218 Information assurance Success Criteria

What is involved in Information assurance

Find out what the related areas are that Information assurance connects with, associates with, correlates with or affects, and which require thought, deliberation, analysis, review and discussion. This unique checklist stands out in a sense that it is not per-se designed to give answers, but to engage the reader and lay out a Information assurance thinking-frame.

How far is your company on its Information assurance journey?

Take this short survey to gauge your organization’s progress toward Information assurance leadership. Learn your strongest and weakest areas, and what you can do now to create a strategy that delivers results.

To address the criteria in this checklist for your organization, extensive selected resources are provided for sources of further research and information.

Start the Checklist

Below you will find a quick checklist designed to help you think about which Information assurance related domains to cover and 218 essential critical questions to check off in that domain.

The following domains are covered:

Information assurance, Anti-virus software, Business continuity, Business continuity planning, Computer emergency response team, Computer science, Corporate governance, Data at rest, Data in transit, Disaster recovery, Factor Analysis of Information Risk, Fair information practice, Forensic science, ISO/IEC 27001, ISO/IEC 27002, ISO 17799, ISO 9001, IT risk, Information Assurance Advisory Council, Information Assurance Collaboration Group, Information Assurance Vulnerability Alert, Information security, Management science, McCumber cube, Mission assurance, PCI DSS, Reference Model of Information Assurance and Security, Regulatory compliance, Risk IT, Risk Management Plan, Risk assessment, Risk management, Security controls, Security engineering, Systems engineering:

Information assurance Critical Criteria:

Demonstrate Information assurance visions and explore and align the progress in Information assurance.

– What role does communication play in the success or failure of a Information assurance project?

– Think of your Information assurance project. what are the main functions?

– Who will provide the final approval of Information assurance deliverables?

Anti-virus software Critical Criteria:

Confer over Anti-virus software issues and proactively manage Anti-virus software risks.

– What are your results for key measures or indicators of the accomplishment of your Information assurance strategy and action plans, including building and strengthening core competencies?

– For your Information assurance project, identify and describe the business environment. is there more than one layer to the business environment?

– Does each mobile computer with direct connectivity to the internet have a personal firewall and anti-virus software installed?

– In what ways are Information assurance vendors and us interacting to ensure safe and effective use?

– Is anti-virus software installed on all computers/servers that connect to your network?

– Is the anti-virus software package updated regularly?

Business continuity Critical Criteria:

Tête-à-tête about Business continuity visions and spearhead techniques for implementing Business continuity.

– Who will be responsible for leading the various bcp teams (e.g., crisis/emergency, recovery, technology, communications, facilities, Human Resources, business units and processes, Customer Service)?

– We should have adequate and well-tested disaster recovery and business resumption plans for all major systems and have remote facilities to limit the effect of disruptive events. Do we comply?

– Has specific responsibility been assigned for the execution of business continuity and disaster recovery plans (either within or outside of the information security function)?

– Has the organization established an enterprise-wide business continuity/disaster recovery program that is consistent with requirements, policy, and applicable guidelines?

– Do our business continuity andor disaster recovery plan (bcp/drp) address the timely recovery of our it functions in the event of a disaster?

– What programs/projects/departments/groups have some or all responsibility for business continuity/Risk Management/organizational resilience?

– Will Information assurance have an impact on current business continuity, disaster recovery processes and/or infrastructure?

– How will management prepare employees for a disaster, reduce the overall risks, and shorten the recovery window?

– What is the role of digital document management in business continuity planning management?

– Does increasing our companys footprint add to the challenge of business continuity?

– What are the record-keeping requirements of Information assurance activities?

– How does our business continuity plan differ from a disaster recovery plan?

– Is the crisis management team comprised of members from Human Resources?

– Has business continuity thinking and planning become too formulaic?

– Is there a business continuity/disaster recovery plan in place?

– Has business continuity been considered for this eventuality?

– Do you have any DR/business continuity plans in place?

Business continuity planning Critical Criteria:

Generalize Business continuity planning planning and maintain Business continuity planning for success.

– What new services of functionality will be implemented next with Information assurance ?

– How will you know that the Information assurance project has been successful?

– What is business continuity planning and why is it important?

– How do we go about Securing Information assurance?

Computer emergency response team Critical Criteria:

Match Computer emergency response team engagements and assess and formulate effective operational and Computer emergency response team strategies.

– Do you monitor security alerts and advisories from your system vendors, Computer Emergency Response Team (CERT) and other sources, taking appropriate and responsive actions?

– How do we go about Comparing Information assurance approaches/solutions?

– How do we Lead with Information assurance in Mind?

Computer science Critical Criteria:

Unify Computer science adoptions and define what our big hairy audacious Computer science goal is.

