8.6. Terms and Concepts security plan, 509 policy, 510 requirement, 512 constraint, 512 control, 512 requirement qualities: correctness, 513 consistency, 513 realism, 513 need, 513 verifiability, 513 traceability, 513
schedule, 516 plan review, 516 plan timetable, 516 security planning team, 517 management commitment to security plan, 518 business continuity plan, 518 incident response plan, 521 risk analysis, 524 risk impact, 524 problem, 524 avoided risk, 524 transferred risk, 524 assumed risk, 524 risk leverage, 525 assets: hardware, 527 software, 527 data, 527 human assets, 527 documentation, 527 supplies, 527 infrastructure, 527
hazard and operability (HAZOP) studies, 528 fault tree analysis (FTA), 528 failure modes and effects analysis (FMEA), 528 attributes contributing to vulnerabilities: singularity, 531 separability, 531 logic errors, 531 design sensitivity, 531 unrecoverability, 531 behavioral sensitivity, 531 malevolence, 531 rigidity, 531 malleability, 531 gullibility, 531 complacency, 531 corruptibility, 531 accessibility, 531 difficulty to control, 531 unpredictability, 531 predictability, 531
likelihood of exploitation, 531 Delphi method, 533 classical probability, 534 frequency probability, 534 subjective probability, 534 annual loss expectation (ALE), 544 cost/benefit analysis, 544 risk calculation, 544 organizational security policy: purpose, 547 users, 547 owners, 548 beneficiaries, 548
balancing interest, 548 policy contents, 848 policy characteristics: coverage, 550 durability, 550 realism, 550 usefulness, 550
physical security, 556 natural disaster, 556 flood, 556 fire, 557 power loss, 558 uninterruptible power supply, 558 surge suppressor, 558 drop, 558 spike, 558 surge, 558 intruder, 559 theft prevention, 559 theft detection, 561 disposal of sensitive information, 561 shredder, 562 degausser, 562 emanations, 562 Tempest, 562 backup, 563 complete backup, 564 revolving backup, 564 selective backup, 564 offsite backup, 564 cold disaster recovery site, 565 hot disaster recovery site, 565 networked storage device, 565 |