Advertisement
Guest User

Untitled

a guest
Nov 20th, 2019
168
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.96 KB | None | 0 0
  1. Risk - likelihood that a loss with occur when a threat exposes a vulnerability
  2. Total Risk = TXV-L
  3. Manage Risk - avoid, mitigate, accept, transfer
  4. Threat - any activity that poses a possible danger to cause a loss
  5. Vulnerability - a weakness loss - results from a compromise to biz acessets or functions
  6. Exploit - the act of taking advantage of a vulnerability
  7.  
  8. SLE (single loss expectancy)= asset value × exposure (% of loss of total asset value)
  9. ARO - annualized rate of occurrence
  10. ALE (annual loss expectancy)= SLE x ARO
  11.  
  12. MOE - Margin of exposure (part of BIA, MAO >= RTO)
  13. RTO - Recovery time objective (part of BIA)
  14. CBA - cost benifit analysis
  15. POAM - plan of actions and milestones
  16. Fiduciary responsibility - being responsible for someone else’s money
  17.  
  18. FISMA - The Federal Information Security Management Act
  19. HIPPA - healthcare/portability
  20. GLBA - broad scope, banking, insurance
  21. SOX - publically traded companies, holds exec and board - financial data
  22. FERPA - student datavs funded schools
  23. CIPA - schools/libraries (computers)
  24.  
  25. SEC - secuirity industries - publically traded companies
  26. DHS - several IT divisions, office cyber and com
  27. NCCI - insurance
  28. FTC - unfair trade pract
  29. State AG - primary legal advisor
  30. US Ag - head of DOJ
  31. COSO - joint initiative to combat corporate fraud
  32.  
  33.  
  34. BIA - Business Impact Analysis
  35. CBF - critical business functions (hotel booking website)
  36. CSM - critical successfactors (yelp, etc)
  37. BCP - Business Continuity Plan (focuses on worst case, not likelihood of events. has key facets of DRP and IRP)
  38. BRP - Business Risk Portfolio
  39. IRP - Incident Response Plan (computers, hacks attacks, internet)
  40. DRP - Disaster Recovery Plan (emphasis on technology assets)
  41. CSF - Common Security Framework
  42.  
  43. Responsibilities:
  44. PM - can manage more than 1 project, reviews all BCPs, ensures BCP is on track
  45. BCP Coordinator - in charge of one BCP, deving or activating BCP, contacts other teams
  46. BCP Teams - EMT (Emergency Management Team), DAT (Damage Assessment Team, TRT (Technical Recovery Team)
  47. EMT - has overall authority for system recovery, composed of senor managers
  48. DAT - assesses damage and declares severity of an incident, collects and reports data buit doesnt take action
  49. TRT - recovers critical IT resources (must be listed in BIA), members need specific skill sets
  50.  
  51. Risk management Frameworks
  52. Step 1: Categorize Information Systems. ...
  53. Step 2: Select Security Controls. ...
  54. Step 3: Implement Security Controls. ...
  55. Step 4: Assess Security Controls. ...
  56. Step 5: Authorize Information System. ...
  57. Step 6: Monitor Security Controls.
  58. COSO - Committee of Sponsoring Organizations of the Treadway Commission
  59. IT
  60. NIST Cyber framework
  61.  
  62.  
  63. 7 Domains of IT - User, Workstation, LAN, LAN-to-WAN, Remote Access, WAN, System/Application
  64. how to figure out what control to use (NIST, SANS Top 20)
  65. -NIST SP 800-53: 18 families of controls, 3 implementation method
  66.  
  67. Consider as Scope: CBO, Cost serv delivery, mission-CBB, 7 domains of IT, info sys secuirty gap
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement