NIST SP 800-14
1. Policy: Program Policy, Issue-Specific Policy, System-Specific Policy
2. Program Management: Central Security Program, System-Level Program
3. Risk Management: Risk Assessment, Risk Mitigation, Uncertainty Analysis
4. Life Cycle Planning: Security Plan, Initiation Phase, Development Acquisition Phase, Implementation Phase, Operation/Maintenance Phase, Disposal Phase
5. Personnel/User Issues: Staffing, User Administration
6. Preparing for Contingencies and Disasters: Business Plan, Identify Resources, Develop Scenarios, Develop Strategies, Test and Revise Plan
7. Computer Security Incident Handling: Uses of a Capability, Characteristics
8. Awareness and Training
9. Security Considerations in Computer Support and Operations
10. Physical and Environmental Security
11. Identification and Authentication: Identification, Authentication, Passwords, Advanced Authentication
12. Logical Access Control: Access Criteria, Access Control Mechanisms
13. Audit Trails: Contents of Audit Trail Records, Audit Trail Security, Audit Trail Reviews, Keystroke Monitoring
14. Cryptography
'Work Log > As Cybersecurity Consultant' 카테고리의 다른 글
| 업종별 업무 프로세스 표준 모델 (0) | 2013.12.04 |
|---|---|
| 6 loss categories (0) | 2013.11.26 |
| NIST 8 System Security Principles (0) | 2013.10.25 |
| IT Security Body of Knowledge (0) | 2013.10.25 |
| OECD's Guidelines for the Security of Information Systems (0) | 2013.10.25 |