| Security Controls |
Article Index for Security |
Website Links For Security |
Information AboutSecurity Controls |
| CATEGORIES ABOUT SECURITY CONTROLS | |
| computer network security | |
| computer security procedures | |
| data security | |
|
INTERNATIONAL Originally from ISO 17799 now ISO/IEC 27002 . #Risk assessment and treatment - analysis of the organization's information security risks #Security policy - management direction #Organization of information security - governance of information security #Asset management - inventory and classification of information assets #Human resources security - security aspects for employees joining, moving and leaving an organization #Physical and environmental security - protection of the computer facilities #Communications and operations management - management of technical security controls in systems and networks #Access control - restriction of access rights to networks, systems, applications, functions and data #Information systems acquisition, development and maintenance - building security into applications #Information security incident management - anticipating and responding appropriately to information security breaches #Business continuity management - protecting, maintaining and recovering business-critical processes and systems #Compliance - ensuring conformance with information security policies, standards, laws and regulations U.S. FEDERAL GOVERNMENT From NIST Special Publication SP 800-53 revision 1. #AC Access Control #AT Awareness and Training #AU Audit and Accountability #CA Certification, Accreditation, and Security Assessments #CM Configuration Management #CP Contingency Planning #IA Identification and Authentication #IR Incident Response #MA Maintenance #MP Media Protection #PE Physical and Environmental Protection #PL Planning #PS Personnel Security #RA Risk Assessment #SA System and Services Acquisition #SC System and Communications Protection #SI System and Information Integrity The control is then applied another dimension of basic Defense In Depth (computing) categories of People - Techonology - Operations/Process. U.S. DEPARTMENT OF DEFENSE From DoD Instruction 8500.2 there are 8 Information Assurance (IA) areas and the controls are referred to as IA controls. #DC Security Design & Configuration #IA Identification and Authentication #EC Enclave and Computing Environment #EB Enclave Boundary Defense #PE Physical and Environmental #PR Personnel #CO Continuity #VI Vulnerability and Incident Management DoD assigns the IA control per CIA Triad leg. SEE ALSO
REFERENCES |
|
|