Enviar búsqueda
Cargar
Information Security Fundamentals
•
1 recomendación
•
652 vistas
James W. De Rienzo
Seguir
Information Security Fundamentals
Leer menos
Leer más
Tecnología
Vista de diapositivas
Denunciar
Compartir
Vista de diapositivas
Denunciar
Compartir
1 de 1
Descargar ahora
Descargar para leer sin conexión
Recomendados
COMPUTER SECURITY
COMPUTER SECURITY
SHUBHA CHATURVEDI
Data security and integrity
Data security and integrity
elly mulah
Introduction to the management of information security
Introduction to the management of information security
Sammer Qader
Infromation Assurance
Infromation Assurance
Akshay Pal
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information Security
Bharath Rao
Week 1 disc 2 pp presentation
Week 1 disc 2 pp presentation
AngelaDMolina
INFORMATION SECURITY
INFORMATION SECURITY
Ahmed Moussa
Website security
Website security
RIPPER95
Recomendados
COMPUTER SECURITY
COMPUTER SECURITY
SHUBHA CHATURVEDI
Data security and integrity
Data security and integrity
elly mulah
Introduction to the management of information security
Introduction to the management of information security
Sammer Qader
Infromation Assurance
Infromation Assurance
Akshay Pal
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information Security
Bharath Rao
Week 1 disc 2 pp presentation
Week 1 disc 2 pp presentation
AngelaDMolina
INFORMATION SECURITY
INFORMATION SECURITY
Ahmed Moussa
Website security
Website security
RIPPER95
Application Security
Application Security
John Rauser
Security Properties
Security Properties
chauhankapil
2019resume
2019resume
JeremiahLanier
Technology rules
Technology rules
Steve Freeman
The potential of SIEM technology
The potential of SIEM technology
vijay1926
Safety of protected health information (phi)
Safety of protected health information (phi)
Josette Pribilla
Information Security and Privacy - Public Sector actions, policies and regula...
Information Security and Privacy - Public Sector actions, policies and regula...
The University of Texas (UTRGV)
Infromation securiity
Infromation securiity
Aamir Sohail
Infosec
Infosec
Ismaila Gassama
Accuracy constrained privacy-preserving access control mechanism for relation...
Accuracy constrained privacy-preserving access control mechanism for relation...
Papitha Velumani
Data security training
Data security training
carmelaangelica
Pertemuan 14 keamanan sistem operasi
Pertemuan 14 keamanan sistem operasi
newbie2019
What goes into managed security services
What goes into managed security services
Phreedom Technologies
MobileSecurity WhitePaper
MobileSecurity WhitePaper
Hudson Valley Public Relations
HIPAA Compliance Email
HIPAA Compliance Email
L Andersen
Hipaa in the era of ehr mo dept hss
Hipaa in the era of ehr mo dept hss
learfield
What is threat intelligence ?
What is threat intelligence ?
AariyaRathi
NIST Policy Mapped to 800-53-800-53A-controls-and-objectives (Legal Size)
NIST Policy Mapped to 800-53-800-53A-controls-and-objectives (Legal Size)
James W. De Rienzo
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)
James W. De Rienzo
Rmf step-3-control-selection-nist-sp-800-53r4
Rmf step-3-control-selection-nist-sp-800-53r4
James W. De Rienzo
Job aid framework-for-improving-critical-infrastructure-cybersecurity-core-jwd
Job aid framework-for-improving-critical-infrastructure-cybersecurity-core-jwd
James W. De Rienzo
NIST CSD Cybersecurity Publications 20160417
NIST CSD Cybersecurity Publications 20160417
James W. De Rienzo
Más contenido relacionado
La actualidad más candente
Application Security
Application Security
John Rauser
Security Properties
Security Properties
chauhankapil
2019resume
2019resume
JeremiahLanier
Technology rules
Technology rules
Steve Freeman
The potential of SIEM technology
The potential of SIEM technology
vijay1926
Safety of protected health information (phi)
Safety of protected health information (phi)
Josette Pribilla
Information Security and Privacy - Public Sector actions, policies and regula...
