230 In-Depth Information assurance Questions for Professionals

What is involved in Information assurance

Find out what the related areas are that Information assurance connects with, associates with, correlates with or affects, and which require thought, deliberation, analysis, review and discussion. This unique checklist stands out in a sense that it is not per-se designed to give answers, but to engage the reader and lay out a Information assurance thinking-frame.

How far is your company on its Information assurance journey?

Take this short survey to gauge your organization’s progress toward Information assurance leadership. Learn your strongest and weakest areas, and what you can do now to create a strategy that delivers results.

To address the criteria in this checklist for your organization, extensive selected resources are provided for sources of further research and information.

Start the Checklist

Below you will find a quick checklist designed to help you think about which Information assurance related domains to cover and 230 essential critical questions to check off in that domain.

The following domains are covered:

Information assurance, Anti-virus software, Business continuity, Business continuity planning, Computer emergency response team, Computer science, Corporate governance, Data at rest, Data in transit, Disaster recovery, Factor Analysis of Information Risk, Fair information practice, Forensic science, ISO/IEC 27001, ISO/IEC 27002, ISO 17799, ISO 9001, IT risk, Information Assurance Advisory Council, Information Assurance Collaboration Group, Information Assurance Vulnerability Alert, Information security, Management science, McCumber cube, Mission assurance, PCI DSS, Regulatory compliance, Risk IT, Risk Management Plan, Risk assessment, Risk management, Security controls, Security engineering, Systems engineering:

Information assurance Critical Criteria:

Categorize Information assurance adoptions and revise understanding of Information assurance architectures.

– Is Information assurance dependent on the successful delivery of a current project?

– What are internal and external Information assurance relations?

– Is a Information assurance Team Work effort in place?

Anti-virus software Critical Criteria:

Mine Anti-virus software engagements and balance specific methods for improving Anti-virus software results.

– Does each mobile computer with direct connectivity to the internet have a personal firewall and anti-virus software installed?

– What role does communication play in the success or failure of a Information assurance project?

– Is anti-virus software installed on all computers/servers that connect to your network?

– When a Information assurance manager recognizes a problem, what options are available?

– Are we making progress? and are we making progress as Information assurance leaders?

– Is the anti-virus software package updated regularly?

Business continuity Critical Criteria:

Interpolate Business continuity visions and find the ideas you already have.

– Who will be responsible for leading the various bcp teams (e.g., crisis/emergency, recovery, technology, communications, facilities, Human Resources, business units and processes, Customer Service)?

– We should have adequate and well-tested disaster recovery and business resumption plans for all major systems and have remote facilities to limit the effect of disruptive events. Do we comply?

– Has the organization established an enterprise-wide business continuity/disaster recovery program that is consistent with requirements, policy, and applicable guidelines?

– Do you have a written business continuity/disaster recovery plan that includes procedures to be followed in the event of a disruptive computer incident?

– Does our business continuity and/or disaster recovery plan (bcp/drp) address the timely recovery of its it functions in the event of a disaster?

– Do the response plans address damage assessment, site restoration, payroll, Human Resources, information technology, and administrative support?

– Do our business continuity andor disaster recovery plan (bcp/drp) address the timely recovery of our it functions in the event of a disaster?

– What programs/projects/departments/groups have some or all responsibility for business continuity/Risk Management/organizational resilience?

– Will Information assurance have an impact on current business continuity, disaster recovery processes and/or infrastructure?

– Which data center management activity involves eliminating single points of failure to ensure business continuity?

– What is the role of digital document management in business continuity planning management?

– What is the source of the strategies for Information assurance strengthening and reform?

– Does increasing our companys footprint add to the challenge of business continuity?

– How does our business continuity plan differ from a disaster recovery plan?

– Is the crisis management team comprised of members from Human Resources?

– Has business continuity thinking and planning become too formulaic?

– Has business continuity been considered for this eventuality?

– Do you have any DR/business continuity plans in place?

