IT 223 Lecture Notes - Lecture 3: Boilersuit, Federal Information Security Management Act Of 2002, Information Security

P9: security is most effective when it is viewed as an enabler. Driving forces are the issues that affect the policy and planning process. Requires companies to evaluate their financial control process and discloses any thing defects. Control needs to consider about cost and benefit. Classic risk analysis av, ef, sle, aro: asset value, exposure factor, single loss expectancy, annualized rate of occurrence, annualized loss expectancy fuzzy math example. 4 generic types of response to potential risk: P32: reducing possible that password got stolen, avoid browse uncertified website, backup server, access control, door and wall level. P33: (risk acceptance): accept the possibility of risk, because not worth to cover all the risk, P35: technical security architecture: to build to provide the services that organizational policy needs. (all technical countermeasure, and how they are arranged to do protection) P43: legacy: something out of date but still in use policy describes what are needed.