Fundamentals of Information Systems Security Ch 6 - Security Operations and Administration

¡Supera tus tareas y exámenes ahora con Quizwiz!

Memorandum of understanding (MOU)

AKA letter of intent, an agreement between two or more parties that expresses areas of common interest that result in shared actions. Less enforceable than a formal agreement but more formal than an oral agreement.

Three primary means to ensure compliance

Event logs Compliance liaison Remediation

Service-level agreement (SLA)

Formal contract between organization and the outside firm that details the specific services the firm will provide. Communicates the expectations on both the organization and outside firm and anticipates the needs of both parties.

Responsibilities of security administration

Handling events that affect computers and networks, including incidents, disasters, and other interruptions.

Advantages of outsourcing security

High level of expertise that your organization might not have because they only deal with security.

Four aspects of access control.

Identification Authentication Authorization Accountability

Regulatory compliance

Laws and government regulations

Organizational compliance

Organization policies, audits, and standards

Disadvantages of outsourcing security

Outsourcing firm might not know your organization well and your organization cannot develop in-house expertise or talent and will continue to pay for services.

Main concerns for outsourcing security

Privacy Risk Data security Ownership Adherence to policy

Offboarding

Process to follow when terminating a relationship with outsourced resources. Defines how to transfer control of data and other assets, terminate communications, and complete open transactions.

Most common documentation requirements:

Sensitive assets list Organization's security process Authority of people responsible for security Policies, procedures, and guidelines adopted by organization

Blanket purchase agreement (BPA)

Streamlined method of meeting recurring needs for supplies or services, creates preapproved accounts with qualified suppliers to fulfill recurring orders for products or services. Helpful in simplifying the process of recurring purchases.

Emergency operations group

Team managed by the security administration team. Responsible for protecting sensitive data in the event of natural disasters and equipment failure, among other potential emergencies.

Security administration

The group of individuals responsible for planning designing, implementing, and monitoring an organization's security plan.

Onboarding

The negotiation process and creation of agreements. Provides time before a problem occurs, as well as the opportunity to clearly communicate goals and expectations for all parties.

Interconnection security agreement (ISA)

Usually an extension of MOU, serves as an agreement that documents the technical requirements of interconnected assets. Most often used to specify technical needs and security responsibilities of connected organizations.


Conjuntos de estudio relacionados

MICRONESIA, MELANESIA, AND POLYNESIA

View Set

Lewis pearson questions for burns, emergency preparedness, ect

View Set

Math in Focus Course 1 A and B Vocabulary

View Set

ACCT 315 (Ch. 1, 2, 3, 4, 5, and 7) TEST 1

View Set

Reading in Excel/Raw Data Files, Session 4

View Set

Econ Chapter 4 Test Review Demand

View Set

Marketing Management: Chapter 10

View Set

Chapter 22 - Physiologic Adaptations of the Newborn

View Set