-
The objectives of security are to provide availability, integrity, and confidentiality protection to data and resources.
-
A vulnerability is a weakness in a system that allows a threat source to compromise its security.
-
A threat is the possibility that someone or something would exploit a vulnerability, either intentionally or accidentally, and cause harm to an asset.
-
A risk is the probability of a threat agent exploiting a vulnerability and the loss potential from that action.
-
A countermeasure, also called a safeguard or control, mitigates the risk.
-
A control can be administrative, technical, or physical and can provide deterrent, preventive, detective, corrective, or recovery protection.
-
A compensating control is an alternative control that is put into place because of financial or business functionality reasons. • COBIT is a framework of control objectives and allows for IT governance.
-
ISO/IEC 27001 is the standard for the establishment, implementation, control, and improvement of the information security management system.
-
The ISO/IEC 27000 series were derived from BS 7799 and are international best practices on how to develop and maintain a security program.
-
Enterprise architecture frameworks are used to develop architectures for specific stakeholders and present information in views.
剩余内容请看本人公众号debugeeker, 链接为CISSP考试指南笔记:1.20 快速提示