What are the Personnel Security issues that should be reflected in the Security and Privacy Plan?
In the area of personnel security, the Security and Privacy Program should promote user authentication, security awareness, and training
In the area of personnel security, the Security and Privacy Program should promote user authentication, security awareness, and training
In the area of information security, the Security and Privacy Program should promote security and privacy-conscious designs, information content assurance, source authentication, and data access control.
In the area of operational security, the Security and Privacy Program should promote the development of SOPs for EA component security, risk assessment, testing and evaluation, remediation, certification, operation, and disposal. SOPs should also be developed for extreme events such as recovery from major outages or natural disasters, and enabling the continuity of operations if…
Read more
One fundamental aspect of security and privacy is the realization that there isn’t a 100% foolproof solution for any enterprise. The reason for this is that the security and privacy program and risk management strategy are created by members of that enterprise or by contracted service providers, The employees and contractors who are in security…
Read more
The Security and Privacy Program is intended to provide expertise, processes, and solutions for the protection of IT resources active in the business and technology operating environment. The Security and Privacy Program supports the EA by providing requirements for standards and procedures that are used in the planning and implementation of EA components and artifacts.…
Read more
**Disaster Recovery**: The assessment and recovery procedures for responding to a man-made or natural event that significantly disrupts or eliminates business and technology operations, yet does not threaten the existence of the enterprise. This includes sabotage, theft or corruption of resources, successful large scale hacker/virus attacks, building damage, fire, flood, and electrical outages. Two time-related…
Read more
Security and privacy controls should function to reduce or eliminate external and internal threats – doing so through a combination of perimeter defense and internal configuration control. Controls should also support rapid bounce-back capabilities (called resilience) when incidents occur – from minor to major in scope. When done correctly, controls can serve to detect and…
Read more
An integrated set security and privacy controls for the enterprise is created by including these considerations security in the planning, design, implementation, and operation of all EA components and artifacts. For information-centric enterprises, including IT security and data privacy as required design elements of EA components, and having leadership support at the strategic and line…
Read more
An integrated set of security and privacy controls for the enterprise is created by including these considerations security in the planning, design, implementation, and operation of all EA components and artifacts. For information-centric enterprises, including IT security and data privacy as required design elements of EA components, and having leadership support at the strategic and…
Read more
In the area of physical security, determine and describe the facilities and other direct access protection that will be required to achieve an acceptable level of risk to prevent unauthorized access to these EA components. In the area of information security, determine how the information created/used by the EA component will be protected and authenticated.…
Read more