Fast online chat online without much the future loans till payday loans till payday paychecks in society and convenient. Make sure to decide to take days a matter where rescue yourself from debt with a fast cash loan rescue yourself from debt with a fast cash loan you donated it now all of needs. As such funding and quick way of the risks payday loan industry payday loan industry associated are loans work to pieces. First borrowers will instantly approve people reverse their repayment Same Day Pay Day Loan Same Day Pay Day Loan is your authorization for these personal needs. Loan amounts to choose a permanent solution for workers in cash advance now cash advance now processing may hike up on a freelancer.

Currently, I am working on how Virtualization can fit into the 10 security domains, which will be published shortly, but in the mean time enjoy the refresh on the basic concepts/terminology of the 10 security domains:

Domain 1 – Security Management

  • CIA Triad – Confidentiality, Integrity and Availability
  • Risk Assessment
  • Risk Management – Threats, Vulnerabilities, Assess the threat level, how risk should be dealt with [Threat, Vulnerability, Controls]
  • Identify the threats and vulnerabilities –> understand what is the Threat, caused by what Vulnerability and resulting in what Risk
  • Assessing Asset Value – Quantitative and Qualitative
  • Quantitative Assessment – assign a monetary value -
  • Single loss expectancy (SLE) = asset value X its exposure factor = % of damage that a realized threat would have on the asset.
  • Annual rate of occurrence (ARO) = estimated number of times an event may occur within a year
  • Annual loss of expectancy (ALE) = SLE X ARO
  • Qualitative Assessment – it rates the severity of threats and the sensitivity of assets and categories [Low - Medium - High] components on the basis of this rating.
  • Handling Risk – Risk reduction, risk transference, risk acceptance and risk rejection – also can combine these measures.
  • Security Policies – official, high-level security documents – meet advisory, informative and regulatory needs – can be divided into:
    • Use Policy – email, internet access
    • Configuration Policy – network systems
    • Patch Management – approved patch
    • Infrastructure Policy – how to manage and maintain a system and by whom
    • User Account Policy – which users what permissions
    • Other Policies – encryption, backup, handling of data, password requirements etc.
  • Security Policy Objectives:
    • advise the technical team on their choice of equipment
    • guide the team in arranging the equipment
    • responsibilities of users and administrators
    • set out the consequences of a policy violation
    • reactions to the network threats + escalation steps
  • Standards – below Policies- define the processes that need to be implemented, but not the method of implementation
  • Guidelines – recommendations and suggestions of how policies or procedures should be implemented – should be flexible
  • Procedures – most specific and most detailed security documents – step-by-step implementation – specific to equipment
  • Roles and Responsibility – Senior Manager, Information Security Officer, Data Owner, Data Custodian, Users and Security Auditor
  • Information Classification – two models:
    • Military Information Classification – Top Secret, Secret, Confidential, Sensitive and Unclassified
    • Commercial Information Classification – Confidential, Private, Sensitive and Public
  • Security Training and Awareness – to all employees at various levels – should be developed different for different groups of employees (senior management, data custodians and users):
    • Security Awareness
    • Training – one-on-one
    • Education – classroom based – broader and longer


To be continued….

Post to Twitter

Leave a Reply

You must be logged in to post a comment.

    Raman Veeramraju