whostolemyhandle
IS-IT--Management
If anyone has "All in One CISSP Certification exam guide, Shon Harris, Osborne ISBN 0-07-219353", can you explain the bizzare picture of a security model on p 70, Fig 3.5?
It is supposed to be a "layered" model where each layer supports the one above. Here it is, top,down.
{"assess business objectives"}
{"Vulnerability Assessment","Penetration testing"}
{"Quantitive and Qualatitive Risk Assessment","Risk Analysis","Define risks and threats"}
{"Protection requirements","Data classification","Functionality Evaluation"}
{"Legal liabilities","Security Awareness","System reliability","Policy and procedures"}
{"Cost effective solutions","Safeguards","Counter measures"}
{"Data integrity","Confidentiality","Security Assurance"}
{"Total Security"}
Noting too, the dubious oxymoronic term "total security", I don't see how the particular arrangement was chosen.
I do see that "Total Sucurity" is under "Data integrity","Confidentiality" & "Security Assurance", and that these three are the oft-quoted "CIA triad"
But as an example, try explaining the placement of "legal liabilities".
It is supposed to be a "layered" model where each layer supports the one above. Here it is, top,down.
{"assess business objectives"}
{"Vulnerability Assessment","Penetration testing"}
{"Quantitive and Qualatitive Risk Assessment","Risk Analysis","Define risks and threats"}
{"Protection requirements","Data classification","Functionality Evaluation"}
{"Legal liabilities","Security Awareness","System reliability","Policy and procedures"}
{"Cost effective solutions","Safeguards","Counter measures"}
{"Data integrity","Confidentiality","Security Assurance"}
{"Total Security"}
Noting too, the dubious oxymoronic term "total security", I don't see how the particular arrangement was chosen.
I do see that "Total Sucurity" is under "Data integrity","Confidentiality" & "Security Assurance", and that these three are the oft-quoted "CIA triad"
But as an example, try explaining the placement of "legal liabilities".