Business continuity planning Critical Criteria:

Nurse Business continuity planning engagements and don’t overlook the obvious.

– Consider your own Information assurance project. what types of organizational problems do you think might be causing or affecting your problem, based on the work done so far?

– What tools and technologies are needed for a custom Information assurance project?

– What is business continuity planning and why is it important?

– Does Information assurance appropriately measure and monitor risk?

Computer emergency response team Critical Criteria:

Investigate Computer emergency response team strategies and probe Computer emergency response team strategic alliances.

– Do you monitor security alerts and advisories from your system vendors, Computer Emergency Response Team (CERT) and other sources, taking appropriate and responsive actions?

– How likely is the current Information assurance plan to come in on schedule or on budget?

– Who will be responsible for documenting the Information assurance requirements in detail?

Computer science Critical Criteria:

Match Computer science decisions and customize techniques for implementing Computer science controls.

– Does Information assurance systematically track and analyze outcomes for accountability and quality improvement?

– How do we Identify specific Information assurance investment and emerging trends?

Corporate governance Critical Criteria:

Dissect Corporate governance leadership and check on ways to get started with Corporate governance.

– How do we ensure that implementations of Information assurance products are done in a way that ensures safety?

– What prevents me from making the changes I know will make me a more effective Information assurance leader?

– In what ways are Information assurance vendors and us interacting to ensure safe and effective use?

Data at rest Critical Criteria:

Model after Data at rest visions and inform on and uncover unspoken needs and breakthrough Data at rest results.

– Who needs to know about Information assurance ?

Data in transit Critical Criteria:

Match Data in transit leadership and finalize specific methods for Data in transit acceptance.

– What are your key performance measures or indicators and in-process measures for the control and improvement of your Information assurance processes?

– Why is it important to have senior management support for a Information assurance project?

– What about Information assurance Analysis of results?

Disaster recovery Critical Criteria:

Accommodate Disaster recovery engagements and don’t overlook the obvious.

– The goal of a disaster recovery plan is to minimize the costs resulting from losses of, or damages to, the resources or capabilities of your IT facilities. The success of any disaster recovery plan depends a great deal on being able to determine the risks associated with data loss. What is the impact to our business if the data is lost?

– Has your organization ever had to invoke its disaster recovery plan which included the CRM solution and if so was the recovery time objective met and how long did it take to return to your primary solution?

– Has specific responsibility been assigned for the execution of business continuity and disaster recovery plans (either within or outside of the information security function)?

– Is There an individual or team responsible to routinely ensure the alternate processing facility has the necessary hardware, supplies, and documentation to resume processing?

– Has Management reviewed the adequacy of recovery team coverage for the Disaster Recovery and Business Continuation plan and the frequency of such reviews?

– How do you intend to fund the reopening: from existing business sources, your own resources, other investors, banks, lenders, or a mix?

– What is your insurance agent telling you about your policy and what will be covered and what wont be covered?

– Incorporated lessons from running your business prior to the disaster into your recovery plan?

– How will you know that the Information assurance project has been successful?

– Are there policies in place to address post-disaster redevelopment?

– How many times have we invoked our bc plans in the past five years?

– How often do you fully test your disaster recovery capabilities?

– Is cross cloud deployment really necessary?

– Condition of the business pre-disaster?

– How many data center sites do you have?

– What is the scope of bc plans?

– Are all licenses up to date?

– What is disaster recovery?

Factor Analysis of Information Risk Critical Criteria:

Adapt Factor Analysis of Information Risk leadership and report on developing an effective Factor Analysis of Information Risk strategy.

– Think about the people you identified for your Information assurance project and the project responsibilities you would assign to them. what kind of training do you think they would need to perform these responsibilities effectively?

– Is there a Information assurance Communication plan covering who needs to get what information when?

– What new services of functionality will be implemented next with Information assurance ?

Fair information practice Critical Criteria:

Discourse Fair information practice adoptions and explain and analyze the challenges of Fair information practice.

