CISSP考试指南笔记:7.10 义务及其后果

于 2021-03-12 00:24:12 发布
阅读量145 收藏
点赞数
分类专栏: CISSP备考资料
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/xuzhina/article/details/114683876
版权

In the context of security, due care means that a company did all it could have reasonably done, under the circumstances, to prevent security breaches, and also took reasonable steps to ensure that if a security breach did take place, proper controls or countermeasures were in place to mitigate the damages. In short, due care means that a company practiced common sense and prudent management and acted responsibly. Due diligence means that the company properly investigated all of its possible weaknesses and vulnerabilities.

Senior management has an obligation to protect the company from a long list of activities that can negatively affect it, including protection from malicious code, natural disasters, privacy violations, infractions of the law, and more.

The costs and benefits of security should be evaluated in monetary and nonmonetary terms to ensure that the cost of security does not outweigh the expected benefits.

there are many costs to consider when it comes to security breaches: loss of business, response activities, customer and partner notification, and detection and escalation measures.

Senior management needs to decide upon the amount of risk it is willing to take pertaining to computer and information security, and implement security in an economical and responsible manner.

Responsibility generally refers to the obligations and expected actions and behaviors of a particular party. An obligation may have a defined set of specific actions that are required, or a more general and open approach, which enables the party to decide how it will fulfill the particular obligation. Accountability refers to the ability to hold a party responsible for certain actions or inaction. To prove negligence in court, the plaintiff must establish that the defendant had a legally recognized obligation, or duty, to protect the plaintiff from unreasonable risks and that the defendant’s failure to protect the plaintiff from an unreasonable risk (breach of duty) was the proximate cause of the plaintiff’s damages.

Proximate cause is an act or omission that naturally and directly produces a consequence.

Liability Scenarios

  • Personal Information

  • Hacker Intrusion

 

