Scribd Logo
Importer

Bienvenue sur Scribd !

  • Assessment Framework

    Transféré par

    chidseymatt
    12 vues4 pages
    ossi

    Copyright

    © © All Rights Reserved

    Formats disponibles

    DOC, PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    ossi

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme DOC, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    12 vues4 pages

    Assessment Framework

    Transféré par

    chidseymatt
    ossi

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme DOC, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 4

    Information Systems Security Assessment Framework (ISSAF) Draft 0.

    1
    4 4 A ASSESSMENT SSESSMENT F FRAMEWORK RAMEWORK
    Note: This section is incomplete
    Generally enterprises spend lots of money on best-of-breed security technology but they
    ignore two very important elements to achieve end-to-end security: 1. People and 2.
    Processes. Security is not a product, it is an ongoing process. n lac! of good people
    and well designed processes even the best technology not going to reduce ris!. "
    security organi#ation must need all three supports to maintain balance and
    $ 2%%&, 'alwant (athore, )pen nformation Systems Security Group * $ 2%%&, 'alwant (athore, )pen nformation Systems Security Group *www.oissg.org+ +
    ,ate: ,ate: -.-.2%1& -.-.2%1& Page Page 2 2 of of & &
    Information Systems Security Assessment Framework (ISSAF) Draft 0.1
    effectiveness.
    " security assessment framewor! is not complete without considering all three
    components of end-to-end security: 1. People 2. Process and /. 0echnology
    "fter considering above mentioned three components, we are describing a complete
    approach for security assessment on various domains:
    $ 2%%&, 'alwant (athore, )pen nformation Systems Security Group * $ 2%%&, 'alwant (athore, )pen nformation Systems Security Group *www.oissg.org+ +
    ,ate: ,ate: -.-.2%1& -.-.2%1& Page Page / / of of & &
    Technology Technology
    Technology Technology
    Technology Technology
    Technology Technology
    People People
    People People
    Secure Secure
    Enterprise Enterprise
    Secure Secure
    Enterprise Enterprise
    Information Systems Security Assessment Framework (ISSAF) Draft 0.1
    Inorm!tion Systems Security Assessment Fr!me"or#
    $ 2%%&, 'alwant (athore, )pen nformation Systems Security Group * $ 2%%&, 'alwant (athore, )pen nformation Systems Security Group *www.oissg.org+ +
    ,ate: ,ate: -.-.2%1& -.-.2%1& Page Page & & of of & &
    $ontrols Assessment
    $ontrols Assessment
    Physic!l Security
    Assessment
    Physic!l Security
    Assessment
    Soci!l Engineering
    Soci!l Engineering
    Technic!l $ontrols
    Assessment
    Technic!l $ontrols
    Assessment
    %
    A
    &
    $
    E'!lu!tion o Ris# Assessment Metho(ology
    E'!lu!tion o Ris# Assessment Metho(ology
    Re'ie" o logging Monitoring ) Au(iting Processes
    Re'ie" o logging Monitoring ) Au(iting Processes
    Security A"!reness ) Tr!ining
    Security A"!reness ) Tr!ining
    Outsourcing Security $oncerns
    Outsourcing Security $oncerns
    &usiness $ontinuity Pl!nning ) *is!ster Reco'ery Pl!n Re'ie"
    &usiness $ontinuity Pl!nning ) *is!ster Reco'ery Pl!n Re'ie"
    +eg!l !n( Regul!tory $ompli!nce
    +eg!l !n( Regul!tory $ompli!nce
    ,
    4
    -
    .
    /
    0
    Re'ie" o Inorm!tion Security Policy ) Org!ni1!tion
    Re'ie" o Inorm!tion Security Policy ) Org!ni1!tion
    2

    Vous aimerez peut-être aussi