– What are the usability implications of Information assurance actions?

– Which Information assurance goals are the most important?

Forensic science Critical Criteria:

Study Forensic science quality and drive action.

– How do you incorporate cycle time, productivity, cost control, and other efficiency and effectiveness factors into these Information assurance processes?

– What are current Information assurance Paradigms?

ISO/IEC 27001 Critical Criteria:

Define ISO/IEC 27001 tasks and work towards be a leading ISO/IEC 27001 expert.

– How can we incorporate support to ensure safe and effective use of Information assurance into the services that we provide?

– How do mission and objectives affect the Information assurance processes of our organization?

– What are the barriers to increased Information assurance production?

ISO/IEC 27002 Critical Criteria:

Discuss ISO/IEC 27002 visions and oversee ISO/IEC 27002 management by competencies.

– Do you monitor the effectiveness of your Information assurance activities?

– Why should we adopt a Information assurance framework?

ISO 17799 Critical Criteria:

Accommodate ISO 17799 management and point out improvements in ISO 17799.

– What tools do you use once you have decided on a Information assurance strategy and more importantly how do you choose?

– Does our organization need more Information assurance education?

ISO 9001 Critical Criteria:

Focus on ISO 9001 tasks and give examples utilizing a core of simple ISO 9001 skills.

– Does a supplier having an ISO 9001 or AS9100 certification automatically satisfy this requirement?

– Are there recognized Information assurance problems?

IT risk Critical Criteria:

Jump start IT risk projects and visualize why should people listen to you regarding IT risk.

– What impact has emerging technology (e.g., cloud computing, virtualization and mobile computing) had on your companys ITRM program over the past 12 months?

– To what extent is the companys common control library utilized in implementing or re-engineering processes to align risk with control?

– By what percentage do you estimate your companys financial investment in ITRM activities will change in the next 12 months?

– Does your company have a formal information and technology risk framework and assessment process in place?

– Risk Categories: What are the main categories of risks that should be addressed on this project?

– Does Senior Management take action to address IT risk indicators identified and reported?

– Risk factors: what are the characteristics of Information assurance that make it risky?

– Does your company have a formal IT risk framework and assessment process in place?

– How does your company report on its information and technology risk assessment?

– Who performs your companys information and technology risk assessments?

– How often are information and technology risk assessments performed?

– How will investment in ITRM be distributed in the next 12 months?

– How important is the system to the user organizations mission?

– What is the purpose of the system in relation to the mission?

– Does your company have a formal ITRM function?

– How much should a company invest in security?

– Risk Communication what to Communicate?

– How do you demonstrate due care?

– What could go wrong?

– Who are valid users?

Information Assurance Advisory Council Critical Criteria:

Discuss Information Assurance Advisory Council engagements and optimize Information Assurance Advisory Council leadership as a key to advancement.

– Which customers cant participate in our Information assurance domain because they lack skills, wealth, or convenient access to existing solutions?

– What are the success criteria that will indicate that Information assurance objectives have been met and the benefits delivered?

Information Assurance Collaboration Group Critical Criteria:

Differentiate Information Assurance Collaboration Group leadership and overcome Information Assurance Collaboration Group skills and management ineffectiveness.

– Are accountability and ownership for Information assurance clearly defined?

– What are the business goals Information assurance is aiming to achieve?

Information Assurance Vulnerability Alert Critical Criteria:

Jump start Information Assurance Vulnerability Alert tasks and create a map for yourself.

– What are our Information assurance Processes?

Information security Critical Criteria:

Coach on Information security governance and maintain Information security for success.

– Is the software and application development process based on an industry best practice and is information security included throughout the software development life cycle (sdlc) process?

– Are information security policies, including policies for access control, application and system development, operational, network and physical security, formally documented?

– Do we maintain our own threat catalogue on the corporate intranet to remind employees of the wide range of issues of concern to Information Security and the business?

