Artikel-Schlagworte: „axioms“
1. Periodic meetings involving briefings to the senior management about information security enhance an organization’s commitment and support of information security
2. Data custodians (aka security administrators) are responsible for enforcing access rights to the data by individuals and applications. However, data owners are responsible for approving such rights
3. More or less, policies and standards are usually fairly static. However, procedures are more likely to change as new versions of software and hardware are released
4. One of the qualifications of a CISO should be that he/she should have the ability to understand an organization’s business needs and enable security technologies to support those needs. An organization’s security must be aligned with that organization’s business requirements
5. An organization’s security architecture must incorporate stakeholder’s requirements and thus advance the interests of the business
6. Information Security is not the same thing as IT Security
7. IT Security is just a subset of Information Security
8. IT security is driven by the chief information officer (CIO) level, while Information security is driven by executive management and supported by the board of directors
9. Only data owners can determine requirements of RPO
10. RPO (recovery point objective) is the point back in time from the occurrence of an incident up to which the data can be recovered effectively. Any data between that point and the incident time is lost and is irrecoverable.
Out of 700 plus axioms
Those who will attend our classes will get the more – 700 plus axioms, plus handouts, plus 5 lectures of 4 hours each, plus sample Q/A, plus attendees can ask questions till the day before the exam.
Best, Jutta.
mailto:jutta.staudach@gmail.com
http://elearnings.jutta-staudach.de/
Jay Ranade CISA Axioms
1. DRP increases pre-and post incident operational costs but reduce business impact and recovery costs. However, recovery plan should strive to reduce RTO and recovery costs.
2. Risk assessment (RA) is usually done on an annual basis. After RA is done, the adequacy and effectiveness of the BC plan must be evaluated too.
3. Geographically dispersing resources and processing facilities mitigate vulnerabilities of a regional disaster.
4. Best evidence of the efficacy of DR plan in an organization is the practice of frequent tests and drills
5. Timely availability of hardware is a primary concern for warm site facility
6. An application when reaching the end of its life cycle can be decommissioned but not retired if the data needs to be retained for regulatory purposes
7. Protection of human life is the MOST important factor in any business continuity process. Remember, it is higher than data loss as well any other factor.
8. For email authenticity and confidentiality, it must be first encrypted with sender’s private key and then recipient’s public key.
9. Escorting visitors is the best preventive control for visitor access to a data center.
10. Most common problem with IDS is the detection of false positives (IDS detects events that are not really a security problem).
Out of 700 plus axioms
Those who will attend our classes will get the more – 700 plus axioms, plus handouts, plus 5 lectures of 4 hours each, plus sample Q/A, plus attendees can ask questions till the day before the exam.
Best, Jutta.
mailto:jutta.staudach@gmail.com
http://elearnings.jutta-staudach.de/