Beruflich Dokumente
Kultur Dokumente
Review Question 3. What is the ISO 27000 series of standards? Which individual standards make u the series? It!s one of the most widel" referenced securit" models is the Information #echnolo$"% code of ractice for the Information securit" mana$ement& which was ori$inall" u'lished as (ritish standard (S77)). *. What documents are availa'le from the +IS# ,om uter Resource ,enter& and how can the" su ort the develo ment of a securit" framework? S- .00%/20 ,om uter Securit" 1and'ook S- .00%/20 3enerall" 4cce ted Securit" -rinci les and -ractices S- .00%/.0 3uide for 5evelo in$ Securit" -lans S- .00%260 Securit" Self%4ssessment 3uide for Information #echnolo$" S"stems S- .00%300 Risk 7ana$ement for Information #echnolo$" S"stems 7. What We' resources can aid an or$ani8ation in develo in$ 'est ractices as art of a securit" framework? ). What are the differences 'etween a olic"& a standard& and a ractice? What are the three t" es of securit" olicies? Where would each 'e used? What t" e of olic" would 'e needed to $uide use of the We'? 9%mail? Office e:ui ment for ersonal use? Standard are the recommended status for the communit" or countr". -olic" are rules and should 'e followed '" the communit" or countr". #he olice mi$ht sa" that drivers must adhere to osted s eed limits. #his is enforcea'le and "ou will 'e enali8ed if "ou are cau$ht diso'e"in$ them /2. When is the IR lan used? 4n Incident Res onse -lan ;IR-< covers the identification of classification of& and res onse to an incident. So it will 'e used when an incident is first detected '" an or$ani8ation. /3. When is the 5R lan used? is a lan for 'usiness continuit" in the event of a disaster that destro"s art or all of a 'usiness=s resources& includin$ I# e:ui ment& data records and the h"sical s ace of an or$ani8ation. /2. When is the (, lan used? 4 'usiness continuit" lan is a lo$istical lan com anies use to restore interru ted 'usiness services. (usiness o erations face several t" es of disasters that can artiall" or com letel" interru t their o erations. Exercise *. ,lassif" each of the followin$ occurrences as an incident or disaster. If an occurrence is a disaster& determine whether or not 'usiness continuit" lans would 'e called into la". a.4 hacker $ets into the network and deletes files from a server. iR lan should 'e called into la" to restore files from 'acku