– Is there an information security policy to provide mgmt direction and support for information security in accordance with business requirements, relevant laws and regulations?

– Are information security policies and other relevant security information disseminated to all system users (including vendors, contractors, and business partners)?

– Does the ISMS policy provide a framework for setting objectives and establishes an overall sense of direction and principles for action with regard to information security?

– Is mgmt able to determine whether security activities delegated to people or implemented by information security are performing as expected?

– Do we have an official information security architecture, based on our Risk Management analysis and information security strategy?

– Do suitable policies for the information security exist for all critical assets of the value added chain (degree of completeness)?

– Are we requesting exemption from or modification to established information security policies or standards?

– Have standards for information security across all entities been established or codified into regulations?

– Does your organization have a chief information security officer (ciso or equivalent title)?

– Does your company have an information security officer?

– What is the main driver for information security expenditure?

– What is information security?

Management science Critical Criteria:

Accommodate Management science governance and get the big picture.

– How can you negotiate Information assurance successfully with a stubborn boss, an irate client, or a deceitful coworker?

– How do we Improve Information assurance service perception, and satisfaction?

– What business benefits will Information assurance goals deliver if achieved?

McCumber cube Critical Criteria:

Test McCumber cube issues and display thorough understanding of the McCumber cube process.

– Record-keeping requirements flow from the records needed as inputs, outputs, controls and for transformation of a Information assurance process. ask yourself: are the records needed as inputs to the Information assurance process available?

– What are the top 3 things at the forefront of our Information assurance agendas for the next 3 years?

– What are our needs in relation to Information assurance skills, labor, equipment, and markets?

Mission assurance Critical Criteria:

Air ideas re Mission assurance issues and integrate design thinking in Mission assurance innovation.

– Do those selected for the Information assurance team have a good general understanding of what Information assurance is all about?

– Is Information assurance Required?

PCI DSS Critical Criteria:

Have a round table over PCI DSS tasks and point out PCI DSS tensions in leadership.

– What may be the consequences for the performance of an organization if all stakeholders are not consulted regarding Information assurance?

– Can Management personnel recognize the monetary benefit of Information assurance?

Regulatory compliance Critical Criteria:

Pilot Regulatory compliance governance and grade techniques for implementing Regulatory compliance controls.

– Does Information assurance include applications and information with regulatory compliance significance (or other contractual conditions that must be formally complied with) in a new or unique manner for which no approved security requirements, templates or design models exist?

– Do we cover the five essential competencies-Communication, Collaboration,Innovation, Adaptability, and Leadership that improve an organizations ability to leverage the new Information assurance in a volatile global economy?

– What other organizational variables, such as reward systems or communication systems, affect the performance of this Information assurance process?

– In the case of public clouds, will the hosting service provider meet their regulatory compliance requirements?

– Regulatory compliance: Is the cloud vendor willing to undergo external audits and/or security certifications?

– What is Regulatory Compliance ?

Risk IT Critical Criteria:

Co-operate on Risk IT tasks and report on the economics of relationships managing Risk IT and constraints.

– Risk Probability and Impact: How will the probabilities and impacts of risk items be assessed?

– Is the scope of Information assurance defined?

Risk Management Plan Critical Criteria:

Concentrate on Risk Management Plan adoptions and inform on and uncover unspoken needs and breakthrough Risk Management Plan results.

– What are your results for key measures or indicators of the accomplishment of your Information assurance strategy and action plans, including building and strengthening core competencies?

– Have you fully developed a Risk Management plan for any outsourcing agreement from inception to termination – for whatever reason?

– Has identifying and assessing security and privacy risks been incorporated into the overall Risk Management planning?

– Has the risk management plan been significantly changed since last years version?

– Has the Risk Management Plan been significantly changed since last year?

– What can we expect from project Risk Management plans?

Risk assessment Critical Criteria:

Bootstrap Risk assessment risks and find the ideas you already have.

