Information Security Management Ch 8

To establish a framework for financial reporting

To offer a detailed technical guide for software development

To outline the principles of project management

To provide a common basis for developing organizational security standards

Data encryption

Least privilege

Separation of duties

Need to know

Auditing user access rights

Comparing organizational performance against standards

Creating new security policies

Implementing security technologies

They are outdated and not widely used

They are free and widely reviewed

They are only available to government agencies

They focus solely on technical controls

Deterrent

Compensating

Descriptive

Directive

The classification of data

The enforcement of security policies

The documentation of user activities

The process of identifying users

Data masking

Hashing

Encryption

Access control

Single sign-on

Multi-factor authentication

Role-based access

Data encryption

To ensure all users have maximum access

To limit user access to only what is necessary

To provide unrestricted access to sensitive data

To simplify user management

A planned security audit

An event that compromises the integrity of data

A routine system update

A successful user login