Ch 03 kho tài liệu training
➤ Gửi thông báo lỗi ⚠️ Báo cáo tài liệu vi phạmNội dung chi tiết: Ch 03 kho tài liệu training
Ch 03 kho tài liệu training
CHAPTERInformation Security and Risk ManagementThis chapter presents the following:•Security management responsibilities•Difference between administra Ch 03 kho tài liệu trainingative, technical, and physical controls•Three main security principles•Risk management and risk analysis•Security policies•Information classification•Security-awareness trainingWe hear about viruses causing millions of dollars in damages, hackers from other countries capturing credit card informatio Ch 03 kho tài liệu trainingn from financial institutions, web sites of large corporations and governments being defaced for political reasons, and hackers being caught and sentCh 03 kho tài liệu training
to jail. Ihese are the more exciting aspects of computer security, but realistically these activities are not what the average corporation or securityCHAPTERInformation Security and Risk ManagementThis chapter presents the following:•Security management responsibilities•Difference between administra Ch 03 kho tài liệu trainingnagement is the core of a company's business and information securin’ structure.Security ManagementSecurity management includes risk management, information security policies, procedures, standards, guidelines, baselines, information classification, security organization, and security education. The Ch 03 kho tài liệu trainingse core components serve as the foundation of a corporation’s security program. Ihe objective of security, and a securin’ program, is to protect the cCh 03 kho tài liệu training
ompany and its assets. A risk analysis identifies these assets, discovers the threats that put them at risk, and estimates the possible damage and potCHAPTERInformation Security and Risk ManagementThis chapter presents the following:•Security management responsibilities•Difference between administra Ch 03 kho tài liệu trainingecessary' funds to protect the recognized assets from their identified threats and develop applicable security policies that provide direction for security activities. Security education takes this information to each and every employee within the company so everyone is properly informed and can mor Ch 03 kho tài liệu traininge easily work toward the same security goals.53CISSP All-in-One Exam Guide54The process of security management is a circular one that begins with theCh 03 kho tài liệu training
assessment of risks and the determination of needs, followed by the monitoring and evaluation of the systems and practices involved. This is then follCHAPTERInformation Security and Risk ManagementThis chapter presents the following:•Security management responsibilities•Difference between administra Ch 03 kho tài liệu trainingressed. The last step is the implementation of policies and controls intended to address the risks and needs first defined. Then the cycle Stans all over again. In this way, the process continually evaluates and monitors the security environment of an organization and allows it to adapt and grow to Ch 03 kho tài liệu trainingmeet the security needs of the environment in which it operates and exists.Security management has changed over the years because networked environmenCh 03 kho tài liệu training
ts, computers, and the applications that hold information have changed. Information used to be held in a mainframe, which is a more centralized networCHAPTERInformation Security and Risk ManagementThis chapter presents the following:•Security management responsibilities•Difference between administra Ch 03 kho tài liệu traininguted networks we see today. Only certain people were allowed access and only a small set of people knew how the mainframe worked, which drastically reduced security risks. Users were able to access information on the mainframe through dumb terminals (they were called this because they had little or Ch 03 kho tài liệu trainingno logic built into them). There was not much need for strict security controls to be put into place. I lowever, the computing society did not stay inCh 03 kho tài liệu training
this type of architecture. Now, most networks are filled with personal computers that have advanced logic and processing power, users know enough aboCHAPTERInformation Security and Risk ManagementThis chapter presents the following:•Security management responsibilities•Difference between administra Ch 03 kho tài liệu trainingns, and other networks. Information passes over wires and airways al a rale not even conceived of 10 to 15 years agoThe Internet, extranets (business partner networks), and intranets not only make security much more complex, they make security even more critical, rhe core network architecture has ch Ch 03 kho tài liệu traininganged from being a localized, stand-alone computing environment to a distributed computing environment that has increased exponentially with complexitCh 03 kho tài liệu training
