Security and Risk Management

-
Fundamental Principles of Security
    1.     Availability
    2.     Integrity
    3.     Confidentiality
    4.     Balanced Security
      Security Definitions
      Control Types
      Security Frameworks
        1.     ISO/IEC 27000 Series
        2.     Enterprise Architecture Development
        3.     Security Controls Development
        4.     Process Management Development
        5.     Functionality vs. Security
          The Crux of Computer Crime Laws
          Complexities in Cybercrime
            1.     Electronic Assets
            2.     The Evolution of Attacks
            3.     International Issues
            4.     Types of Legal Systems
              Intellectual Property Laws
                1.     Trade Secret
                2.     Copyright
                3.     Trademark
                4.     Patent
                5.     Internal Protection of Intellectual Property
                6.     Software Piracy
                  Privacy
                    1.     The Increasing Need for Privacy Laws
                    2.     Laws, Directives and Regulations
                    3.     Employee Privacy Issues
                      Data Breaches
                        1.     U.S. Laws Pertaining to Data Breaches
                        2.     Other Nations' Laws Pertaining to Data Breaches
                          Policies, Standards, Baselines, Guidelines, and Procedures
                            1.     Security Policy
                            2.     Standards
                            3.     Guidelines
                            4.     Procedures
                            5.     Implementation
                              Risk Management
                                1.     Holistic Risk Management
                                2.     Information Systems Risk Management Policy
                                3.     The Risk Management Team
                                4.     The Risk Management Process
                                  Threat Modeling
                                    1.     Vulnerabilities
                                    2.     Threats
                                    3.     Attacks
                                    4.     Reduction Analysis
                                      Risk Assessment and Analysis
                                        1.     Risk Analysis Team
                                        2.     The Value of Information and Assets
                                        3.     Costs That Make Up the Value
                                        4.     Identifying Vulnerabilities and Threats
                                        5.     Methodologies for Risk Assessment
                                        6.     Risk Analysis Approaches
                                        7.     Risk Analysis Approaches
                                        8.     Qualitative Risk Analysis
                                        9.     Protection Mechanisms
                                        10.     Putting it Together
                                        11.     Total Risk vs. Residual Risk
                                        12.     Handling Risk
                                        13.     Outsourcing
                                          Business Continuity and Disaster Recovery
                                            1.     Standards and Best Practices
                                            2.     Making BCM Part of the Enterprise Security Program
                                            3.     BCP Project Components
                                              Personnel Security
                                                1.     Hiring Practices
                                                2.     Termination
                                                3.     Security-Awareness Training
                                                4.     Degree or Certification
                                                  Security Governance
                                                    1.     Metrics
                                                      Ethics
                                                        1.     The Computer Ethics Institute
                                                        2.     The Internet Architecture Board
                                                        3.     Corporate Ethics Programs

                                                        Comments

                                                        Post a Comment

                                                        Popular posts from this blog

                                                        OIM 11g Custom ADF Application Development

                                                        -
                                                        Image
                                                        In this post , I will cover the steps required to create a custom ADF web application. What this application does is facilitate Account Claim Process. Users has been migrated from some other IAM product to OIM and exist in disabled state and hence cannot login to perform Self Service operations. User needs to identify themselves by providing their personal details like personal identification number, zip code and dob etc. After successfully Identifying themselves they will be able to set a new password and set their challenge questions and answers. During this process the application will activate their account and set the new password and QnA. At the end of the process, they will be able to login OIM with their new password set. The application has been developed using JDeveloper using ADF technology to render user interfaces and MVC design pattern to keep the concerns separate. Application Structure                                                                                  
                                                        Read more

                                                        Oracle Identity Manager (OIM) Interview Questions

                                                        -
                                                        This is my 100th post on my blog and in this post, I will list down interview questions on OIM. This post will always be work in progress as I keep appending this list with more and more questions. Please find the list of questions below :-) What are the new features in PS3 ? What are the differences between PS2 and PS3 ? How do you identify rogue account creation in target system ? What is the high level architecture of OIM 11g ? List out difference between OIM 9.1 and 11g and possibly 11gR2 What are the new features in 11gR2 PS2 , PS3 How do you save multi-valued attribute in process form and how the linking happens between process form & child form ,   1 child form per multi valued attribute Can we still use entity adapters in OIM 11g What is pluginservice in oim 11g/  What is the orchestration service in oim 11g. what is the difference between entity match found  and process match found ? what are service accounts in oim ? why remote manager is used ? What is a c
                                                        Read more

                                                        OIM 11g R2 PS2 : SOA Approval Workflow Sample

                                                        -
                                                        Image
                                                        In this post I am posting the sample code for a sample SOA approval workflow. Some of the features that this workflow addresses are Approval to Manager or Role Owners is dynamic based on the custom OIM system property "approval-condition". Value is set either "AND" or "OR". Manager or Role Owner can be set to be notified only with no approval required. In this case only email is sent to notify them but no approval is required from them. Custom OIM system property are created to address this.   manager-notify-only = TRUE or FALSE  TRUE = only notify the manager no approval request sent. FALSE = notify the manager and send an approval request.   roleowner-notify-only = TRUE or FALSE  TRUE = only notify the role owner no approval request sent. FALSE = notify the role owner and send an approval request. Third Level System Notification was required but it should be dynamic.  Custom OIM system property are created to address this sysadmin-noti
                                                        Read more