Please enable JavaScript.
Coggle requires JavaScript to display documents.
COMPUTER SECURITY AUDIT ANALYSIS (Information Security Plan…
COMPUTER SECURITY AUDIT ANALYSIS
Information Security Plan
Goal : Detail the actions needed to improve the identified deficiencies in the organization's risk profile in a timely manner
Provide details like what will be done, what resources are needed and who are responsible.
Should include
Risks
Recommended controls
Responsible personnel
Action priority for each risk
Implementation plan
Plan documents
Identify personnel perform needed tasks
Monitor to ensure correct process
Management approves when completed
Follow up
Evaluate changes
Continued maintenance and monitoring
Ensure controls perform as intended
Information Security Protection & Detection
Detect incidents
Reports from user or staff
By automated tools
Admin monitor vulnerability reports
Types of security incidents
Any action threatening classic security services
Unauthorized access to a system
Unauthorized modification of info on a system
Manage security incidents
Detection and Analysis
Containment, Eradication, Recovery
Preparation
Post-incident activity
Respond to incidents
Need documented response procedures
Documenting incidents
Identify vulnerability used
Recorded details for future reference
Consider impact on organization and risk profile
Information Security Control
Select suitable controls to treat the system to reduce risks
Management Control
Cost-benefit analysis
To identify which controls are msot appropriate and provide the greatest benefit to the organization
Include impact of implementing a new or enhanced control, the impact of not implementing it and the estimated cost of implementation
Factors
Reduce risk - Less expensive
Cost more than the risk reduction - Alternative should be used
Not reduce the risk sufficiently - Either more or different controls should be used
Provide sufficient risk reduction - Use it
Operational Control
Technical Control