y. Although connecting a network to the Internet adds more functionality and services for the users and expands the company’s visibility to the InternCHAPTERInformation Security and Risk ManagementThis chapter presents the following:•Security management responsibilities•Difference between administra Ch 03 kho tài liệu trainingrs and computing capabilities. Computers have been integrated into the business and individual daily fabric, and their sudden unavailability would cause great pain and disruption. Many of the larger corporations already realize that their data are as much an asset to be protected as their physical b Ch 03 kho tài liệu traininguildings, factory equipment, and other physical assets. As networks and environments have changed, so has the need for security. Security is more thanCh 03 kho tài liệu training
just a firewall and a router with an access list; these systems must be managed, and a big pan of security is managing rhe actions of users and rhe pCHAPTERInformation Security and Risk ManagementThis chapter presents the following:•Security management responsibilities•Difference between administra Ch 03 kho tài liệu training ResponsibilitiesOkay, who is in charge and whyĩIn the world of security, management's functions involve determining objectives, scope, policies, priorities, and strategies. Management needs to define a clear scopeChapter 3: Information Security ano ni»K management55and. before 100 people run off in Ch 03 kho tài liệu training different directions trying to secure the environment, determine actual goals expected to be accomplished from a security program. Management also neCh 03 kho tài liệu training
eds to evaluate business objectives, security risks, user productivity, and functionality requirements and objectives. Finally, management must defineCHAPTERInformation Security and Risk ManagementThis chapter presents the following:•Security management responsibilities•Difference between administra Ch 03 kho tài liệu traininge equation only and figure that information and computer security fall within the I I administrator's responsibilities. In these situations, management is not taking computer and information security seriously, the consequence of which is that security will most likely remain underdeveloped, unsuppo Ch 03 kho tài liệu trainingrted, underfunded, and unsuccessful. Security needs to be addressed al the highest levels of management. The IT administrator can consult with managemCh 03 kho tài liệu training
ent on the subject, but the security of a company should not be delegated entirely to the 11 or security administrator.Security management relies on pCHAPTERInformation Security and Risk ManagementThis chapter presents the following:•Security management responsibilities•Difference between administra Ch 03 kho tài liệu trainingy, confidentiality, and availability for those assets. Various management tools are used to classify data and perform risk analysis and assessments. These tools identify vulnerabilities and exposure rales and rank the severity of identified vulnerabilities so that effective countermeasures can be im Ch 03 kho tài liệu trainingplemented to mitigate risk in a cost-effective manner. Management’s responsibility is to provide protection for the resources it is responsible for anCh 03 kho tài liệu training
d die company overall These resources come in human, capital, hardware, and informational forms. Management must concern itself with ensuring that a sCHAPTERInformation Security and Risk ManagementThis chapter presents the following:•Security management responsibilities•Difference between administra Ch 03 kho tài liệu trainingto effect.Tile necessary resources and funding need to be available, and strategic representatives must be ready to participate in the security program. Management must assign responsibility and identify the roles necessary to get the security program off the ground and keep it thriving and evolving Ch 03 kho tài liệu training as the environment changes. Management must also integrate the program into the current business environment and monitor its accomplishments. ManagemCh 03 kho tài liệu training
ent's support is one of the most important pieces of a security program. A simple nod and a wink will not provide the amount of support required.The TCHAPTERInformation Security and Risk ManagementThis chapter presents the following:•Security management responsibilities•Difference between administra Ch 03 kho tài liệu trainingrkers start with a blueprint of the structure, then pour the foundation, and then erect the frame. As the building of the house continues, the workers know what the end result is supposed to be, so they add the right materials, insert doors and windows as specified in the blueprints, erect support b Ch 03 kho tài liệu trainingeams, provide sturdy ceilings and floors, and add the plaster and carpet and smaller details until the house is complete. Then inspectors come in to eCh 03 kho tài liệu training
nsure the structure of the house and the components used to make it are acceptable. If this process did not start with a blueprint and a realized goalGọi ngay
Chat zalo
Facebook