본문 바로가기
NIST Common IT Security Practices NIST SP 800-14 1. Policy: Program Policy, Issue-Specific Policy, System-Specific Policy 2. Program Management: Central Security Program, System-Level Program 3. Risk Management: Risk Assessment, Risk Mitigation, Uncertainty Analysis 4. Life Cycle Planning: Security Plan, Initiation Phase, Development Acquisition Phase, Implementation Phase, Operation/Maintenance Phase, Disposal Phase 5. Personne.. 더보기
NIST 8 System Security Principles 1. Computer Security Supports the Mission of the Organization 2. Computer Security is an Integral Element of Sound Management 3. Computer Security Should Be Cost-Effective 4. Systems Owners Have Security Responsibilities Outside Their Own Organizations 5. Computer Security Responsibilities and Accountability Should Be Made Explicit 6. Computer Security Requires a Comprehensive and Integrated App.. 더보기
IT Security Body of Knowledge NIST SP 800-16 1. LAWS AND REGULATIONS2. IT SECURITY PROGRAM3. SYSTEM ENVIRONMENT4. SYSTEM INTERCONNECTION5. INFORMATION SHARING6. SENSITIVITY7. RISK MANAGEMENT8. MANAGEMENT CONTROLS9. ACQUISITION/DEVELOPMENT/’INSTALLATION/IMPLEMENTATION CONTROLS10. OPERATIONAL CONTROLS11. AWARENESS, TRAINING, AND EDUCATION CONTROLS12. TECHNICAL CONTROLS 더보기

티스토리툴바