Index
A
Acceptable risk
Acceptable usages policy
Acceptance testing
Access control
business requirements
network services
secret authentication information
user responsibilities
Access control policy
Accuracy
Antivirus policy
Application service transactions
Asset management
classification of information
disposal of media
handling assets
inventory
acceptance use of information
ownership
return
labeling
media handling
physical media transfer
removable media
Asset management policy
Asset register
human resources
IT helpdesk department
IT infrastructure department
software development department
Audit Closure
Audit preparation
best practices
compliance audit
surveillance audit
business context
close gaps
documentation
leadership commitment
planning
preparing
schedule
tabletop audit/document review audit
Audit report
auditor recommendation
evidence
executive summary
findings summary
front page
score descriptions
SWOT analysis
Audit requirements
Authenticity
Availability
B
Backup policy
Banking organization
British Standards Institution (BSI)
Business continuity and disaster recovery policy
Business needs
external issues
industry angles
interested parties and internal/external issues
internal issues
ISMS
C
Change control board (CCB)
Change management policy
Chief information security officer (CISO)
Clear desk and clear screen policy
Clock synchronization
Communication security
information transfer
agreements
confidentiality
electronic messaging
non-disclosure agreements
policies and procedures
network security management
control measures
segregation
service agreements
Compliance audit
Confidentiality
Continual improvement
areas
customers/clients
employee observation
management review meetings
monthly reports
periodic internal audits
regulatory/Governmental law
technology/tool
audits/reviews
plan execution
improvement tracker
measurement
test-pilot the improvement first
Contractual requirements
Corrective actions
Cryptography
control
key management
uses
Current compliance/gap levels
Cybersecurity
D
Data retention and disposal policy
Denial of service (DoS)
Department of Trade and Industry (DTI)
Development lifecycle, information security
control procedures
development policy
engineering principles
operating platforms
outsourced development
secure development environments
system acceptance testing
system security testing
E, F, G
Electronic messaging
Email usage policy
Encryption policy
Event logs
External audits
best practices
preparation
SeeAudit preparation
H
Healthcare organization
High-level timeframe
Human resources security
awareness, education and training
disciplinary process
management responsibilities
prior to employment
background verification form
screening
terms and conditions
termination/change of employment
exit clearance form
HR department
responsibilities and duties
I, J
Identifying assets
classification
disposal
labeling
benefits
item IDs
tagging
register
value
Incident management
information security
assessment
collection of evidence
learning incidents
reporting events
reporting weakness
response incident
responsibilities and procedures
policy
Information and communications technology
Information classification policy
Information privacy
Information processing facilities
Information security
awareness
content
quiz
characteristics
data
management direction
mobile device policy
organization
contacts, special interest groups
contact, authorities
project management
roles and responsibilities
segregation of duties
policies and procedure
examples
review/approval
SMEs
reviews
teleworking
Information security incident reporting team (ISIRT)
Information security management forum (ISMF)
Information Security Management (ISM)
Information Security Management System (ISMS)
Information Security Management System, ISO 27001
availability
CIA triad
confidentiality
framework
integrity
systematic approach
Information security policy
Information security-related requirements
analysis and specification
application service transactions
public network services
Initial risk assessment
access control
analysis report
asset management
business continuity
chart of control groups
communication security
compliance
cryptographic control
human resource security
information security policies
manage security incidents
operation security
organization of information security
physical and environmental security
requirements
SeeSecurity requirements
supplier relationships
team meeting
Integrity
Intellectual Property Rights
Internal audit
auditor types
closings the findings and gaps
communicating
conduct
eliminating gaps
foundation
open meeting
checklist, HR department
documents
mandatory records
parameter
plan
planning improvement
pre-audit meeting/briefing
reports
International standard organization (ISO)
IT/hardware/software organization
K
Knowledge transfer (KT)
L
Legal compliance policy
Logging and monitoring
clock synchronization
event logs
facilities/information
system administrator/operator
M
Malware protection
Management review meeting
communication
conducting
benefits
important points
information security team
snapshot
discussion/presentation
expectation
improvements
schedule
N
Network security and information transfer policy
Network Security Management
NHS cyberattack
banking
Cosmos Bank
directive, ISO 27799
healthcare, SSN
information technology
manufacturing industry
safeguarding
Stuxnet worm
switch architecture
trade secrets
Non-compliance (NC)
Non-disclosure agreements (NDA)
O
One-time password (OTP)
Operations security
capacity management
change management
procedures
separation of development, testing
Organizational data
Outsourced development
P, Q
Password creation policy
Password management systems
Payment Card Industry Data Security Standard (PCI DSS)
Personal information
Physical and environmental security
delivery and loading areas
entry controls
equipments
cabling security
clear desk and clear screen policy
disposal or reuse
maintenance
removal of assets
siting and protection
supporting utilities
unattended
offices, rooms, and facilities
perimeters
protecting against external and environmental threats
working in secure areas
Preventive actions
Principles for engineering secure systems
Privacy and protection of personally identifiable information management policy
Project
commitment
high-level plan
Project Taskforce
administration department
CISO
human resources
ISM
system Admin/IT Manager
Protection, records
R
Remote access policy
Risk assessment
benefits
components
framework
scenarios
security controls
threats
tracker’s columns
vulnerability
Risk monitoring
Risk owner identification
Risk prioritization
Risk rankings
Risk treatment
acceptance
avoidance
mitigation
transfer
S
Safeguarding information
eBay
Heartland payment systems
Marriott International
Uber
Yahoo
Scope document
Scope, implementation
CISO
identification steps
team
Security continuity
implementation
information processing facilities
planning information
redundancies
verification
Security requirements
access level
encryption
secure development policy
service delivery team
session management
test data
Security risk
identification
impact ratings
Senior management support
Surveillance audit
Skimming
Social security numbers (SSN)
Software installation
operational systems
rules
Standard operating procedures (SOP)
Statement of Applicability (SOA)
section A.5 (policy documents)
section A.6 (information security roles and responsibilities)
section A.7 (Human resource security)
section A.8 (Asset management)
section A.9 (access control)
section A.10 (cryptography)
section A.11 (physical and environmental security)
section A.12 (operation security)
section A.13 (communication security)
section A.14 (System Acquisition Development and Maintenance)
section A.15 (Supplies relationships)
section A.16 (information security incident management)
section A.17 (business continuity management)
section A.17 (compliance)
Strength, Weakness, Opportunity, and Threats (SWOT)
Subject matter experts (SMEs)
Supplier relationship management policy
Supplier relationships
addressing security
information and communications technology
information security policy
monitoring and review
service changes
System and application access control
password
program source code
restriction
secure log-on procedures
utility program
System security testing
T
Tabletop audit
Technical vulnerabilities management policy
Test data
Threat
U
User access management
privileged access rights
provisioning process
removal/adjustment
review
secret authentication information
user registration/de-registration process
V, W, X, Y, Z
Virtual private network (VPN)
Vulnerabilities
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.