Information Security and Privacy - Public Sector actions, policies and regula...
The University of Texas (UTRGV)
Infromation securiity
Infromation securiity
Aamir Sohail
Infosec
Infosec
Ismaila Gassama
Accuracy constrained privacy-preserving access control mechanism for relation...
Accuracy constrained privacy-preserving access control mechanism for relation...
Papitha Velumani
Data security training
Data security training
carmelaangelica
Pertemuan 14 keamanan sistem operasi
Pertemuan 14 keamanan sistem operasi
newbie2019
What goes into managed security services
What goes into managed security services
Phreedom Technologies
MobileSecurity WhitePaper
MobileSecurity WhitePaper
Hudson Valley Public Relations
HIPAA Compliance Email
HIPAA Compliance Email
L Andersen
Hipaa in the era of ehr mo dept hss
Hipaa in the era of ehr mo dept hss
learfield
What is threat intelligence ?
What is threat intelligence ?
AariyaRathi
La actualidad más candente
(17)
Application Security
Application Security
Security Properties
Security Properties
2019resume
2019resume
Technology rules
Technology rules
The potential of SIEM technology
The potential of SIEM technology
Safety of protected health information (phi)
Safety of protected health information (phi)
Information Security and Privacy - Public Sector actions, policies and regula...
Information Security and Privacy - Public Sector actions, policies and regula...
Infromation securiity
Infromation securiity
Infosec
Infosec
Accuracy constrained privacy-preserving access control mechanism for relation...
Accuracy constrained privacy-preserving access control mechanism for relation...
Data security training
Data security training
Pertemuan 14 keamanan sistem operasi
Pertemuan 14 keamanan sistem operasi
What goes into managed security services
What goes into managed security services
MobileSecurity WhitePaper
MobileSecurity WhitePaper
HIPAA Compliance Email
HIPAA Compliance Email
Hipaa in the era of ehr mo dept hss
Hipaa in the era of ehr mo dept hss
What is threat intelligence ?
What is threat intelligence ?
Destacado
NIST Policy Mapped to 800-53-800-53A-controls-and-objectives (Legal Size)
NIST Policy Mapped to 800-53-800-53A-controls-and-objectives (Legal Size)
James W. De Rienzo
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)
James W. De Rienzo
Rmf step-3-control-selection-nist-sp-800-53r4
Rmf step-3-control-selection-nist-sp-800-53r4
James W. De Rienzo
Job aid framework-for-improving-critical-infrastructure-cybersecurity-core-jwd
Job aid framework-for-improving-critical-infrastructure-cybersecurity-core-jwd
James W. De Rienzo
NIST CSD Cybersecurity Publications 20160417
NIST CSD Cybersecurity Publications 20160417
James W. De Rienzo
Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...
Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...
James W. De Rienzo
CNDSP Assessment Template
CNDSP Assessment Template
James W. De Rienzo
NIST Risk Management Framework (RMF)
NIST Risk Management Framework (RMF)
James W. De Rienzo
Information Security Fundamentals - New Horizons Bulgaria
Information Security Fundamentals - New Horizons Bulgaria
New Horizons Bulgaria
NTXISSACSC3 - Fundamentals Matter - A Brief Introduction to Risk Analysis for...
NTXISSACSC3 - Fundamentals Matter - A Brief Introduction to Risk Analysis for...
North Texas Chapter of the ISSA
Fce 552 part6-3
Fce 552 part6-3
Leonardus Ouma
(1b) Map CSC v5.0 to NIST SP 800 53 Revision 4 (security control table landsc...
(1b) Map CSC v5.0 to NIST SP 800 53 Revision 4 (security control table landsc...
James W. De Rienzo
(1a) map csc 5 to nist sp 800 53 rev 4 (security control table portrait) 2014...
(1a) map csc 5 to nist sp 800 53 rev 4 (security control table portrait) 2014...
James W. De Rienzo
Policy. FedRAMP Security Assessment Plan (SAP) Template, Policy and Procedure...
Policy. FedRAMP Security Assessment Plan (SAP) Template, Policy and Procedure...
James W. De Rienzo
Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summa...
Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summa...