– Have the it security cost for the any investment/project been integrated in to the overall cost including (c&a/re-accreditation, system security plan, risk assessment, privacy impact assessment, configuration/patch management, security control testing and evaluation, and contingency planning/testing)?

– Are interdependent service providers (for example, fuel suppliers, telecommunications providers, meter data processors) included in risk assessments?

– Does the risk assessment approach helps to develop the criteria for accepting risks and identify the acceptable level risk?

– Are standards for risk assessment methodology established, so risk information can be compared across entities?

– What core IT system are you using?  Does it have an ERM or risk assessment module; and if so, have you used it?

– With Risk Assessments do we measure if Is there an impact to technical performance and to what level?

– Does the process include a BIA, risk assessments, Risk Management, and risk monitoring and testing?

– What operating practices represent major roadblocks to success or require careful risk assessment?

– Is the priority of the preventive action determined based on the results of the risk assessment?

– Do you use any homegrown IT system for ERM or risk assessments?

– Are regular risk assessments executed across all entities?

– Do you use any homegrown IT system for ERM or risk assessments?

– Are regular risk assessments executed across all entities?

– Do you use any homegrown IT system for risk assessments?

– How can the value of Information assurance be defined?

– Are risk assessments at planned intervals reviewed?

Risk management Critical Criteria:

Demonstrate Risk management planning and oversee Risk management management by competencies.

– Will our actions, process, program or procedure prevent access to necessary records or result in changes to data in them?

– How can senior executive teams strengthen Risk Management in a way that is both strategic and value-adding?

– What happens if any application, program, or website is not available to those who need the information?

– What has been the boards contribution to ensuring robust and effective Risk Management?

– People risk -Are people with appropriate skills available to help complete the project?

– Do you have a baseline configuration of IT/ICS that is used and regularly maintained?

– Whos in charge of inactivating user names and passwords as personnel changes occur?

– Has your Cybersecurity plan been reviewed in the last year and updated as needed?

– What are the most important benefits of effective organizational Risk Management?

– Do you have a defined operating model with dedicated resources for IT risk?

– Does senior leadership have access to Cybersecurity risk information?

– Are executives and legislators sufficiently informed of risk?

– Who serves on our Risk Management committee?

– What threat is this space addressing?

– Is there a Cybersecurity budget?

– How often are locks changed?

– How many different rules are there?

– Risk mitigation: how far?

Security controls Critical Criteria:

Pilot Security controls goals and achieve a single Security controls view and bringing data together.

– Are there multiple physical security controls (such as badges, escorts, or mantraps) in place that would prevent unauthorized individuals from gaining access to the facility?

– Does the cloud service agreement make its responsibilities clear and require specific security controls to be applied to the application?

– Are regular reviews of the effectiveness of the ISMS (including meeting of ISMS policy and objectives and review of security controls) undertaken?

– Do the security controls encompass not only the cloud services themselves, but also the management interfaces offered to customers?

– Can the cloud service provider demonstrate appropriate security controls applied to their physical infrastructure and facilities?

– Do we have policies and methodologies in place to ensure the appropriate security controls for each application?

– Is the measuring of the effectiveness of the selected security controls or group of controls defined?

– Does the cloud service provider have necessary security controls on their human resources?

– Do we have sufficient processes in place to enforce security controls and standards?

– Have vendors documented and independently verified their Cybersecurity controls?

– Is Information assurance Realistic, or are you setting yourself up for failure?

– Do we have sufficient processes in place to enforce security controls and standards?

– How important is Information assurance to the user organizations mission?

– What are the known security controls?

Security engineering Critical Criteria:

Survey Security engineering decisions and get going.

– Do we aggressively reward and promote the people who have the biggest impact on creating excellent Information assurance services/products?

– How will you measure your Information assurance effectiveness?

Systems engineering Critical Criteria:

Inquire about Systems engineering risks and summarize a clear Systems engineering focus.

