1.1. Physical Security
1.1.1. Access Control
1.1.1.1. Physical
Barriers
1.1.1.2. Biometrics
1.1.2. Social Engineering
1.1.3. Environment
1.1.3.1. Wireless Cells
1.1.3.2. Location
1.1.3.3. Shielding
1.1.3.4. Fire
Suppression
1.2. Disaster Recovery
1.2.1. Backups
1.2.1.1. Off Site Storage
1.2.2. Secure Recovery
1.2.2.1. Alternate Sites
1.2.3. Disaster Recovery
Plan
1.3. Business Continuity
1.3.1. Utilities
1.3.2. High Availability / Fault Tolerance
1.3.3. Backups
1.4. Policy and Procedures
1.4.1. Security Policy
1.4.1.1. Acceptable Use
1.4.1.2. Due Care
1.4.1.3. Privacy
1.4.1.4. Separation of duties
1.4.1.5. Need to Know
1.4.1.6. Password Management
1.4.1.7. SLA
1.4.1.8. Disposal / Destruction
5.4.1.9 HR Policy
5.4.1.9.1 Termination -
Adding / revoking passwords, privileges, etc.
5.4.1.9.2 Hiring - Adding / revoking passwords, privileges, etc.
5.4.1.9.3 Code of Ethics
1.4.2. Incident Response
Policy
1.5. Privilege Management
1.5.1. User/Group/Role
Management
1.5.2. Single Sign-on
1.5.3. Centralized vs. Decentralized
1.5.4. Auditing (Privilege, Usage, Escalation)
1.5.5. MAC/DAC/RBAC
1.6. Forensics (Awareness,
conceptual knowledge and understanding - know what your role is)
1.6.1. Chain of Custody
1.6.2. Preservation of Evidence
1.6.3. Collection of Evidence
1.7. Risk Identification
1.7.1. Asset Identification
1.7.2. Risk Assessment
1.7.3. Threat Identification
1.7.4. Vulnerabilities
1.8. Education - Training of
end users, executives and HR
1.8.1. Communication
1.8.2. User Awareness
1.8.3. Education
1.8.4. Online Resources
1.9. Documentation
1.9.1. Standards and
Guidelines
1.9.2. Systems Architecture
1.9.3. Change Documentation
1.9.4. Logs and Inventories
1.9.5. Classification
1.9.5.1. Notification
1.9.6. Retention/Storage
1.9.7. Destruction
|