Information asset security frameworks, standards and guidelines Flashcards
Protection of information assets includes the key components that ensure
confidentiality, integrity and availability of information assets.
Information asset security standards - what are they? Give an example.
Many industries have standards that may be used as a benchmark for security across the industry sector.
Example is Payment Card Industry Data Security Standard(PCI DSS) - a standard for all organisations that process payment cards. This is an industry standard, but compliance is not required by law.
Some industry standards require compliance by Law.
How are the requirements of Information Asset Security Standards met?
A framework is often used to describe how an organisation can achieve compliance.
What is a control framework?
It is a set of fundamental controls that helps support and protect an enterprise by preventing/minimising financial or information loss and adding/preserving value.
The right controls need to be selected in the right way. The technical control control should have proper procedures in place, personnel who operate the control should have had training, ownership of the control should be assigned and the control should be monitored and tested.