– If we can describe engineered systems in a way analogous to natural systems (global complexity emerging from local simplicity, for example), can we identify the parameters which obey the kind of power-law relationship we find in natural systems?

– Regarding the way the system is formed and operates and the scale of interest; e.g., are we interested in complexity at the level of atoms or of cells or of organs?

– To apply complexity theory to engineered systems that we have not yet designed, can we predict these features within acceptable accuracy ranges?

– What happens if new needs (or more likely new requirements) are identified after the final needs or requirements have been developed?

– What approach will permit us to deal with the kind of unpredictable emergent behaviors that dynamic complexity can introduce?

– How will we know when our design effort has produced a solution which will satisfy the objectives within the constraints?

– Does the project require agreements related to organizational data sharing that havent yet been created?

– How to manage the complexity to permit us to answer questions, such as: when have we done enough?

– Who is the main stakeholder, with ultimate responsibility for driving Information assurance forward?

– Do we have confidence in the reliability and robustness of the systems we design?

– What is the detailed set of functions and properties of a given interface?

– Is systems engineering the solution to all of our systems problems?

– What kind of support for requirements management will be needed?

– Has organization developed a plan for continuous improvement?

– Does the requirement have a verification method assigned?

– Who will use the systems engineering plan (sep)?

– What parts are connected to each other?

– Right business case?

– Where are we today?

– What is a system?

Conclusion:

This quick readiness checklist is a selected resource to help you move forward. Learn more about how to achieve comprehensive insights with the Information assurance Self Assessment:

https://store.theartofservice.com/Information-assurance-Second-Edition/

Author: Gerard Blokdijk

CEO at The Art of Service | http://theartofservice.com

gerard.blokdijk@theartofservice.com

https://www.linkedin.com/in/gerardblokdijk

Gerard is the CEO at The Art of Service. He has been providing information technology insights, talks, tools and products to organizations in a wide range of industries for over 25 years. Gerard is a widely recognized and respected information expert. Gerard founded The Art of Service consulting business in 2000. Gerard has authored numerous published books to date.

External links:

To address the criteria in this checklist, these selected resources are provided for sources of further research and information:

Information assurance External links:

Information Assurance Training Center
https://ia.signal.army.mil

Job Title: INFORMATION ASSURANCE SPECIALIST
http://ausgar.com/job-57.aspx

[PDF]Information Assurance Workforce Improvement Program
http://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodm/857001m.pdf

Anti-virus software External links:

ST04-005: Understanding Anti-Virus Software – US-CERT
https://www.us-cert.gov/ncas/tips/ST04-005

Your anti-virus software is not enough | Popular Science
https://www.popsci.com/antivirus-software-protect-your-computer

Security Tip (ST04-005) Understanding Anti-Virus Software Original release date: June 30, 2009 | Last revised: June 05, 2015
http://Anti-Virus / Software Downloads / FileHorse.com

Business continuity External links:

What is business continuity? | The BCI
http://thebci.org/index.php/resources/what-is-business-continuity

Business continuity planning External links:

Business Continuity Planning – Northwestern University
http://www.northwestern.edu/bcp

Business Continuity Planning Suite | Ready.gov
https://www.ready.gov/business-continuity-planning-suite

Online Business Continuity Planning – Wells Fargo …
https://www.wellsfargo.com/com/ceo/business-continuity

Computer emergency response team External links:

Ghana Computer Emergency Response Team | Services
https://www.cert-gh.org/services

Tz Cert – Tanzania Computer Emergency Response Team
https://www.tzcert.go.tz

Computer science External links:

College of Engineering and Computer Science – CECS
https://umdearborn.edu/cecs

Computer Science Curriculum for Grades K-5 | Code.org
https://code.org/student/elementary

Learn | Computer Science Education Week
https://csedweek.org/learn

Corporate governance External links:

Sprint Corporation – Corporate Governance
http://investors.sprint.com/corporate-governance/default.aspx

Morgan Stanley Corporate Governance
https://www.morganstanley.com/about-us-governance

