Enterprise architecture and information assurance developing a secure foundation
"Securing against operational interruptions and the theft of your data is much too important to leave to chance. By planning for the worst, you can ensure your organization is prepared for the unexpected. Enterprise Architecture and Information Assurance: Developing a Secure Foundation explains...
| Main Author: | |
|---|---|
| Format: | eBook |
| Language: | Inglés |
| Published: |
Boca Raton :
Auerbach Publications
2013.
|
| Edition: | 1st edition |
| Subjects: | |
| See on Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009628543106719 |
Table of Contents:
- Setting the Foundation Building the Enterprise Infrastructure Security Categorization Applied to Information Types Security Categorization Applied to Information Systems Minimum Security Requirements Specifications for Minimum Security Requirements Security Control Selection Infrastructure Security Model Components Developing the Security Architecture Model Dataflow Defense Data in Transit, Data in Motion, and Data at Rest Network Client-Side Security Server-Side Security Strategy vs. Business Model Security Risk Framework Systems Security Categorization System Security Categorization Applied to Information Types Application of System Security Controls Minimum Security Requirements System Security Controls Business Impact Analysis What Is the Business Impact Analysis? Objectives of the Business Impact Analysis Developing the Project Plan BIA Process Steps Performing the BIA Gathering Information Performing a Vulnerability Assessment Analyzing the Information Documenting the Results and Presenting the Recommendations Risk Risk Management Risk Framework Risk Assessment or Evaluation Risk Mitigation and Response Risk Monitoring Risk Assessment Secure Configuration Management Phases of Security-Focused Configuration Management Security Configuration Management Plan Coordination Configuration Control Change Control Board (CCB) or Technical Review Board (TRB) Configuration Items Baseline Identification Functional Baseline Design Baseline Development Baseline Product Baseline Roles and Responsibilities Change Control Process Change Classifications Change Control Forms Problem Resolution Tracking Measurements Configuration Status Accounting Configuration Management Libraries Release Management (RM) Configuration Audits Functional Configuration Audit Physical Configuration Audit Tools Training Training Approach Contingency Planning Types of Plans Business Continuity Plan (BCP) Continuity of Operations (COOP) Plan Cyber Incident Response Plan Disaster Recovery Plan (DRP) Contingency Plan (CP) Occupant Emergency Plan (OEP) Crisis Communications Plan Backup Methods and Off-Site Storage Cloud Computing Essential Characteristics Service Models Continuous Monitoring Continuous Monitoring Strategy Organization (Tier 1) and Mission/Business Processes (Tier 2) Continuous Monitoring Strategy Information System (Tier 3) Continuous Monitoring Strategy Process Roles and Responsibilities Define Sample Populations Continuous Monitoring Program Determine Metrics Monitoring and Assessment Frequencies Considerations in Determining Assessment and Monitoring Frequencies Physical Security History Security Level (SL) Determination Threat Factors/Criteria Building Security Level Matrix Building Security Level Scoring Criteria Mission/Business Public Impact Building Occupants Building Square Footage Impact on Tenants Other Factors Level E Facilities Campuses, Complexes, and Corporate or Commercial Centers Changes in the Building Security Level Building Security Illumination Lighting for CCTV Surveillance Building Security Levels Minimum Security Standards Entry Security Interior Security Security Planning The Certification and Accreditation Process Accreditation Decisions Continuous Monitoring General Process Phase I Security Categorization System Security Plans (SSPs) Risk Assessments (RAs) Contingency Plans (CPs) Security Control Compliance Matrix (SCCM) Standard Operating Procedures (SOPs) Privacy Impact Assessment (PIA) Configuration Management Plan (CMP) Service Level Agreements (SLAs) General Process Phase II: Security Test and Evaluation (ST&E) Develop the Security Test and Evaluation (ST&E) Plan Execute the ST&E Plan Create the ST&E Report and Recommend Countermeasures Update the Risk Assessment Update the Security Plan Document Certification Findings General Management and Methodologies Employed Methodologies Internal Review Procedures End-State Security Model Appendix A: List of References (NIST ) Appendix B: List of References (FIPS) Appendix C: Sample Certification Statement Appendix D: Sample Rules of Engagement
