728x90
5 BASIC STEPS FOR SECURITY ENGINEERING & RISK ANALYSIS
Good security engineering requires a “Risk Analysis State of Mind”
What exactly do we mean by “Risk Analysis State of Mind” ? We mean following the basic (and overly simplified) list below.
Security engineering & risk analysis in 5 simplified steps:
- Defining a policy: What we want to achieve.
- Defining procedures: How we are going to reach our goal and what are our guidelines.
- We have a solution / mechanisms in place: The ciphers, access controls, authentication methods, tamper-resistance controls and other security controls that you bring together in order to implement the needed secure solution.
- Enforcement: The effort we put into verifying that our policy is upheld and that our security controls are in place and effective, achieving our goal -> security.
- Reevaluation: We like to call it the “Feedback Loop”. An organization needs to check itself frequently, in order to verify that the buildings blocks above are relevant and still intact, given that cyberspace, technology and the threats the organization faces are ever evolving and changing.
Additional Resources relating to security engineering & risk analysis:
PwC’s Practical Guide for Risk Assessment
Generate Internal Risk Analysis Reports
- 5 steps for risk analysis
- 5 steps for security engineering
- 5 steps to security engineering & risk analysis
- access-controls
- authentication-methodology
- authentication-methods
- ciphers
- david-fletcher-BYOD-cartoon
- david-fletcher-cartoon
- david-fletcher-NZ
- define-a-policy
- define-a-procedure
- define-security-goals
- define-security-guidelines
- feedback-loop
- policy-enforcement
- reevaluation
- risk analysis
- Security engineering
- tamper-resistance-cybersecurity
728x90
'security_downloads' 카테고리의 다른 글
OSX 커맨드 라인 유저가 알아야할 터미널 유틸리티 정리 (0) | 2014.05.16 |
---|---|
Arcus is the NAVER memcached cloud with list, set and b+tree collections. (0) | 2014.05.16 |
Cryptography (암호화 기술)"의 현상에 대해 생각 (후편) : 하드웨어 암호화 기술 · 블랙 스완의 출현 · 사용자가해야 할 일 (0) | 2014.05.15 |
정보 처리 시스템 고신뢰 화 교훈 집 (IT 서비스 편) (0) | 2014.05.15 |
중요 인프라 장애 정보의 분석에 근거하는 「정보 처리 시스템 고신뢰 화 교훈 집 (제품 · 제어 시스템 편) (0) | 2014.05.15 |