James W. De Rienzo
20 Security Controls for the Cloud
20 Security Controls for the Cloud
NetStandard
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
James W. De Rienzo
CompTIA Security+ Module1: Security fundamentals
CompTIA Security+ Module1: Security fundamentals
Ganbayar Sukhbaatar
RMF STEP 2: SELECT (NIST 800-53 Rev. 3 Controls, Enhancements and Supplementa...
RMF STEP 2: SELECT (NIST 800-53 Rev. 3 Controls, Enhancements and Supplementa...
James W. De Rienzo
Information System Sensitivity Level Impact Assessment (NIST SP 800-60v2r1)
Information System Sensitivity Level Impact Assessment (NIST SP 800-60v2r1)
James W. De Rienzo
Destacado
(20)
NIST Policy Mapped to 800-53-800-53A-controls-and-objectives (Legal Size)
NIST Policy Mapped to 800-53-800-53A-controls-and-objectives (Legal Size)
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)
Rmf step-3-control-selection-nist-sp-800-53r4
Rmf step-3-control-selection-nist-sp-800-53r4
Job aid framework-for-improving-critical-infrastructure-cybersecurity-core-jwd
Job aid framework-for-improving-critical-infrastructure-cybersecurity-core-jwd
NIST CSD Cybersecurity Publications 20160417
NIST CSD Cybersecurity Publications 20160417
Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...
Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...
CNDSP Assessment Template
CNDSP Assessment Template
NIST Risk Management Framework (RMF)
NIST Risk Management Framework (RMF)
Information Security Fundamentals - New Horizons Bulgaria
Information Security Fundamentals - New Horizons Bulgaria
NTXISSACSC3 - Fundamentals Matter - A Brief Introduction to Risk Analysis for...
NTXISSACSC3 - Fundamentals Matter - A Brief Introduction to Risk Analysis for...
Fce 552 part6-3
Fce 552 part6-3
(1b) Map CSC v5.0 to NIST SP 800 53 Revision 4 (security control table landsc...
(1b) Map CSC v5.0 to NIST SP 800 53 Revision 4 (security control table landsc...
(1a) map csc 5 to nist sp 800 53 rev 4 (security control table portrait) 2014...
(1a) map csc 5 to nist sp 800 53 rev 4 (security control table portrait) 2014...
Policy. FedRAMP Security Assessment Plan (SAP) Template, Policy and Procedure...
Policy. FedRAMP Security Assessment Plan (SAP) Template, Policy and Procedure...
Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summa...
Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summa...
20 Security Controls for the Cloud
20 Security Controls for the Cloud
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
CompTIA Security+ Module1: Security fundamentals
CompTIA Security+ Module1: Security fundamentals
RMF STEP 2: SELECT (NIST 800-53 Rev. 3 Controls, Enhancements and Supplementa...
RMF STEP 2: SELECT (NIST 800-53 Rev. 3 Controls, Enhancements and Supplementa...
