Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

PV > ISMS > Flashcards

ISMS Flashcards

1
Q

ISMS

A

An ISMS is Part of the overall management system, based on a business risk approach used to:

  • establish
  • implement
  • monitor
  • review
  • maintain and
  • improve

information security

It consist of instruments and methods for management and steering committees to conduct activities for information security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Why do we need an ISMS

A

Lack of —

responsibility 
management support 
strategic guidance 
enforcement of security measures
revision concepts
  • Insufficient or misdirected investments
  • Violation of regulations or contracts
  • Process failures
  • Inefficient use of resources
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How is an ISM Constructed

A

embedded into the overall management system, structures and processes-> no one size fit all approach

Ensure compatibility with certfications of standards

  • ISO/IEC 27000
  • BSI 200-1, 200-2

Constructing an ISMS is iteratively done in four phases (PDCA)

  • Plan
  • Do
  • Check
  • Act
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

PDCA Cycle

A

Dynamic and iterative Process

PLAN:

  • Define functional requirements and operative env.
  • asses and evaluate risks and threats in that environment
  • formulate security req.

DO:
- Measures, services and protocols to realize security requirements

CHECK:
- validate implemented security systems against initially formulated req.

ACT:

  • based on check-results, improvements can be defined
  • potential trigger for new plans with new threats and risks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

BSI Standards

A
  • BSI standards are a part of IT-Grundschutz Methodology
  • provide advice on methods, processes and measures concerning different aspects of information security
  • Consists of BSI-200-1. 200-2, 200-3, 200-4
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

BSI 200-1

A
  • Adresses information security managers, experts and advisors for efficient information security management
  • describes how and ISMS can be established
  • Overview of the most important tasks of security management (security concepts, security goals)
  • compatibility to ISO 27001
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

BSI 200-2

A

Describes the IT-Grundschutz methodology:

-step by step guide for developing an ISMS in practice

Offers an information security process that covers three organizational levels

  • strategic
  • tactical
  • operational
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

BSI Information Security Process

A

Strategic Level: Initiating the security process, establish organization, provide resources (responsibility)

tactical level: creating a security concept
I
v
context analysis (business goals and processes, environment) I
v
Determine protection requirement
I
v
low (IT Grundschutz analysis) high
I threat analysis
I risk analysis
I measures
I I
I I
v v
implementation plan

Operational: maintaining operations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

PV (12 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions