security assessment case studies for implementing the nsa iam phần 4 pot

... the SCMs have been created, we can move on to the next step in the NSA IAM process. www.syngress.com 146 Chapter 4 • System Information Criticality 286 _NSA_ IAM_ 04. qxd 12/11/03 3:27 PM Page 146 tion. ... the columns across the top of the matrix with the names of the impact attributes we’ll be using for the assessment. The rows are labeled along the left ed...

Ngày tải lên: 13/08/2014, 15:21

... up the TAP, since it can be considered the core outcome of the pre -assessment site visit .The TAP is the primary deliverable created during the pre -assessment phase .The TAP combines all the information ... why the customer really wants the assessment done and whether there are any specific areas that the customer wants covered. Why Are You There in the First Place?...

Ngày tải lên: 13/08/2014, 15:21

... conduct the assessment. In our case, we describe the NSA IAM as the methodology used to conduct the assessment and the basis for the assessment process. Since this is the main document, the assessment ... anal- ysis. Security Horizon utilized the National Security Agency (NSA) Information Security Assessment Methodology (IAM) to conduct the organizati...

Ngày tải lên: 13/08/2014, 15:21

... organization security, 58 labeling, 244 media controls, 243 – 244 personnel security, 245 physical security, 244 – 245 of technical assessment plan, 187–188 security concept of operations (SECONOPS), 156 security ... of, 246 – 249 interviewer attributes, 249 –253 list, form for, 41 3 section of TAP, 197–198 in TAP case study, 210–211 interviewees, 247 – 248 interviewer, 249...

Ngày tải lên: 13/08/2014, 15:21

... drive the assessment effort. Ultimately, the majority of information is the same in either www.syngress.com Laying the Foundation for Your Assessment • Chapter 1 3 Contracting and the NSA IAM NSA ... Documents 41 0 Document-Tracking Templates 41 1 Elements of the Technical Assessment Plan 41 2 The Interview List 41 3 The Assessment Timeline 41 4 Index 41...

Ngày tải lên: 13/08/2014, 15:21

... directly from the integration of the organization’s mission with the IAM process and security www.syngress.com 46 Chapter 2 • The Pre -Assessment Visit Figure 2.1 The IAM Timeline: The Pre -Assessment ... phases of the IAM assessment. This allows the assessment plan to be used as the scoping input for the onsite assessment contract. Understanding Scoping...

Ngày tải lên: 13/08/2014, 15:21

... have the appropriate pieces in place to create the OICM.This is one of the primary deliverables of the IAM assessment; it defines much of the key information that lays the foundation for the remainder ... the time the IAM engagement gets into full swing, however, the main customer POC is often the biggest proponent of the process. Who Is the Assessment Team L...

Ngày tải lên: 13/08/2014, 15:21

... flow for the process .The customer should be presented with the assessment s ultimate objec- tives as defined by the customer during the pre -assessment phase. Keeping these objectives in the forefront ... have the opportunity to return to home base and prepare for the onsite portion of the assessment. The focus of the pre -assessment site visit and the focus of...

Ngày tải lên: 13/08/2014, 15:21

... questions that will help the assessment team gain the needed information and identify the organization’s vulnerabilities .The first resource for questions comes from the security expertise of the assessment ... feedback from the departments that the assessment was going better than they expected and that they found value in the information that was being collected.Th...

Ngày tải lên: 13/08/2014, 15:21

... have to map the finding to the OICM, or can you just map it to the SICM? A: As you have already learned, the impact definitions are the same for both the OICM and the SICM.Therefore, the findings ... client.They are now all on the same page when it comes to their critical systems and critical information.They are all aware of the issues or vulnerabilities they have within t...

Ngày tải lên: 13/08/2014, 15:21