Escolar Documentos
Profissional Documentos
Cultura Documentos
Source http://isc.sans.org/survivaltime.html
DR M Y Siyal Computer/Information Security P2-2
SECURITY PLANNING
SECURITY PLANNING PRINCIPLES
RISK ANALYSIS
The process of balancing threat and protection costs for
individual assets.
Annual cost of protection should not exceed the expected
annual damage.
If probable annual damage is $10,000 and the annual cost
of protection is $200,000, protection should not be
undertaken.
Goal is not to eliminate risk but to reduce it in an economically
rational level.
Implementation guidance
goes beyond pure “what” by
constraining to some extent
the “how”.
Constrains implementers so
they will make reasonable
choices.
Guidelines SHOULD be
followed, but are optional.
However, guidelines must be
considered carefully.
Good implementation +
Good oversight =
Good protection
CEO
Logical Design
SDLC Waterfall Methodology
Physical Design
Implementation
REPEAT
Maintenance
and change