security assessment case studies for implementing the nsa iam phần 8 docx

... click on the “Ask the Author” form. You willalso gain access to thousands of other FAQs at ITFAQnet.com. 286 _NSA_ IAM_ 08. qxd 12/15/03 5:03 PM Page 307 286 _NSA_ IAM_ 09.qxd 12/16/03 12: 58 PM Page ... have to map the ﬁnding to the OICM, or can you just map itto the SICM?A: As you have already learned, the impact deﬁnitions are the same for both the OICM and the SICM.Therefore, the ﬁndings ... yougroup them?A: We try to merge the ﬁndings to a common solution.This provides the cus-tomer with a simpler road map.www.syngress.com3 08 Chapter 8 • Managing the Findings 286 _NSA_ IAM_ 08. qxd...

security assessment case studies for implementing the nsa iam phần 1 docx

... Posture 282 The Yugo Implementation 283 The Ford Solution 284 The Cadillac Solution 284 Case Study: Medical Management 284 System Description 286 Information Criticality 286 Summary of Findings 287 Excerpt ... drive the assessment effort. Ultimately, the majority of information is the same in eitherwww.syngress.comLaying the Foundation for Your Assessment • Chapter 1 3Contracting and the NSA IAM NSA ... 184 Understanding the Purpose of the Technical Assessment Plan 184 The TAP: A Plan of Action 187 The TAP: A Controlled and Living Document 187 Linking the Plan to Contract Controls 188 Understanding the Format...

security assessment case studies for implementing the nsa iam phần 2 ppt

... team.www.syngress.com 38 Chapter 1 • Laying the Foundation for Your Assessment 286 _NSA_ IAM_ 01.qxd 12/15/03 3:15 PM Page 38 Introduction The Pre -Assessment site visit supports multiple aspects of the NSA INFOSECAssurance ... directly from the integration of the organization’s mission with the IAM process and security www.syngress.com46 Chapter 2 • The Pre -Assessment VisitFigure 2.1 The IAM Timeline: The Pre -Assessment ... knowledgeablein the industry in which the customer is primarily working .The teamwww.syngress.com 28 Chapter 1 • Laying the Foundation for Your Assessment 286 _NSA_ IAM_ 01.qxd 12/15/03 3:15 PM Page 28 SummaryTaking...

security assessment case studies for implementing the nsa iam phần 3 ppt

... types.www.syngress.com 88 Chapter 3 • Determining the Organization’s Information Criticality 286 _NSA_ IAM_ 03.qxd 12/11/03 3:25 PM Page 88 Planning for the Assessment Activities The amount of work ... have the appropriate pieces in place to create the OICM.This isone of the primary deliverables of the IAM assessment; it deﬁnes much of the keyinformation that lays the foundation for the remainder ... the time the IAM engagement gets into full swing, however, the main customer POCis often the biggest proponent of the process.Who Is the Assessment Team Leader? The main POC for the assessment...

security assessment case studies for implementing the nsa iam phần 4 pot

... the columns across the top of the matrix with the names of the impact attributeswe’ll be using for the assessment. The rows are labeled along the left edge with the information types that the customer ... information or systems should be protected and why. NSA hasdecided that for these reasons, it makes the most sense for the assessment team to act in the role of facilitator .The customer has the ... PM Page 107In the majority of assessments, the values for each block within the SCMswill be carried directly over from the OICM. Because of the top-down nature of the NSA IAM, the OICM already...

security assessment case studies for implementing the nsa iam phần 5 potx

... up the TAP, since it can be considered the core outcome of the pre -assessment site visit .The TAP is the primary deliverable created during the pre -assessment phase .The TAP combines all the information ... extra effort on the part of the assessment team to deﬁne the new boundaries and wasted valuableresources during the onsite phase. 286 _NSA_ IAM_ 05.qxd 12/11/03 3: 28 PM Page 160Now that we had the ... signiﬁcant damage to the organization.www.syngress.com The System Security Environment • Chapter 5 173 286 _NSA_ IAM_ 05.qxd 12/11/03 3: 28 PM Page 173Timeline of EventsHere, in the last NSA IAM required...

security assessment case studies for implementing the nsa iam phần 6 pdf

... ﬂow for the process .The customer should be presented with the assessment s ultimate objec-tives as deﬁned by the customer during the pre -assessment phase. Keeping theseobjectives in the forefront ... the customer and the assessment team.Continued Customer Education The education process for the customer doesn’t stop at the pre -assessment phaseor even the opening meeting .The assessment team ... 245 286 _NSA_ IAM_ 07.qxd 12/12/03 3:32 PM Page 245IntroductionThis chapter introduces the reader to the onsite assessment phase of the IAM andassociated activities. By the end of this chapter, the...

security assessment case studies for implementing the nsa iam phần 7 doc

... lowwww.syngress.comManaging the Findings • Chapter 8 283 286 _NSA_ IAM_ 08. qxd 12/15/03 5:03 PM Page 283 NOTE The assessment team utilized NSA s 18 Baseline INFOSEC Classes andCategories as the high-level guide for conducting ... everywww.syngress.com 282 Chapter 8 • Managing the Findings 286 _NSA_ IAM_ 08. qxd 12/15/03 5:03 PM Page 282 Best Practices ChecklistPreparing for the Onsite Phase Ensure continuous communication with the assessment ... feedback from the departments that the assessment wasgoing better than they expected and that they found value in the informationthat was being collected.They also said they felt that the assessment...

security assessment case studies for implementing the nsa iam phần 9 pot

... conduct the assessment. In our case, we describe the NSA IAM as the methodology usedto conduct the assessment and the basis for the assessment process. Since this is the main document, the assessment ... anal-ysis. Security Horizon utilized the National Security Agency (NSA) Information Security Assessment Methodology (IAM) to conduct the organizational portionof the assessment. Security Horizon ... organizational security assessments .The IAM assessment provides orga-nizations with a comprehensive overview of their security posture for purposesof implementing security countermeasures and improving their...

security assessment case studies for implementing the nsa iam phần 10 pot

... meeting,321–322sources for assessment work, 7timeline form, 414–415See also National Security Agency (NSA) Information Security (INFOSEC) Assessment Methodology (IAM) assessment planattached ... informationcriticality; system informationcriticalityinformation exchange, 231–232information request, 69–70Information Security (INFOSEC) assessment, 6, 23documentation, 234 NSA IAM for, ... 245–246high-level security goals, 123–130 IAM impact on organization security, 58 labeling, 244media controls, 243–244personnel security, 245physical security, 244–245of technical assessment plan, 187 – 188 security...

Xem thêm