Foundations of IS based on ISO27001 and ISO27002 4th

Index 187 ISECOM (Institute for Security and Open Methodologies) ............................................................26 ISO ....................................................................................142 ISO 9000 ..............................................................................2 ISO/IEC 20000-1:2011 ............................................. 38, 64 ISO/IEC 27005:2011 ..................................................23, 24 ITIL® ...................................................................................64 IT Service Management .................................................38 ITU-T (Telecommunication Standardization Sector of the International Telecommunications Union) .........................................................................143 K Kerckhoffs, Auguste ........................................................77 key management ..............................................................76 L logging .............................................................................106 logical access control.......................................................72 logical access management ............................................17 logic bomb.........................................................19, 103, 145 M malware .......................................................................97, 99 - protection .......................................................................57 Mandatory Access Control (MAC) ..............................73 media handling ................................................................67 mitigation ..........................................................................33 N National Institute of Science and Technology (NIST) .................................................................. 24, 142 network controls ............................................................109 NIST (National Institute of Standards and Technology) ........................................................ 24, 142 non-human threats..........................................................34 non-repudiation .........................................................12, 75 O one-way encryption .........................................................82 Open Web Application Security Project (OWASP) .143 operational software......................................................107 owner .................................................................................64 P parkerian hexad ...............................................................21 password management ...................................................23 password management system ......................................71 Payment Card Industry (PCI) .....................................144 PDCA cycle .......................................................................37 PDCA model.....................................................................39 phishing ...............................................................97, 99, 102 physical security ..............................................................83 PKI (Public Key Infrastructure) ...................................80 PMI (Project Management Institute) ...........................24 prevention .........................................................................31 preventive action..............................................................12 privacy ...............................................................................17 Project Management Institute (PMI) ...........................24 protection of test data ...................................................118 protection rings ................................................................84 Public Key Infrastructure (PKI) ...................................80 Q qualitative risk analysis ..................................................28 quality, definitions .............................................................2 quantitative risk analysis ................................................27 R RBAC (Role-Based Access Control) .............................73 redundant site.................................................................136 reliability ...........................................................................13 repressive measures .........................................................32 residual risk ......................................................................13 restriction of software installation ...............................57 RFID passes ......................................................................86 risk ................................................................................13, 22 risk analysis ......................................................... 13, 26, 30 risk assessment .....................................................14, 15, 24 risk avoidance ...................................................................35 risk bearing .......................................................................35 risk evaluation ..................................................................14 risk management .......................................................14, 30 risk neutral ........................................................................35 robustness .........................................................................20 Role-Based Access Control (RBAC) .............................73 rootkit ............................................................. 104, 105, 146 Copyright protected. Use is for Single Users only via a VHP Approved License. For information and printed versions please see www.vanharen.net

188 Foundations of Information Security S Search for Extraterrestrial Intelligence (SETI) project ..............................................................46 secure payment transactions ....................................... 116 security controls ..............................................................29 security incident ............................................................126 security measures ..............................................31, 55, 128 security policies and standards ...................................142 security policy ..................................................................22 segregation of duties .......................................................96 Service Level Agreement (SLA) ...................................122 SETI (Search for Extraterrestrial Intelligence) project ...........................................................................46 signaling ............................................................................90 SLA (Service Level Agreement) ...................................122 SLE (Single Loss Expectancy) ........................................28 social engineering ............................................. 34, 61, 102 spam ............................................................................ 98, 99 spyware ..............................................................97, 103, 147 stand-by arrangement .............................................33, 135 statutory requirements ...................................................21 storage media ...................................................................92 Storm Worm ...................................................................147 symmetrical cryptographic system ..............................77 system availability ...........................................................20 T teleworking .......................................................................58 threat ............................................................. 15, 22, 23, 147 threat agent .....................................................................147 timeliness ..........................................................................20 TOGAF (The Open Group Architecture Framework) ..................................................................49 TQM (Total Quality Management) ................................2 traffic padding ..................................................................18 trojan horse (trojan) ........................................99, 101, 147 tunneling ...........................................................................57 U uncertainty .......................................................................13 unintentional threat ........................................................34 Uninterruptible Power Supply (UPS)...........................91 user access management ................................................70 user responsibilities .........................................................71 V virus ...................................................... 19, 97, 99, 100, 147 VPN (Virtual Private Network) .................................. 111 vulnerability ...................................................... 15, 22, 147 vulnerability of information ............................................2 W worm ..................................................................97, 100, 147 Z zero footprint ...................................................................57 Copyright protected. Use is for Single Users only via a VHP Approved License. For information and printed versions please see www.vanharen.net