2 cissp ® Official Study Guide Eighth Edition



Download 19,3 Mb.
Pdf ko'rish
bet93/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   89   90   91   92   93   94   95   96   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

81
Directive

directive control
is deployed to direct, confine, or control the actions of subjects to force 
or encourage compliance with security policies. Examples of directive controls include 
security policy requirements or criteria, posted notifications, escape route exit signs, moni-
toring, supervision, and procedures.
Security Control Assessment

security control assessment (SCA)
is the formal evaluation of a security infrastructure’s 
individual mechanisms against a baseline or reliability expectation. The SCA can be per-
formed in addition to or independently of a full security evaluation, such as a penetration 
test or vulnerability assessment.
The goals of an SCA are to ensure the effectiveness of the security mechanisms, evalu-
ate the quality and thoroughness of the risk management processes of the organization
and produce a report of the relative strengths and weaknesses of the deployed security 
infrastructure.
Generally, an SCA is a process implemented by federal agencies based on the NIST 
Special Publication 800-53A titled “Guide for Assessing the Security Controls in Federal 
Information Systems” (
https://csrc.nist.gov/publications/detail/sp/800-53a/
rev-4/final
). However, while defined as a government process, the concept of evaluating 
the reliability and effectiveness of security controls should be adopted by every organiza-
tion that is committed to sustaining a successful security endeavor.
Monitoring and Measurement
Security controls should provide benefits that can be monitored and measured. If a secu-
rity control’s benefits cannot be quantified, evaluated, or compared, then it does not actu-
ally provide any security. A security control may provide native or internal monitoring, or 
external monitoring might be required. You should take this into consideration when mak-
ing initial countermeasure selections.
Measuring the effectiveness of a countermeasure is not always an absolute value. 
Many countermeasures offer degrees of improvement rather than specific hard numbers 
as to the number of breaches prevented or attack attempts thwarted. Often to obtain 
countermeasure success or failure measurements, monitoring and recording of events 
both prior to and after safeguard installation is necessary. Benefits can only be accurately 
measured if the starting point (that is, the normal point or initial risk level) is known. 
Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   89   90   91   92   93   94   95   96   ...   881




Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling

kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha


yuklab olish