剩余内容请关注本人公众号debugeeker, 链接为CISSP考试指南笔记:7.10 义务及其后果

debugeeker
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
CISSP重点知识总结1
weixin_43500133的博客
05-01 2430
CISSP 重点知识点总结-1-安全和风险管理 安全和风险管理 第 1 章 实现安全治理的原则和策略 1.1 基本概念 机密性, 完整性, 可用性 1. 机密性 Confidentiality 确保信息在存储,使用,传输过程中不会泄漏给非授权用户或实体 相反的为: 泄漏 Disclosure 2. 完整性 Integrity 防止 非授权 篡改 防止 授权用户不恰当 修改信息 保持信息内部一致性和外部一致性 内部一致性 存储在系统里的冗余信息要保持一致 外部一致性 存储在系统里的信息和外部
CISSP认证考试指南第7版-样张
04-25
此为CISSP认证考试指南第7版的样张,有需要的朋友可以先看看,今年新出的2018年第一版
CISSP 资产安全
One_hui的博客
01-01 531
资产安全:人员、合作伙伴、设备、设施、声誉、信息等等 【信息生命周期】 一、获取 二、使用 三、存档/备份 四、处置 【信息分类】 一、分类等级 .公开 .敏感:财务信息/项目细节/利润及预测 .隐私:个人信息 .机密:商业秘密/源码 .未分类 .敏感未分类 .秘密:军队驻扎计划/战略部署 .绝密:核心技术/间谍等 二、数据准则 用途、价值、寿命、泄露可能导致的损失级别、修改或讹误可能导致的损失级...
CISSP考试指南笔记:1.19 道德
debugeeker的专栏
12-18 194
(ISC)2 requires all certified system security professionals to commit to fully supporting its Code of Ethics. Protect society, the common good, necessary public trust and confidence, and the infrastructure. Act honorably, honestly, justly, responsi
CISSP考试指南笔记:2.6 保护资产
debugeeker的专栏
12-19 173
Data Security Controls Which controls we choose to use to mitigate risks to our information depend not only on the value we assign to that information, but also on the dynamic state of that information. Data exists in one of three states: at rest, in moti
CISSP考试指南笔记:3.2 计算机架构
debugeeker的专栏
12-21 216
Computer architectureencompasses all of the parts of a computer system that are necessary for it to function, including the central processing unit, memory chips, logic circuits, storage devices, input and output devices, security components, buses, and n.
CISSP考试指南笔记:1.17 人员安全
debugeeker的专栏
12-18 182
Separation of dutiesmakes sure that one individual cannot complete a critical task by herself. Collusionmeans that at least two people are working together to cause some type of destruction or fraud. Two variations of separation of duties aresplit kno...
CISSP考试指南笔记:1.20 快速提示
debugeeker的专栏
12-18 215
The objectives of security are to provide availability, integrity, and confidentiality protection to data and resources. A vulnerability is a weakness in a system that allows a threat source to compromise its security. A threat is the possibili..
CISSP考试指南笔记:3.1 系统架构
debugeeker的专栏
12-21 130
Anarchitectureis a tool used to conceptually understand the structure and behavior of a complex entity through different views. Anarchitecture descriptionis a formal description and representation of a system, the components that make it up, the inter...
CISSP考试指南笔记:2.3 责任分层
debugeeker的专栏
12-19 174
Senior management always carries the ultimate responsibility for the organization. Executive Management The CFO and CEO are responsible for informing stakeholders (creditors, analysts, employees, management, investors) of the firm’s financial condition and
CISSP学习指南:用于2018 CISSP考试的学习材料
02-05
CISSP学习指南:用于2018 CISSP考试的学习材料
cissp-summary:我的 CISSP 考试准备学习指南
06-13
CISSP指南这是我准备 CISSP 考试的学习指南。 它涵盖了所有相关领域的基本信息。 我的目标是尽可能保持简短,省略大部分基础知识,因此必须先了解一些有关 IT 安全的知识。访问控制根据安全要求,允许/拒绝主体与...
CISSP认证考试指南2018
01-18
CISSP认证考试指南2018
CISSP考试指南
06-18
本文档是CISSP的认证考试指南,有意考取这个认证的朋友可以学习
html css js网页设计
07-12
HTML、CSS和JavaScript是构建网页和网站的基本技术,它们共同工作来创建和设计用户界面。下面是关于这三种技术的详细介绍: ### HTML (HyperText Markup Language) - **定义**:HTML是构建网页内容的标准标记语言。 - **作用**:用于创建网页的结构和内容,如段落、链接、图片、表格等。 - **语法**:使用标签(如 `<p>`, `<div>`, `<a>`, `<img>` 等)来定义网页元素。 ### CSS (Cascading Style Sheets) - **定义**:CSS是一种样式表语言,用于描述HTML文档的呈现方式。 - **作用**:用于设置网页的布局、颜色、字体和其他视觉元素。 - **语法**:通过选择器(如 `p`, `.myclass`, `#myid` 等)应用样式规则。 ### JavaScript - **定义**:JavaScript是一种脚本语言,通常用于网页上实现交互功能。 - **作用**:允许网页与用户进行交互,如响应用户操作、动态更新内容、动画效果等。 - **语法**:Java
2023年数字乡村建设解决方案PPT(34页).pptx
最新发布
07-12
数字乡村建设解决方案旨在通过数字化转型促进乡村振兴和农业农村现代化。该方案强调了数字乡村建设的战略机遇,以"1+3+5"工程为总体框架,即一个大数据中心、三大服务平台和五类主题应用。方案着重于乡村治理、产业发展和公共服务三大问题,通过完善治理体系、升级治理能力、强化产业链条和改善资源配置来推动乡村全面振兴。 方案中提出的数字乡村大数据中心是信息资源的集散地,依托大数据、AI、物联网等新技术,实现数据驱动的决策支持。三大服务平台包括产业服务、民生服务和治理服务,旨在提升农业生产智能化、经营网络化,同时优化乡村治理结构和提升服务效能。五类主题应用覆盖生产管理、流通营销、行业监管、公共服务和乡村治理,通过具体业务应用体系,实现农业全产业链的数字化管理和服务。 预期建设效益包括通过信息技术促进乡村优势产业发展,形成城郊融合型数字乡村治理新模式,以及创新服务方式,提升服务能力,保障农民权益。整体而言,该方案以数字化为手段,推动乡村经济、治理、文化等多方面的全面升级和发展。
脉冲强光技术在灭菌烧结固化应用解决方案
07-12
脉冲强光技术在灭菌烧结固化应用解决方案,已经得到厂家授权,可以对外公示。
2024年欧洲辣椒素市场主要企业市场占有率及排名.docx
07-12
2024年欧洲辣椒素市场主要企业市场占有率及排名.docx
CISSP官方教材最完备精华笔记-V1.01
08-04
"CISSP官方教材最完备精华笔记-V1.01" CISSP(Certified Information Systems Security Professional)认证是信息安全领域的权威证书,其官方教材覆盖了广泛的知识点,旨在帮助考生全面掌握安全管理和风险管理。这...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值