Unformatted text preview:

MSIS 4253 Exam 1 Focus List Spring 2018 1 System characterization items hardware software information sensitivity etc 2 Types of threats and vulnerabilities a Threats natural human made environmental b Vulnerabilities weakness in the system or the people that use it 3 Classes of security controls managerial operational technical a Managerial assessments planning acquisition program management b Operational training configuration contingency planning incident resonse maintenance physical protection c Technical access control audit and accountability identification and authentication system and communication protection 4 Common Controls a Security controls that are inheritable by one or more organizational information systems b Ex Contingency planning controls incident response controls security training and awareness controls personnel security controls physical and environmental protection controls intrusion detection controls 5 Hybrid or System specific controls a Security controls not designated as common controls b System specific controls are the primary responsibility of information system owners and their respective authorizing officials c Hybrid controls may also serve as templates for further control refinement 6 Relationships with external service providers a Services implemented outside of the authorization boundaries established by the organization for its information systems b Joint ventures business partnerships outsourcing arrangements licensing agreements supply chain exchanges 7 Scoping guidance Literally review the slide that covers scoping guidance NIST SP 80053 Chapter 3 8 Security Considerations there are many a Common control related considerations b Security objective related considerations c System component allocation related considerations d Technology related considerations e Physical infrastructure related considerations f Operations environmental related considerations g Scalability related considerations h Public access related