O-K-State MSIS 4253 - MSIS 4253, (SP18), Exam 1 Focus list (1) (4 pages)
Previewing page 1 of 4 page document View the full content.MSIS 4253, (SP18), Exam 1 Focus list (1)
Previewing page 1 of actual document.
View the full content.View Full Document
MSIS 4253, (SP18), Exam 1 Focus list (1)
0
0
16 views
- Pages:
- 4
- School:
- Oklahoma State University
- Course:
- Msis 4253 - Sys Cert and Accred
Unformatted text preview:
MSIS 4253 Exam 1 Focus List Spring 2018 1 System characterization items hardware software information sensitivity etc 2 Types of threats and vulnerabilities a Threats natural human made environmental b Vulnerabilities weakness in the system or the people that use it 3 Classes of security controls managerial operational technical a Managerial assessments planning acquisition program management b Operational training configuration contingency planning incident resonse maintenance physical protection c Technical access control audit and accountability identification and authentication system and communication protection 4 Common Controls a Security controls that are inheritable by one or more organizational information systems b Ex Contingency planning controls incident response controls security training and awareness controls personnel security controls physical and environmental protection controls intrusion detection controls 5 Hybrid or System specific controls a Security controls not designated as common controls b System specific controls are the primary responsibility of information system owners and their respective authorizing officials c Hybrid controls may also serve as templates for further control refinement 6 Relationships with external service providers a Services implemented outside of the authorization boundaries established by the organization for its information systems b Joint ventures business partnerships outsourcing arrangements licensing agreements supply chain exchanges 7 Scoping guidance Literally review the slide that covers scoping guidance NIST SP 80053 Chapter 3 8 Security Considerations there are many a Common control related considerations b Security objective related considerations c System component allocation related considerations d Technology related considerations e Physical infrastructure related considerations f Operations environmental related considerations g Scalability related considerations h Public access related
View Full Document