Beruflich Dokumente
Kultur Dokumente
Efficiency Compliance
Information must be Controls must ensure
produced in a cost-effective compliance with internal
manner. policies and with external
legal and regulatory
Confidentiality requirements.
Sensitive information must
be protected from Reliability
unauthorized disclosure. Management must have
access to appropriate
Integrity information needed to
conduct daily activities and
Information must be
to exercise its fiduciary and
accurate, complete, and governance responsibilities.
valid.
Information
Criteria
Confidentiality
Sensitive organizational information (e.g., marketing plans, trade secrets)
is protected from unauthorized disclosure.
Privacy
Personal information about customers is collected, used, disclosed, and
maintained only in compliance with internal policies and external
regulatory requirements and is protected from unauthorized disclosure.
Processing Integrity
Data are processed accurately, completely, in a timely manner, and only
with proper authorization.
Availability
The system and its information are available to meet operational and
contractual obligations.
Preventive Control
Detective Control
Corrective Control
Training
Firewall
Software or hardware used to filter information
Software Design
Programmers must be trained to treat all input from
external users as untrustworthy and to carefully check it
before performing further actions.
Log Analysis
Process of examining logs to identify evidence of possible
attacks
Intrusion Detection
Sensors and a central monitoring unit that create logs of
network traffic that was permitted to pass the firewall and
then analyze those logs for signs of attempted or
successful intrusions
Managerial Reports
Security Testing
Patch Management
Fix known vulnerabilities by installing the latest updates
Security programs
Operating systems
Applications programs
Recovery
Follow-up
Virtualization Risks
Multiple systems are Increased exposure if
run on one breach occurs
computer Reduced
authentication
Cloud Computing standards
Remotely accessed Opportunities
resources Implementing strong
access controls in the
Software cloud or over the server
applications that hosts a virtual
Data storage network provides good
security over all the
Hardware systems contained
therein
Copyright 2012 Pearson Education 8-23