Wondershare EdrawMind
EdrawMind[CISSP 9th Edition] Chapter 1 Principles and Strategies for Implementing Security Governance
MindMap Gallery [CISSP 9th Edition] Chapter 1 Principles and Strategies for Implementing Security Governance
- 11
[CISSP 9th Edition] Chapter 1 Principles and Strategies for Implementing Security Governance
This is a mind map about [CISSP 9th Edition] Chapter 1 Principles and Strategies for Implementing Security Governance, including managing security functions, security policies, standards, procedures and guidelines, threat modeling, etc.
Edited at 2023-12-18 21:40:11- bacteria
This is a mind map about bacteria, and its main contents include: overview, morphology, types, structure, reproduction, distribution, application, and expansion. The summary is comprehensive and meticulous, suitable as review materials.
- Plant asexual reproduction
This is a mind map about plant asexual reproduction, and its main contents include: concept, spore reproduction, vegetative reproduction, tissue culture, and buds. The summary is comprehensive and meticulous, suitable as review materials.
- Reproductive development of animals
This is a mind map about the reproductive development of animals, and its main contents include: insects, frogs, birds, sexual reproduction, and asexual reproduction. The summary is comprehensive and meticulous, suitable as review materials.
[CISSP 9th Edition] Chapter 1 Principles and Strategies for Implementing Security Governance
- bacteria
This is a mind map about bacteria, and its main contents include: overview, morphology, types, structure, reproduction, distribution, application, and expansion. The summary is comprehensive and meticulous, suitable as review materials.
- Plant asexual reproduction
This is a mind map about plant asexual reproduction, and its main contents include: concept, spore reproduction, vegetative reproduction, tissue culture, and buds. The summary is comprehensive and meticulous, suitable as review materials.
- Reproductive development of animals
This is a mind map about the reproductive development of animals, and its main contents include: insects, frogs, birds, sexual reproduction, and asexual reproduction. The summary is comprehensive and meticulous, suitable as review materials.
- Recommended to you
- Outline
No relevant template
Chapter 1 Principles and Strategies for Implementing Security Governance
1.1 Security 101
1.2 Understand and apply security concepts
CIA
Confidentiality: Ensure that information will not be disclosed to unauthorized users or entities during storage, use, and transmission.
Integrity: Ensure that information will not be tampered with without authorization during storage, use, and transmission, prevent authorized users or entities from inappropriately modifying information, and maintain internal and external consistency of information.
Availability: ensuring that authorized users or entities will not be abnormally denied normal use of information and resources, allowing them to access information and resources reliably and in a timely manner.
DAD
disclosure
modification
destruction
overprotective
authenticity
non-repudiation
AAA service
identification
authentication
authorization
auditing
accounting
protection mechanism
Protection mechanism: It is a common feature of security control. Not all security controls are required to have these mechanisms, but many controls provide confidentiality, integrity, and availability through the use of these mechanisms.
mechanism
layering
abstraction
data hiding
encryption
1.3 Security Boundary
1.4 Evaluate and apply security governance principles
third party governance
Document review
1.5 Managing security functions
Security capabilities aligned with business strategy, goals, mission and objectives
Strategic Plan
tactical plan
Operation plan
organizational processes
Organizational roles and responsibilities
senior manager
security professionals
asset owner
custodian
user
auditor
security control framework
Control Objectives for Information and Related Technology (COBIT): COBIT is a set of documents written by the Information Systems Audit and Control Association (ISACA) documenting IT security best practices.
COBIT Six Principles
Principle 1: Create value for stakeholders
Principle 2: Use a holistic approach
Principle 3: Govern the system dynamically
Principle 4: Separate governance from management
Principle 5: Tailor it to your business needs
Principle 6: Adopt an end-to-end governance system
Other standards and guidelines
NIST SP 800-53 Rev.5
Center for Internet Security (CIS)
NIST Risk Management Framework (RMF)
NIST Cybersecurity Framework (CSF)
IOS/IEC 27000 series
Information Technology Infrastructure Library (ITIL)
Due care and due diligence
Due diligence: refers to the development of plans, strategies and processes to protect the interests of the organization.
Due care: Refers to the practice of maintaining "due diligence" activities.
1.6 Security policies, standards, procedures and guidelines
security strategy
Security Standards, Baselines and Guidelines
safety procedures
1.7 Threat Modeling
Identify threats
Focus on assets
Follow the attacker
Pay attention to software
STRIDE
Spoofing
Tampering
Repudiation
Information Disclosure
Denial of Service (Dos)
Elevation of Privilege
PASTA
Phase 1: Define objectives for risk analysis
Phase 2: Definition of the Technical Scope (DTS)
Phase 3: Application Decomposition and Analysis (ADA)
Stage 4: Threat Analysis (TA)
Stage 5: Weakness and Vulnerability Analysis (WVA)
Stage 6: Attack Modeling & Simulation (AMS)
Stage 7: Risk Analysis & Management (RAM)
Identify and map potential attacks
Perform simplified analysis
Five key concepts in the decomposition process
trust boundary
data flow path
input point
Privileged operations
Security Statement and Method Details
Prioritization and response
DREAD is based on answers to five key questions for each threat
potential damage
Reproducibility
availability
Affected customers
discoverability
1.8 Applying risk-based management concepts to supply chains