INFORMATION SYSTEMS SECURITY SECTION 3 Information Security Standards
- Slides: 12
INFORMATION SYSTEMS SECURITY SECTION 3 : Information Security Standards, Education, Certifications, and Laws
Acknowledgement Kim, David and Solomon, Michael G. , (2018). , Fundamental of Information Systems Security. , 3 Ed. , Jones and Bartlett Learning LLC. , MA. , USA ISBN: 978 -1 -28 -411645 -8 Chapter 12, 13 and 14
Learning Objectives Student will understand to secure IS Security elements and how to perform the security audit
Module 8 : IS Security Standard and compliance
Information Security Standards Organizations Ø Ø Ø Ø Ø NIST (National Institute of Standard and Technology) ISO (International Organization of Standardization) IEC (International Electrotechnical Commission) W 3 C (World Wide Web Consortium) IETF (Internet Engineering Task Force) IEEE (Institute of Electrical and Electronics Engineer) ITU (International Telecommunication Union) ITU-T (ITU Telecommunication Sector) ANSI (American National Standards Institute) ETSI (European Telecommunications Standards Institute)
Information Security Standards ISO 17799 (Withdrawn) Ø ISO 17799 Ø ISO 27002
Information Security Standards ISO 17799 (Withdrawn) Ø ISO 17799 ; Code of Practice Ø ISO 17799 -2 ; Specification for an Information Security Management System Ø Or BS 7799 (by British Standards) Ø 10 major sections of ISO 17799 : ü ü ü ü ü Security Policy Security Organization Asset Classification and Control Personnel Security Physical and Environmental Security Communications and Operations Management Access Control System Development and Maintenance Business Continuity Management Compliance
Information Security Standards ISO 17799 (Withdrawn) Ø ISO 27002 Ø Appeared on 2005 as update ISO 17799 Ø ISO 17799 : 2005 change to ISO 27002 : 2005 Ø ISO 27002 : 2005 ; “IT Security Techniques Code of Practice for Information Security Management” Ø CIA Triad : ü Confidentiality ü Integrity ü Availability
Information Security Standards ISO 17799 (Withdrawn) Ø ISO 27002 Ø 12 major sections of ISO 27002 : ü Risk Assessment ü Security Policy ü Organization of Information Security ü Asset Management ü Human Resources Security ü Physical and Environmental Security ü Communications and Operations Management ü Access Control ü Information System Acquisition Development Maintenance ü Information Security Incident Management ü Business Continuity Management ü Compliance and
Information Security Standards Payment Card Industry Data Security Standard - PCI DSS version 1 on 2004 - PCI DSS version 3. 2 on 2016
End of Module 8 11
References Williams, Barry L. Information Security Policy Development for Compliance. Boca Raton, FL: CRC Press, 2013. Williams, Branden R. and Anton Chuvakin. PCI Compliance. Burlington, MA: Syngress Press, 2014
Provate security
An information systems examines a firm's overall security
Visa international security model diagram
Cnss security model คือ
Hard standards and soft standards examples
Web service security standards
Web services security standards
Revised 508 standards
Health standards section
Section 2 standards of measurement answer key
Decision support systems and intelligent systems
Dicapine
Embedded systems vs cyber physical systems
