IIA Webinar)
Cloud Computing Risk Management (IIA Webinar)Cloud Computing Risk Management (IIA Webinar)
Cloud Computing Risk Management (IIA Webinar)Brian K. Dickard
 
Establishing an Audit Framework
Establishing an Audit FrameworkEstablishing an Audit Framework
Establishing an Audit FrameworkAnnie Cushing
 
Internal Audit Plan 2015
Internal Audit Plan 2015Internal Audit Plan 2015
Internal Audit Plan 2015Mohammad Kashif
 
Internal Audit COSO Framework
Internal Audit COSO FrameworkInternal Audit COSO Framework
Internal Audit COSO FrameworkJesús Gándara
 
04 a iso 9001 2015 checklist
04 a iso 9001 2015 checklist04 a iso 9001 2015 checklist
04 a iso 9001 2015 checklistSon Pham
 

Destaque (9)

Cobit5
Cobit5Cobit5
Cobit5
 
Cloud Audit and Compliance
Cloud Audit and ComplianceCloud Audit and Compliance
Cloud Audit and Compliance
 
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKPOSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
 
Cloud Computing Risk Management (IIA Webinar)
Cloud Computing Risk Management (IIA Webinar)Cloud Computing Risk Management (IIA Webinar)
Cloud Computing Risk Management (IIA Webinar)
 
Establishing an Audit Framework
Establishing an Audit FrameworkEstablishing an Audit Framework
Establishing an Audit Framework
 
Internal Audit Plan 2015
Internal Audit Plan 2015Internal Audit Plan 2015
Internal Audit Plan 2015
 
CISA Training - Chapter 5 - 2016
CISA Training - Chapter 5 - 2016CISA Training - Chapter 5 - 2016
CISA Training - Chapter 5 - 2016
 
Internal Audit COSO Framework
Internal Audit COSO FrameworkInternal Audit COSO Framework
Internal Audit COSO Framework
 
04 a iso 9001 2015 checklist
04 a iso 9001 2015 checklist04 a iso 9001 2015 checklist
04 a iso 9001 2015 checklist
 

Semelhante a Chapter004

There are two general types of data dictionaries a database manag
There are two general types of data dictionaries a database managThere are two general types of data dictionaries a database manag
There are two general types of data dictionaries a database managGrazynaBroyles24
 
1chapter42BaseTech Principles of Computer Securit.docx
1chapter42BaseTech Principles of Computer Securit.docx1chapter42BaseTech Principles of Computer Securit.docx
1chapter42BaseTech Principles of Computer Securit.docxdurantheseldine
 
Information security policy_2011
Information security policy_2011Information security policy_2011
Information security policy_2011codka
 
Application of Q methodology in critical success factors of information secur...
Application of Q methodology in critical success factors of information secur...Application of Q methodology in critical success factors of information secur...
Application of Q methodology in critical success factors of information secur...stuimrozsm
 
Ais Romney 2006 Slides 07 Is Control1
Ais Romney 2006 Slides 07 Is Control1Ais Romney 2006 Slides 07 Is Control1
Ais Romney 2006 Slides 07 Is Control1sharing notes123
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standardsprimeteacher32
 
Policy formation and enforcement.ppt
Policy formation and enforcement.pptPolicy formation and enforcement.ppt
Policy formation and enforcement.pptImXaib
 
For our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdfFor our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdfalokkesh
 
Ch09 Information Security Best Practices
Ch09 Information Security Best PracticesCh09 Information Security Best Practices
Ch09 Information Security Best Practicesphanleson
 
D1 security and risk management v1.62
D1 security and risk management v1.62D1 security and risk management v1.62
D1 security and risk management v1.62AlliedConSapCourses
 
Structured Approach To Implementing Information And Records Management (Idrm)...
Structured Approach To Implementing Information And Records Management (Idrm)...Structured Approach To Implementing Information And Records Management (Idrm)...
Structured Approach To Implementing Information And Records Management (Idrm)...Alan McSweeney
 
Chapter 7 Managing Secure System.pdf
Chapter 7 Managing Secure System.pdfChapter 7 Managing Secure System.pdf
Chapter 7 Managing Secure System.pdfAbuHanifah59
 
CHAPTER 5 Security Policies, Standards, Procedures, a
CHAPTER 5 Security Policies, Standards, Procedures, aCHAPTER 5 Security Policies, Standards, Procedures, a
CHAPTER 5 Security Policies, Standards, Procedures, aMaximaSheffield592
 

Semelhante a Chapter004 (20)

Chapter005
Chapter005Chapter005
Chapter005
 
There are two general types of data dictionaries a database manag
There are two general types of data dictionaries a database managThere are two general types of data dictionaries a database manag
There are two general types of data dictionaries a database manag
 
1chapter42BaseTech Principles of Computer Securit.docx
1chapter42BaseTech Principles of Computer Securit.docx1chapter42BaseTech Principles of Computer Securit.docx
1chapter42BaseTech Principles of Computer Securit.docx
 
Information security policy_2011
Information security policy_2011Information security policy_2011
Information security policy_2011
 
Application of Q methodology in critical success factors of information secur...
Application of Q methodology in critical success factors of information secur...Application of Q methodology in critical success factors of information secur...
Application of Q methodology in critical success factors of information secur...
 
