Security and Risk Management

-
Fundamental Principles of Security
    1.     Availability
    2.     Integrity
    3.     Confidentiality
    4.     Balanced Security
      Security Definitions
      Control Types
      Security Frameworks
        1.     ISO/IEC 27000 Series
        2.     Enterprise Architecture Development
        3.     Security Controls Development
        4.     Process Management Development
        5.     Functionality vs. Security
          The Crux of Computer Crime Laws
          Complexities in Cybercrime
            1.     Electronic Assets
            2.     The Evolution of Attacks
            3.     International Issues
            4.     Types of Legal Systems
              Intellectual Property Laws
                1.     Trade Secret
                2.     Copyright
                3.     Trademark
                4.     Patent
                5.     Internal Protection of Intellectual Property
                6.     Software Piracy
                  Privacy
                    1.     The Increasing Need for Privacy Laws
                    2.     Laws, Directives and Regulations
                    3.     Employee Privacy Issues
                      Data Breaches
                        1.     U.S. Laws Pertaining to Data Breaches
                        2.     Other Nations' Laws Pertaining to Data Breaches
                          Policies, Standards, Baselines, Guidelines, and Procedures
                            1.     Security Policy
                            2.     Standards
                            3.     Guidelines
                            4.     Procedures
                            5.     Implementation
                              Risk Management
                                1.     Holistic Risk Management
                                2.     Information Systems Risk Management Policy
                                3.     The Risk Management Team
                                4.     The Risk Management Process
                                  Threat Modeling
                                    1.     Vulnerabilities
                                    2.     Threats
                                    3.     Attacks
                                    4.     Reduction Analysis
                                      Risk Assessment and Analysis
                                        1.     Risk Analysis Team
                                        2.     The Value of Information and Assets
                                        3.     Costs That Make Up the Value
                                        4.     Identifying Vulnerabilities and Threats
                                        5.     Methodologies for Risk Assessment
                                        6.     Risk Analysis Approaches
                                        7.     Risk Analysis Approaches
                                        8.     Qualitative Risk Analysis
                                        9.     Protection Mechanisms
                                        10.     Putting it Together
                                        11.     Total Risk vs. Residual Risk
                                        12.     Handling Risk
                                        13.     Outsourcing
                                          Business Continuity and Disaster Recovery
                                            1.     Standards and Best Practices
                                            2.     Making BCM Part of the Enterprise Security Program
                                            3.     BCP Project Components
                                              Personnel Security
                                                1.     Hiring Practices
                                                2.     Termination
                                                3.     Security-Awareness Training
                                                4.     Degree or Certification
                                                  Security Governance
                                                    1.     Metrics
                                                      Ethics
                                                        1.     The Computer Ethics Institute
                                                        2.     The Internet Architecture Board
                                                        3.     Corporate Ethics Programs

                                                        Comments

                                                        Post a Comment

                                                        Popular posts from this blog

                                                        OIM 11g R2 PS2 : SOA Approval Workflow Sample

                                                        -
                                                        Image
                                                        In this post I am posting the sample code for a sample SOA approval workflow. Some of the features that this workflow addresses are Approval to Manager or Role Owners is dynamic based on the custom OIM system property "approval-condition". Value is set either "AND" or "OR". Manager or Role Owner can be set to be notified only with no approval required. In this case only email is sent to notify them but no approval is required from them. Custom OIM system property are created to address this.   manager-notify-only = TRUE or FALSE  TRUE = only notify the manager no approval request sent. FALSE = notify the manager and send an approval request.   roleowner-notify-only = TRUE or FALSE  TRUE = only notify the role owner no approval request sent. FALSE = notify the role owner and send an approval request. Third Level System Notification was required but it should be dynamic.  Custom OIM system property are created to address this sysadmin-noti
                                                        Read more

                                                        Oracle Identity Manager (OIM) Interview Questions

                                                        -
                                                        This is my 100th post on my blog and in this post, I will list down interview questions on OIM. This post will always be work in progress as I keep appending this list with more and more questions. Please find the list of questions below :-) What are the new features in PS3 ? What are the differences between PS2 and PS3 ? How do you identify rogue account creation in target system ? What is the high level architecture of OIM 11g ? List out difference between OIM 9.1 and 11g and possibly 11gR2 What are the new features in 11gR2 PS2 , PS3 How do you save multi-valued attribute in process form and how the linking happens between process form & child form ,   1 child form per multi valued attribute Can we still use entity adapters in OIM 11g What is pluginservice in oim 11g/  What is the orchestration service in oim 11g. what is the difference between entity match found  and process match found ? what are service accounts in oim ? why remote manager is used ? What is a c
                                                        Read more

                                                        OHS 12c (12.1.3) webgate deployment and configuration

                                                        -
                                                        In this post, I will cover the deployment and configuration of webgate 12c webgate. OHS 12c comes pre-bundled with a webgate so we don't have to separately download and install any webgate. If you have installed OHS then you have a webgate which you can configure to protect OHS. Also there is no gui screens involved as all configurations are done via command line tools. In the previous post i covered installation and configuration of OHS 12c. This post builds on top of that. Step 1 deploy webgate ./deployWebGateInstance.sh -w /OHS_12c_WEBSERVER_HOME/webserver/instances/instance1/config/fmwconfig/components/OHS/ohs1 -oh /OHS_12c_MW_HOME/ Copying files from WebGate Oracle Home to WebGate Instancedir Step 2 Config webgate export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/OHS_12c_MW_HOME/lib cd /OHS_12c_MW_HOME/webgate/ohs/tools/setup/InstallTools/ ./EditHttpConf -w /OHS_12c_WEBSERVER_HOME/webserver/instances/instance1/config/fmwconfig/components/OHS/ohs1 -oh /OHS_12c_MW_HO
                                                        Read more