Regions Financial Corporation – Corporate Governance
http://ir.regions.com/governance.cfm

Data at rest External links:

Data in motion vs. data at rest | Internap
https://www.internap.com/2013/06/20/data-in-motion-vs-data-at-rest

What is data at rest? – Definition from WhatIs.com
http://searchstorage.techtarget.com/definition/data-at-rest

[PDF]EMC VNX2: Data at Rest Encryption
https://www.emc.com/collateral/white-paper/h13296-dare-wp.pdf

Data in transit External links:

Encrypt PI Data in Transit | PI Square
https://pisquare.osisoft.com/thread/5389

Data in Transit GmbH (@dataintransit) | Twitter
https://twitter.com/dataintransit

Disaster recovery External links:

National Disaster Recovery Framework (NDRF) Overview – …
https://training.fema.gov/is/courseoverview.aspx?code=IS-2900

SCDRO – South Carolina Disaster Recovery Office
https://www.scdr.sc.gov

Factor Analysis of Information Risk External links:

ITSecurity Office: FAIR (Factor Analysis of Information Risk)
http://itsecurityoffice.blogspot.com/2011/09/fair.html

FAIR means Factor Analysis of Information Risk – All Acronyms
https://www.allacronyms.com/FAIR/Factor_Analysis_of_Information_Risk

Fair information practice External links:

[PDF]1973: The Code of Fair Information Practices
http://simson.net/ref/2004/csg357/handouts/01_fips.pdf

[PDF]FIPPs Fair Information Practice Principles
https://ethics.berkeley.edu/sites/default/files/fippscourse.pdf

Forensic science External links:

Forensic Science Online Programs | University of Florida
https://forensicscience.ufl.edu

Forensic Science Technician – Career Information
https://www.thebalance.com/forensic-scientist-524869

All About Forensic Science Careers – The Balance
https://www.thebalance.com/discover-careers-in-forensic-science-974532

ISO/IEC 27001 External links:

ISO/IEC 27001
http://ISO/IEC 27001:2013 is an information security standard that was published on the 25th September 2013. It supersedes ISO/IEC 27001:2005, and is published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) under the joint ISO and IEC subcommittee, ISO/IEC JTC 1/SC 27.

ISO/IEC 27002 External links:

ISO/IEC 27002 code of practice
http://iso27001security.com/html/27002.html

ISO/IEC 27002 – Key Benefits of MetricStream IT GRC Solution
https://www.metricstream.com/solutions/ISO-IEC-27002.htm

ISO/IEC 27002
http://ISO/IEC 27002 is an information security standard published by the International Organization for Standardization (ISO) and by the International Electrotechnical Commission (IEC), titled Information technology – Security techniques – Code of practice for information security management.

ISO 17799 External links:

What is ISO 17799? – ISO 17799 Implementation Portal
http://17799.denialinfo.com/whatisiso17799.htm

ISO 17799 – YouTube
https://www.youtube.com/watch?v=4tPbVq-DjuU

ISO 17799 Section 7: Physical and Environmental Security
http://www.praxiom.com/iso-17799-7.htm

ISO 9001 External links:

Eagles Stainless | ISO 9001:2008 / ASME Coded
https://www.eaglestainless.com

Bevel Gear Co., LTD | ISO 9001 Precision Gear Manufacturer
https://www.bevelgeartw.com

ISO 9001: What is it? Who needs Certification and Why?
http://the9000store.com/what-are-iso-9000-standards/what-is-iso-9001

IT risk External links:

Home | IT Risk Management
https://itriskmanagement.uconn.edu

IT Risk Management and Compliance Solutions | Telos
https://www.telos.com/it-risk-management

How to Develop an IT Risk‐Management Policy: 12 Steps
https://www.wikihow.com/Develop-an-IT-Risk‐Management-Policy

Information Assurance Vulnerability Alert External links:

Information Assurance Vulnerability Alert – RMF for DoD IT
http://diarmfs.com/information-assurance-vulnerability-alert