Security policies
Security policiesSecurity policies
Security policies
 
Testing
TestingTesting
Testing
 
Ais Romney 2006 Slides 07 Is Control1
Ais Romney 2006 Slides 07 Is Control1Ais Romney 2006 Slides 07 Is Control1
Ais Romney 2006 Slides 07 Is Control1
 
Ais Romney 2006 Slides 07 Is Control1
Ais Romney 2006 Slides 07 Is Control1Ais Romney 2006 Slides 07 Is Control1
Ais Romney 2006 Slides 07 Is Control1
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standards
 
Policy formation and enforcement.ppt
Policy formation and enforcement.pptPolicy formation and enforcement.ppt
Policy formation and enforcement.ppt
 
Ch14 Policies and Legislation
Ch14 Policies and LegislationCh14 Policies and Legislation
Ch14 Policies and Legislation
 
For our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdfFor our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdf
 
Ch09 Information Security Best Practices
Ch09 Information Security Best PracticesCh09 Information Security Best Practices
Ch09 Information Security Best Practices
 
D1 security and risk management v1.62
D1 security and risk management v1.62D1 security and risk management v1.62
D1 security and risk management v1.62
 
Structured Approach To Implementing Information And Records Management (Idrm)...
Structured Approach To Implementing Information And Records Management (Idrm)...Structured Approach To Implementing Information And Records Management (Idrm)...
Structured Approach To Implementing Information And Records Management (Idrm)...
 
Ch06 Policy
Ch06 PolicyCh06 Policy
Ch06 Policy
 
Unit Iii
Unit IiiUnit Iii
Unit Iii
 
Chapter 7 Managing Secure System.pdf
Chapter 7 Managing Secure System.pdfChapter 7 Managing Secure System.pdf
Chapter 7 Managing Secure System.pdf
 
CHAPTER 5 Security Policies, Standards, Procedures, a
CHAPTER 5 Security Policies, Standards, Procedures, aCHAPTER 5 Security Policies, Standards, Procedures, a
CHAPTER 5 Security Policies, Standards, Procedures, a
 

Mais de Jeanie Delos Arcos

105_2_digitalSystem_Chap_3_part_3.ppt
105_2_digitalSystem_Chap_3_part_3.ppt105_2_digitalSystem_Chap_3_part_3.ppt
105_2_digitalSystem_Chap_3_part_3.pptJeanie Delos Arcos
 
02 Computer Evolution And Performance
02 Computer Evolution And Performance02 Computer Evolution And Performance
02 Computer Evolution And PerformanceJeanie Delos Arcos
 
10 Instruction Sets Characteristics
10 Instruction Sets Characteristics10 Instruction Sets Characteristics
10 Instruction Sets CharacteristicsJeanie Delos Arcos
 

Mais de Jeanie Delos Arcos (20)

105_2_digitalSystem_Chap_3_part_3.ppt
105_2_digitalSystem_Chap_3_part_3.ppt105_2_digitalSystem_Chap_3_part_3.ppt
105_2_digitalSystem_Chap_3_part_3.ppt
 
Chapter008
Chapter008Chapter008
Chapter008
 
Chapter006
Chapter006Chapter006
Chapter006
 
Pentium II
Pentium IIPentium II
Pentium II
 
Celeron
CeleronCeleron
Celeron
 
80486
8048680486
80486
 
Pentium 3
Pentium 3Pentium 3
Pentium 3
 
03 Buses
03 Buses03 Buses
03 Buses
 
02 Computer Evolution And Performance
02 Computer Evolution And Performance02 Computer Evolution And Performance
02 Computer Evolution And Performance
 
07 Input Output
07 Input Output07 Input Output
07 Input Output
 
10 Instruction Sets Characteristics
10 Instruction Sets Characteristics10 Instruction Sets Characteristics
10 Instruction Sets Characteristics
 
06 External Memory
06 External Memory06 External Memory
06 External Memory
 
08 Operating System Support
08 Operating System Support08 Operating System Support
08 Operating System Support
 
05 Internal Memory
05 Internal Memory05 Internal Memory
05 Internal Memory
 
09 Arithmetic
09 Arithmetic09 Arithmetic
09 Arithmetic
 
04 Cache Memory
04 Cache Memory04 Cache Memory
04 Cache Memory
 
01 Introduction
01 Introduction01 Introduction
01 Introduction
 
ISM424 RM
ISM424 RMISM424 RM
ISM424 RM
 
Henz new
Henz newHenz new
Henz new
 
Honey
HoneyHoney
Honey
 

Chapter004

  • 1. Chapter 4 Building and Documenting an Information Assurance Framework
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.