Risk Management provides a framework that helps you choose security controls to protect the information systems that are in the development lifecycle of a service (PaaS)-not important for engineering systems, procurement systems, or personnel systems. 498) this.width=498 ' OnMouseWheel = ' javascript:return big (This) ' style= ' width:354px; height:305px "border=" 0 "alt=" to solve the security control problem on PAAs with the help of risk management framework "width=" 1024 "height=" 1024 "src=" http://s1.51cto.com/wyfs02/ M02/54/8b/wkiol1sgtijtd1goaafee7lpwss788.jpg "/> Security controls are implemented after the risk is identified and evaluated and the risk is lowered to a lower level." Implementation criteria include: cost-effectiveness, technical efficiency, and compliance. You must include these standards in the security plan. The Risk Management Framework (RMF) of the National Institute of Standards and Technology (NIST) is subdivided into six steps for applying security controls to the United States federal information system. In a simple scenario, each step is described from the perspective of the Senior Information Security System Officer (Isso) and security Control Evaluator (SCA) of the Management Information System user (ISO, also called the system Isso) team. A team member also includes an authorized officer, usually a department or organization supervisor. 1th Step: Classify information systems by classifying ISO to classify the information systems in their departments and include the results in the security plan, using the format provided by the advanced Isso. Security programs usually cover a lot of assets, such as: • Processing, storage and transmission of information; • Hardware and software interfaces; PAAs developer access rights; • encryption technology; • Data sensitivity (confidential or unclassified); • Incident response point of contact Advanced Isso Ensure the information system is in the appropriate office (e.g. project management office) Registered. 2nd step: Select Security control Advanced Isso and ISO, the basic security control customization for the system-specific control or hybrid control. The official ensures that the controls are cost-effective, technically efficient and compliant. Information System-specific security controls include the following: • Access control strategies and procedures; • Segregation of duties; • Penetration testing; • Personnel screening and training; • vulnerability scanning; • Denial of service protection; • configuration settings; • Incident response plan; • Contingency planning; • emergency shutdown; • Protection of static information; • Information System inventory. 1 2 Next >> view full-text navigation page 1th: Select Security Control page 2nd: Implement security Control Original: To solve the security control problem on PAAs with the help of Risk management Framework (1) Return to network security home
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.