2013.10.25 08:42

NIST Common IT Security Practices

NIST SP 800-14


1. Policy: Program Policy, Issue-Specific Policy, System-Specific Policy


2. Program Management: Central Security Program, System-Level Program


3. Risk Management: Risk Assessment, Risk Mitigation, Uncertainty Analysis


4. Life Cycle Planning: Security Plan, Initiation Phase, Development Acquisition Phase, Implementation Phase, Operation/Maintenance Phase, Disposal Phase


5. Personnel/User Issues: Staffing, User Administration


6. Preparing for Contingencies and Disasters: Business Plan, Identify Resources, Develop Scenarios, Develop Strategies, Test and Revise Plan


7. Computer Security Incident Handling: Uses of a Capability, Characteristics


8. Awareness and Training


9. Security Considerations in Computer Support and Operations


10. Physical and Environmental Security


11. Identification and Authentication: Identification, Authentication, Passwords, Advanced Authentication


12. Logical Access Control: Access Criteria, Access Control Mechanisms


13. Audit Trails: Contents of Audit Trail Records, Audit Trail Security, Audit Trail Reviews, Keystroke Monitoring


14. Cryptography


글이 도움이 되셨다면 위의 추천 손가락 한방 꾹! 눌러주세요~



Trackback 0 Comment 0