2013.10.25 08:42

NIST Common IT Security Practices

NIST SP 800-14

1. Policy: Program Policy, Issue-Specific Policy, System-Specific Policy

2. Program Management: Central Security Program, System-Level Program

3. Risk Management: Risk Assessment, Risk Mitigation, Uncertainty Analysis

4. Life Cycle Planning: Security Plan, Initiation Phase, Development Acquisition Phase, Implementation Phase, Operation/Maintenance Phase, Disposal Phase

5. Personnel/User Issues: Staffing, User Administration

6. Preparing for Contingencies and Disasters: Business Plan, Identify Resources, Develop Scenarios, Develop Strategies, Test and Revise Plan

7. Computer Security Incident Handling: Uses of a Capability, Characteristics

8. Awareness and Training

9. Security Considerations in Computer Support and Operations

10. Physical and Environmental Security

11. Identification and Authentication: Identification, Authentication, Passwords, Advanced Authentication

12. Logical Access Control: Access Criteria, Access Control Mechanisms

13. Audit Trails: Contents of Audit Trail Records, Audit Trail Security, Audit Trail Reviews, Keystroke Monitoring

14. Cryptography

글이 도움이 되셨다면 위의 추천 손가락 한방 꾹! 눌러주세요~

Trackback 0 Comment 0