Information System Sensitivity Level Impact Assessment (NIST SP 800-60v2r1)
Information System Sensitivity Level Impact Assessment (NIST SP 800-60v2r1)
Similar a Information Security Fundamentals
Computer Security Chapter 1
Computer Security Chapter 1
Temesgen Berhanu
System Security-Chapter 1
System Security-Chapter 1
Vamsee Krishna Kiran
Principles of Network Security-CIAD TRIAD
Principles of Network Security-CIAD TRIAD
Souma Maiti
Health Informatics- Module 5-Chapter 1.pptx
Health Informatics- Module 5-Chapter 1.pptx
Arti Parab Academics
Security Ch-1.pptx
Security Ch-1.pptx
KeenboonAsaffaa
Security and Control Issues in Information System
Security and Control Issues in Information System
Daryl Conson
Exploring the Seven Key Attributes of Security Testing.pdf
Exploring the Seven Key Attributes of Security Testing.pdf
AmeliaJonas2
Introduction to security
Introduction to security
Mukesh Chinta
what is data security full ppt
what is data security full ppt
Shahbaz Khan
what is data security full ppt
what is data security full ppt
Shahbaz Khan
1 introit security
1 introit security
richarddxd
database-security-access-control-models-a-brief-overview-IJERTV2IS50406.pdf
database-security-access-control-models-a-brief-overview-IJERTV2IS50406.pdf
Dr Amit Phadikar
E business security
E business security
Sameer Sharma
System Security enviroment in operating system
System Security enviroment in operating system
Kushagr sharma
Network security chapter 1
Network security chapter 1
osama elfar
Legal and Ethical Considerations in Nursing Informatics
Legal and Ethical Considerations in Nursing Informatics
Kimarie Brown
Security testing
Security testing
baskar p
security system by desu star chapter 1.pptx
security system by desu star chapter 1.pptx
desalewminale
Comprehensive Analysis of Contemporary Information Security Challenges
Comprehensive Analysis of Contemporary Information Security Challenges
sidraasif9090
Cyber_Security_Policy
Cyber_Security_Policy
Mrinal Dutta
Similar a Information Security Fundamentals
(20)
Computer Security Chapter 1
Computer Security Chapter 1
System Security-Chapter 1
System Security-Chapter 1
Principles of Network Security-CIAD TRIAD
Principles of Network Security-CIAD TRIAD
Health Informatics- Module 5-Chapter 1.pptx
Health Informatics- Module 5-Chapter 1.pptx
Security Ch-1.pptx
Security Ch-1.pptx
Security and Control Issues in Information System
Security and Control Issues in Information System
Exploring the Seven Key Attributes of Security Testing.pdf
Exploring the Seven Key Attributes of Security Testing.pdf
Introduction to security
Introduction to security
what is data security full ppt
what is data security full ppt
what is data security full ppt
what is data security full ppt
1 introit security
1 introit security
database-security-access-control-models-a-brief-overview-IJERTV2IS50406.pdf
database-security-access-control-models-a-brief-overview-IJERTV2IS50406.pdf
E business security
E business security
System Security enviroment in operating system
System Security enviroment in operating system
Network security chapter 1
Network security chapter 1
Legal and Ethical Considerations in Nursing Informatics
Legal and Ethical Considerations in Nursing Informatics
Security testing
Security testing
security system by desu star chapter 1.pptx
security system by desu star chapter 1.pptx
Comprehensive Analysis of Contemporary Information Security Challenges
Comprehensive Analysis of Contemporary Information Security Challenges
Cyber_Security_Policy
Cyber_Security_Policy
Más de James W. De Rienzo
Nist sp 800_r5_baselines_&_attributes
Nist sp 800_r5_baselines_&_attributes
James W. De Rienzo
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
James W. De Rienzo
NIST NVD REV 4 Security Controls Online Database Analysis
NIST NVD REV 4 Security Controls Online Database Analysis
James W. De Rienzo
SEI CERT Podcast Series
SEI CERT Podcast Series
James W. De Rienzo
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
James W. De Rienzo
(3) Map Council on CyberSecurity's Critical Security Controls (CSC) Version 5...
(3) Map Council on CyberSecurity's Critical Security Controls (CSC) Version 5...
James W. De Rienzo
(2) map csc 5 to nist sp 800 53 rev 4 (controls & enhancements) 20140804
(2) map csc 5 to nist sp 800 53 rev 4 (controls & enhancements) 20140804
James W. De Rienzo
Information Assurance, A DISA CCRI Conceptual Framework
Information Assurance, A DISA CCRI Conceptual Framework
James W. De Rienzo
NIST SP 800 30 Flow Chart
NIST SP 800 30 Flow Chart
James W. De Rienzo
VDI and Application Virtualization
VDI and Application Virtualization
James W. De Rienzo
Más de James W. De Rienzo
(10)
Nist sp 800_r5_baselines_&_attributes
Nist sp 800_r5_baselines_&_attributes
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
NIST NVD REV 4 Security Controls Online Database Analysis
NIST NVD REV 4 Security Controls Online Database Analysis
SEI CERT Podcast Series
SEI CERT Podcast Series
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
(3) Map Council on CyberSecurity's Critical Security Controls (CSC) Version 5...