Information security External links:

ALTA – Information Security
https://www.alta.org/business-tools/cybersecurity.cfm

[PDF]TITLE III INFORMATION SECURITY – Certifications
https://www.fismacenter.com/FISMA-final.pdf

Information Security
https://www.gsa.gov/reference/gsa-privacy-program/information-security

Management science External links:

Management Science – Official Site
https://pubsonline.informs.org/journal/mnsc

Management science (Book, 1990) [WorldCat.org]
http://www.worldcat.org/title/management-science/oclc/20392405

Management Science on JSTOR
http://www.jstor.org/journal/manascie

McCumber cube External links:

3 5 Academic Context the McCumber Cube – YouTube
https://www.youtube.com/watch?v=bwCae2V4kmY

McCumber Cube Flashcards | Quizlet
https://quizlet.com/20211727/mccumber-cube-flash-cards

Information Security Awareness: “The McCumber Cube” – …
https://www.youtube.com/watch?v=SNuIVXGOn7w

Mission assurance External links:

[PDF]Department of Defense Mission Assurance Strategy
http://policy.defense.gov/Portals/11/Documents/MA_Strategy_Final_7May12.pdf

Mission Assurance Jobs, Employment | Indeed.com
https://www.indeed.com/q-Mission-Assurance-jobs.html

Mission Assurance | The Aerospace Corporation
http://www.aerospace.org/research/mission-assurance

PCI DSS External links:

PCI Compliance Guide about PCI DSS | PCICompliance.com®
https://www.pcicompliance.com

PCI DSS FAQs – PCI FAQs – PCI Compliance Guide FAQ
https://www.pcicomplianceguide.org/faq

What is PCI DSS Compliance? | Clearent
https://www.clearent.com/insight/pci-dss-compliance

Regulatory compliance External links:

Certified Regulatory Compliance Manager (CRCM)
https://www.aba.com/Training/Certifications/Pages/CRCM.aspx

Regulatory Compliance Watch
https://www.regcompliancewatch.com

Regulatory Compliance Certification School | CUNA
https://www.cuna.org/rcs

Risk IT External links:

WOULD YOU RISK IT?! | Handless Millionaire – YouTube
https://www.youtube.com/watch?v=vpzF9hxZJPU

Risk Management Plan External links:

Risk Management Plan (RMP) Rule | US EPA
https://www.epa.gov/rmp

Free Risk Management Plan Templates | Smartsheet
https://www.smartsheet.com/free-risk-management-plan-templates

[PDF]Sample Risk Management Plan for a Community Health …
https://bphc.hrsa.gov/ftca/riskmanagement/riskmgmtplan.pdf

Risk assessment External links:

Regional Screening Levels (RSLs) | Risk Assessment | US EPA
https://www.epa.gov/risk/regional-screening-levels-rsls

Health Risk Assessment – United States Navy
https://nmcpeh-hpwebsvr.med.navy.mil/HRA/pages/CommandSelection.aspx

Breast Cancer Risk Assessment Tool
https://www.cancer.gov/bcrisktool

Risk management External links:

Education Risk Management | Edu Risk Solutions
https://www.edurisksolutions.org

Global Supply Chain Risk Management Solutions | Avetta
https://www.avetta.com

Risk Management Job Titles | Enlighten Jobs
http://www.enlightenjobs.com/risk-management-job-titles.php

Security engineering External links:

Master of Science in Cyber Security Engineering – UW Bothell
https://www.uwb.edu/cybersecurity

Master of Science Cyber Security Engineering – USC Online
https://online.usc.edu/programs/cyber-security

Systems engineering External links:

Industrial, Manufacturing, & Systems Engineering – UTA
https://www.uta.edu/ie

Systems Engineering and Operations Research
https://seor.gmu.edu

Systems Engineering Services
https://www.sesc.com

Leave a Reply

Your email address will not be published. Required fields are marked *