Please enable JavaScript.
Coggle requires JavaScript to display documents.
05_Protection of Info.Assets Part-1 (Info. security mgt. (Info.secu. …
05_Protection of Info.Assets
Part-1
Info.
security
mgt.
Key elements of Info.secu.mgt
Roles & responsibilities in Info.secu.mgt
Classification of Info.assets
Fraud & risk factors
Info.secu.
control design
Controls
1
Physical
Administrative (managerial)
Technical
2
Detective
Corrective
Preventive
Standards
Control framework
System access permissions
Mandatory & discretionary
access controls
Privacy principles
Privacy impact analysis
Compliance
OECD guidelines
on Protection of Privacy &
transborder Flows of personal data
European Union Data Protection Directives
& the US-EU Safe Harbor framework
ISO/IEC 29100:2011:
Info.techno.-Security Techniques-
Privacy framework
Critical success factors
for Info.Secu.Mgt.
Info.secu.&
external parties
Identify Risk related
to External parties
Addressing security when
dealing with customers
Addressing security in
3rd party agreements
Recommended Contract terms
HR security & 3rd parties
Screening
Terms & conditions of employment
During employment
Removal of access rights
Computer crime
issues & exposures
Security Incident handling
& response
Logical Access
Logical access
exposures
Paths of
Logical access
Familiarity with Ent.'s
IT environment
Logical access
control software
Identification &
authentication
Logon IDs &
passwords
Features of Passwords
Token Devices - OTP
Biometrics
Physically oriented
Biometrics
Palm based
biometric devices
Iris
Retina Scan
Fingerprint Access control
Face recognition
biometric devices
Behavior oriented Biometrics
Signature recognition
Voice recognition
Single Sign-On
(SSO)
Authorization issues
Access control List (ACL)
Common
Connectivity Methods
VPN
Dial up Lines
Dedicated Network Connection
Access rights to System Log
Tools for Audit trail (logs) analysis
Confidential information
Storing, retrieving,
transporting & disposing
Network Infra.security
LAN security
Virtualisation
Client-server security
Wireless security threats
& Risk mitigation
Internet threats & security
Network security
threats
Passive attacks
Active attacks
Causes for
Internet attacks
Firewall security
systems
Types of firewalls
Packet filtering
firewalls
Common
attacks
IP spoofing
Source route specification
Miniature fragment attack
Application filtering firewalls
Application level
Circuit level
Stateful Inspection
Firewall
Examples of
Firewall implementations
Screened host firewall
Dual homed firewall
Demilitarised zone (DMZ) or
Screened subnet firewall
Intrusion
detection system
Categories
Network based
Host based
Types
Signature based
Statistical based
Neural networks
Components of IDS
Sensors
Analyzers
Administration console
User interface
Intrusion Prevention systems
Honeypots & honeynets
Encryption
Key elements
Encryption keys
Key length
Encryption algorithm
Types
Symmetric key systems
Asymmetric key systems
Quamtum Cryptography
Digital signatures
Public key infrastructure
Applications of Cryptographic systems
Transport layer security (TLS)
IP Security (IPSEC)
Secure Shell (SSH)
Secure Multipurpose Internet Mail Extensions (S/MIME)
Malware
Voice-Over IP
Private Branch Exchange (PBX)
Auditing Network Infra.security