(3) Map Council on CyberSecurity's Critical Security Controls (CSC) Version 5...
(2) map csc 5 to nist sp 800 53 rev 4 (controls & enhancements) 20140804
(2) map csc 5 to nist sp 800 53 rev 4 (controls & enhancements) 20140804
Information Assurance, A DISA CCRI Conceptual Framework
Information Assurance, A DISA CCRI Conceptual Framework
NIST SP 800 30 Flow Chart
NIST SP 800 30 Flow Chart
VDI and Application Virtualization
VDI and Application Virtualization
Último
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
Nanddeep Nachan
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
rafiqahmad00786416
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
Khem
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
DianaGray10
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
apidays
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
Product Anonymous
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
apidays
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
Andrey Devyatkin
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
wesley chun
Architecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
Dropbox
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Deepika Singh
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
Zilliz
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
The Digital Insurer
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
apidays
Último
(20)
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
Architecting Cloud Native Applications
Architecting Cloud Native Applications
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
Information Security Fundamentals
1.
Information Assurance Training INFORMATION SECURITY FUNDAMENTALS Integrity 3 Availability 4 Accountability A system should ensure completeness, accuracy and absence of unauthorized modifications in all its components. A system should ensure that all system’s components are available and operational when they are required by authorized users. An ability of a system to hold users responsible for their actions (e.g. misuse of information). 5 Auditability 6 7 Authenticity/ Trustworthiness Non‐repudiation 8 Privacy An ability of a system to conduct persistent, non‐bypassable monitoring of all actions performed by humans or machines within the system. An ability of a system to verify identity and establish trust in a third party and in information it provides. An ability of a system to prove (with legal validity) occurrence/non‐occurrence of an event or participation/non‐participation of a party in an event. A system should obey privacy legislation and it should enable individuals to control, where feasible, their personal information (user‐involvement). Facilities 2 People A system should ensure that only authorized users access information. Information (Data) Confidentiality Network (Communications) Definition 1 Software Security Attributes Technology Hardware # Information System Components Processes Security controls strengthen the security attributes inherent in assets, such as facilities and information system components (i.e., people, technology and information). NIST SP 800‐60 Volume 1 Revision 2 focuses on the categorization of information systems/information types, based on the impact from changes to the sensitivity level of information types stored or processed by the information system. A risk assessment determines the risk level of an information system by estimating the likelihood that a threat agent/actor can exploit a known vulnerability within an asset; and the perceived impact to the organization if a breach were to occur. The Authorizing Official determines the Maximum Risk Tolerance Threshold and applies compensating controls to mitigate risk to an acceptable level if necessary. Assets X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X The goal of Information Security is to protect and defend valuable information assets from motivated threat actors or agents‐‐‐where the source of an attack can be internal or external, intentional or unintentional, environmental or man‐made. Information Assurance (IA) Professionals recommend security controls to safeguard information system components‐‐‐Information, People, Processes, Hardware, Software, Network‐‐‐from harm, loss, misconfiguration, misuse or exploitation. An IA Professional determines the Sensitivity Level of an information system by assigning an impact level of LOW, MODERATE or HIGH to each of the three security attributes associated with "Information" (red X's above) stored or processed on the information system. NIST SP 800‐60 V2R1 Appendices C, D and E divide Information into Information Types, and the process for determining sensitivity level is repeated for each Information Type. An IA Professional determines the minimum set of baseline security controls using the high water mark method based on the highest sensitivity level for all information types stored or processed on the information system. For example, if the impact value associated with the confidentiality security attribute of an information type is HIGH, then the IA Professional selects a HIGH set of minimum baseline controls from the NIST SP 800‐53 Revision 4 Security Control Catalog. The "Data" information system component aligns with a broader set of security attributes as well, including Authenticity/Trustworthiness, Non‐repudiation and Privacy (see table above). For instance, systems that store Personally Identifiable Information (PII) must contain security controls that protect against the loss of PII. NIST SP 800‐53 Rev. 4 Appendix J contains a set of Privacy security controls. Print Date: 2/22/2014 Page 1 of 1 Contact: James W. De Rienzo
Descargar ahora