资源描述:
《ch03 Information Securtiy and Risk Management》由会员上传分享,免费在线阅读,更多相关内容在学术论文-天天文库。
1、All-in-1/CISSPAll-in-OneExamGuide,5thEd./Harris/160217-8CHAPTER3InformationSecurityandRiskManagementThischapterpresentsthefollowing:•Securitymanagementresponsibilities•Differencebetweenadministrative,technical,andphysicalcontrols•Threemainsecurityprinciples•Riskmanagementandriskanalysis•Security
2、policies•Informationclassification•Security-awarenesstrainingWehearaboutvirusescausingmillionsofdollarsindamages,hackersfromothercoun-triescapturingcreditcardinformationfromfinancialinstitutions,websitesoflargecorporationsandgovernmentsbeingdefacedforpoliticalreasons,andhackersbeingcaughtandsent
3、tojail.Thesearethemoreexcitingaspectsofcomputersecurity,butrealisticallytheseactivitiesarenotwhattheaveragecorporationorsecurityprofession-almustusuallydealwithwhenitcomestodailyormonthlysecuritytasks.Althoughvirusesandhackinggetalltheheadlines,securitymanagementisthecoreofacompa-ny’sbusinessand
4、informationsecuritystructure.SecurityManagementSecuritymanagementincludesriskmanagement,informationsecuritypolicies,proce-dures,standards,guidelines,baselines,informationclassification,securityorganiza-tion,andsecurityeducation.Thesecorecomponentsserveasthefoundationofacor-poration’ssecurityprog
5、ram.Theobjectiveofsecurity,andasecurityprogram,istoprotectthecompanyanditsassets.Ariskanalysisidentifiestheseassets,discoversthethreatsthatputthematrisk,andestimatesthepossibledamageandpotentiallossacompanycouldendureifanyofthesethreatsweretobecomereal.Theriskanalysishelpsmanagementconstructabud
6、getwiththenecessaryfundstoprotecttherecog-nizedassetsfromtheiridentifiedthreatsanddevelopapplicablesecuritypoliciesthatprovidedirectionforsecurityactivities.Securityeducationandawarenesstakesthisinformationtoeachandeveryemployeewithinthecompanysoeveryoneisproperlyinformedandcanmoreeasilyworktowa
7、rdthesamesecuritygoals.45cch03.indd45h03.indd45112/3/20091:18:11PM2/3/20091:18:11PMAll-in-1/CISSPAll-in-OneExamGuide,5thEd./Harris/160217-8CISSPAll-in-OneExamGuide46Theprocessofsecuritymanagementisacontinuousonethatbeginswit