Professional Documents
Culture Documents
Overall Comments: Overall Comments: Good job for the first attempt. All were in on
time, and I believe you have done a pretty fair job of touching on major points. I did add
a couple of items at the tail end.
Administrative note: I have set the table properties to NOT allow rows to break over a
page. This makes the document more readable, but does cost you paper if printing. Feel
free to change if you like.
CIA Triad
CIA Triad
Confidentiality, availability
and integrity are key points
in security controls.
Defense in Depth
Executive
Support
Top-management should
lead by example. Using
action to create a security
conscious environment.
Outsourcing
Outsourcing
Personnel Security is
focused on reducing the risk
of danger or threat posed
by people within an
organization.
Personnel/Staffin
g
Qualitative Risk
Assessment
Qualitative Risk
Management
Quantitative Risk
Assessment
A quantitative risk
assessment is an objective
method of measuring the
risk that a faces an asset.
The method measures the
current risk an owner is
exposed to by prorating the
complete current value of
his asset to the percentage
chance that the particular
asset faces loss.
Residual Risk
Risk
Management
There is no person or
organization that can fully
eliminate risk, but can only
manage it.
Risk Treatments /
Responses
Role of the
Security Function
Security Controls
Different mechanisms to
ensure your tangible and
intangible assets are being
protected or corrected.
Single Point of
Failure
<Added>
Terms:
Policies,
guidelines, etc.