Section 8.6. Terms and Concepts


8.6. Terms and Concepts

security plan, 509

policy, 510

requirement, 512

constraint, 512

control, 512

requirement qualities:

correctness, 513

consistency, 513

realism, 513

need, 513

verifiability, 513

traceability, 513

schedule, 516

plan review, 516

plan timetable, 516

security planning team, 517

management commitment to security plan, 518

business continuity plan, 518

incident response plan, 521

risk analysis, 524

risk impact, 524

problem, 524

avoided risk, 524

transferred risk, 524

assumed risk, 524

risk leverage, 525

assets:

hardware, 527

software, 527

data, 527

human assets, 527

documentation, 527

supplies, 527

infrastructure, 527

hazard and operability (HAZOP) studies, 528

fault tree analysis (FTA), 528

failure modes and effects analysis (FMEA), 528

attributes contributing to vulnerabilities:

singularity, 531

separability, 531

logic errors, 531

design sensitivity, 531

unrecoverability, 531

behavioral sensitivity, 531

malevolence, 531

rigidity, 531

malleability, 531

gullibility, 531

complacency, 531

corruptibility, 531

accessibility, 531

difficulty to control, 531

unpredictability, 531

predictability, 531

likelihood of exploitation, 531

Delphi method, 533

classical probability, 534

frequency probability, 534

subjective probability, 534

annual loss expectation (ALE), 544

cost/benefit analysis, 544

risk calculation, 544

organizational security policy:

purpose, 547

users, 547

owners, 548

beneficiaries, 548

balancing interest, 548

policy contents, 848

policy characteristics:

coverage, 550

durability, 550

realism, 550

usefulness, 550

physical security, 556

natural disaster, 556

flood, 556

fire, 557

power loss, 558

uninterruptible power supply, 558

surge suppressor, 558

drop, 558

spike, 558

surge, 558

intruder, 559

theft prevention, 559

theft detection, 561

disposal of sensitive information, 561

shredder, 562

degausser, 562

emanations, 562

Tempest, 562

backup, 563

complete backup, 564

revolving backup, 564

selective backup, 564

offsite backup, 564

cold disaster recovery site, 565

hot disaster recovery site, 565

networked storage device, 565




Security in Computing
Security in Computing, 4th Edition
ISBN: 0132390779
EAN: 2147483647
Year: 2006
Pages: 171

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net