Monday, October 3, 2016

Security and Risk Management

Fundamental Principles of Security
  1.     Availability
  2.     Integrity
  3.     Confidentiality
  4.     Balanced Security
Security Definitions
Control Types
Security Frameworks
  1.     ISO/IEC 27000 Series
  2.     Enterprise Architecture Development
  3.     Security Controls Development
  4.     Process Management Development
  5.     Functionality vs. Security
The Crux of Computer Crime Laws
Complexities in Cybercrime
  1.     Electronic Assets
  2.     The Evolution of Attacks
  3.     International Issues
  4.     Types of Legal Systems
Intellectual Property Laws
  1.     Trade Secret
  2.     Copyright
  3.     Trademark
  4.     Patent
  5.     Internal Protection of Intellectual Property
  6.     Software Piracy
Privacy
  1.     The Increasing Need for Privacy Laws
  2.     Laws, Directives and Regulations
  3.     Employee Privacy Issues
Data Breaches
  1.     U.S. Laws Pertaining to Data Breaches
  2.     Other Nations' Laws Pertaining to Data Breaches
Policies, Standards, Baselines, Guidelines, and Procedures
  1.     Security Policy
  2.     Standards
  3.     Guidelines
  4.     Procedures
  5.     Implementation
Risk Management
  1.     Holistic Risk Management
  2.     Information Systems Risk Management Policy
  3.     The Risk Management Team
  4.     The Risk Management Process
Threat Modeling
  1.     Vulnerabilities
  2.     Threats
  3.     Attacks
  4.     Reduction Analysis
Risk Assessment and Analysis
  1.     Risk Analysis Team
  2.     The Value of Information and Assets
  3.     Costs That Make Up the Value
  4.     Identifying Vulnerabilities and Threats
  5.     Methodologies for Risk Assessment
  6.     Risk Analysis Approaches
  7.     Risk Analysis Approaches
  8.     Qualitative Risk Analysis
  9.     Protection Mechanisms
  10.     Putting it Together
  11.     Total Risk vs. Residual Risk
  12.     Handling Risk
  13.     Outsourcing
Business Continuity and Disaster Recovery
  1.     Standards and Best Practices
  2.     Making BCM Part of the Enterprise Security Program
  3.     BCP Project Components
Personnel Security
  1.     Hiring Practices
  2.     Termination
  3.     Security-Awareness Training
  4.     Degree or Certification
Security Governance
  1.     Metrics
Ethics
  1.     The Computer Ethics Institute
  2.     The Internet Architecture Board
  3.     Corporate Ethics Programs