Please enable JavaScript.
Coggle requires JavaScript to display documents.
Framework + policys (Policies (An effective policy (Distribution, Reading,…
Framework + policys
Policies
procedures
list of steps
importance of policies
identify assets the company considers valuable
outline personal responsibility
outline incident response responsibilities
guidelines
recommended actions
An effective policy
Distribution
Reading
understanding
agreement
Uniform enforcement
standards
detailed statements
what must comply with the policy
policy
a principle or rule to guide decisions
ISMS Framework
ISO/IEC 27000 series
provides an overview of ISMS
A plan-do-check-act cycle
do
implement and operate the ISMS
check
Monitor and review the ISMS
act
Maintain and improve the ISMS
Plan
Establish the ISMs
NIST CSF
protect
access control
Data security
detect
anomalies and events
continuous monitoring
respond
response planing
mitigation improvemnets
Identify
asset management
risk management strategy
recover
recovery planning improvements
comminocations
ISACA COBIT
program policy
typically addresses
ensures meeting requiremnets to establish program and responsibilities
Use of specified penalties and disciplinary action
Elements
Statement of purpose
information of security elements
need for information security
information security roles/responsibilities
References to other information security standards and guidelines
penalties and disciplinary actions
sets
scope
tone
strategic direction
Security
Information security
Protection
Integrity
of information assets
processing
Via SETA
transmission
In storage
availability
Confidentiality
Information security management systems
All types and sizes
collect , process , store and transmit info
may face some risks that impact assets
systems specific policy
Falls into two groups
Managerial
The "what we want from the system"
Technical
The "how the system will achieve it"
SysSPs
functions as standards and procedures used when configuring or maintaining systems
issue-specific security policy
The issp
Addresses specific areas of technology
requires frequent updates
contains statemnet on organisations position on specific issues
approach
create a number of independent ISSPdocs
Craete a single comprehensive ISSP doc
Create a modular ISSP doc