Confidentiality, Integrity and Availablility
Memorize this CIA, Secuity triad:
Confidentiality: Encryption to avoid others accessing it
Integrity: Keeping the data from being altered
Availability: Keeping the system up and available
PKI - Only know the Root-CAs
Prove that data was not altered in any way
The site and the servers are always up and running
- Reciprocal (allow someone to use your datacenter for his desaster recovery)
Goverance, Legal and Ethics
MEM this: Canon 1 “Protect society, the commonwealth, and the infrastructure,”
- Protect society, the commonwealth, and the infrastructure.
- Act honorably, honestly, justly, responsibly, and legally.
- Provide diligent and competent service to principals.
- Advance and protect the profession.
- Promote and preserve public trust and confidence in information and systems.
- Promote the understanding and acceptance of prudent information security measures.
- Preserve and strengthen the integrity of the public infrastructure.
- Discourage unsafe practices.
MEM this: Canon 2 “Act honorably, justly, responsibly and legally,”
- Tell the truth; make all stakeholders aware of your actions on a timely basis.
- Observe all contracts and agreements, express or implied.
- Treat all members fairly. In resolving conflicts, consider public safety and duties to principals, individuals, and the profession in that order.
- Give prudent advice; avoid raising unnecessary alarm or giving unwarranted comfort. Take care to be truthful, objective, cautious, and within your competence.
- When resolving different laws in different jurisdictions, give preference to the laws of the jurisdiction in which you render your service.
MEM this: Canon 3 “Provide diligent and competent service to principals,"
- Preserve the value of their systems, applications and information.
- Respect their trust and the privileges that they grant you.
- Avoid conflicts of interest or the appearance thereof.
- Render only those services for which you are fully competent and qualified.
MEM this: Canon 4 “Advance and protect the profession,”
- Sponsor for professional advancement those best qualified. All other things equal, prefer those who are certified and who adhere to these canons. Avoid professional association with those whose practices or reputation might diminish the profession.
- Take care not to injure the reputation of other professionals through malice, or indifference.
- Maintain your competence; keep your skills and knowledge current. Give generously of your time and knowledge in training others.
Policy: management statements
Standdards: mandatory controls