– How do we ensure that implementations of Information assurance products are done in a way that ensures safety?

– What about Information assurance Analysis of results?

Corporate governance Critical Criteria:

Huddle over Corporate governance goals and improve Corporate governance service perception.

– Think about the functions involved in your Information assurance project. what processes flow from these functions?

– Why are Information assurance skills important?

– What is Effective Information assurance?

Data at rest Critical Criteria:

Survey Data at rest governance and define what our big hairy audacious Data at rest goal is.

– How can you negotiate Information assurance successfully with a stubborn boss, an irate client, or a deceitful coworker?

– Risk factors: what are the characteristics of Information assurance that make it risky?

– When a Information assurance manager recognizes a problem, what options are available?

Data in transit Critical Criteria:

Value Data in transit projects and find the ideas you already have.

– Meeting the challenge: are missed Information assurance opportunities costing us money?

– How can we improve Information assurance?

Disaster recovery Critical Criteria:

Air ideas re Disaster recovery decisions and find the essential reading for Disaster recovery researchers.

– Has your organization ever had to invoke its disaster recovery plan which included the CRM solution and if so was the recovery time objective met and how long did it take to return to your primary solution?

– Does our business continuity and/or disaster recovery plan (bcp/drp) address the timely recovery of its it functions in the event of a disaster?

– How do departmental (e.g. payroll, financials, student and medical) disaster recovery plans (drp) correlate with the overall erp?

– How frequently, if at all, do we conduct a business impact analysis (bia) and risk assessment (ra)?

– Do we plan a Disaster recovery plan test and a full interruption disaster recovery plan test?

– What types of infrastructure are necessary to support post-disaster re-development?

– What, if any, policies are in place to address post-disaster redevelopment?

– Are our applications designed for high availability and disaster recovery?

– The actions taken to the restarts are appropriate and minimize down time?

– What are the fault tolerance, failover, and disaster recovery plans?

– Can your business change easily to react to outside forces?

– Can you wait to reopen and still be viable when you do?

– Happy running the business before the disaster?

– Was it efficient and effective pre-disaster?

– What is disaster recovery testing?

– What actions stop the drp?

– What was selling?

Factor Analysis of Information Risk Critical Criteria:

Grade Factor Analysis of Information Risk tactics and change contexts.

– Does Information assurance systematically track and analyze outcomes for accountability and quality improvement?

– What are our needs in relation to Information assurance skills, labor, equipment, and markets?

– What are current Information assurance Paradigms?

Fair information practice Critical Criteria:

Meet over Fair information practice planning and innovate what needs to be done with Fair information practice.

– What are your key performance measures or indicators and in-process measures for the control and improvement of your Information assurance processes?

– Which Information assurance goals are the most important?

Forensic science Critical Criteria:

Win new insights about Forensic science tactics and sort Forensic science activities.

– How do mission and objectives affect the Information assurance processes of our organization?

– Is Information assurance Realistic, or are you setting yourself up for failure?

– Does the Information assurance task fit the clients priorities?

ISO/IEC 27001 Critical Criteria:

Accommodate ISO/IEC 27001 leadership and learn.

– What are the disruptive Information assurance technologies that enable our organization to radically change our business processes?

– Are we making progress? and are we making progress as Information assurance leaders?

– Have the types of risks that may impact Information assurance been identified and analyzed?

ISO/IEC 27002 Critical Criteria:

Own ISO/IEC 27002 quality and devote time assessing ISO/IEC 27002 and its risk.

– At what point will vulnerability assessments be performed once Information assurance is put into production (e.g., ongoing Risk Management after implementation)?

ISO 17799 Critical Criteria:

Consult on ISO 17799 leadership and balance specific methods for improving ISO 17799 results.

– What other jobs or tasks affect the performance of the steps in the Information assurance process?

– In a project to restructure Information assurance outcomes, which stakeholders would you involve?

– Why should we adopt a Information assurance framework?

ISO 9001 Critical Criteria:

Inquire about ISO 9001 management and attract ISO 9001 skills.

– Does a supplier having an ISO 9001 or AS9100 certification automatically satisfy this requirement?

– To what extent does management recognize Information assurance as a tool to increase the results?

– What is our formula for success in Information assurance ?

IT risk Critical Criteria:

Distinguish IT risk decisions and ask what if.

– Marketing budgets are tighter, consumers are more skeptical, and social media has changed forever the way we talk about Information assurance. How do we gain traction?

– Which is the financial loss that the organization will experience as a result of a security incident due to the residual risk ?

– Do you standardize ITRM processes and clearly defined roles and responsibilities to improve efficiency, quality and reporting?

– Structure/process risk -What is the degree of change the new project will introduce into user areas and business procedures?

– To what extent is your companys approach to ITRM aligned with the ERM strategies and frameworks?

– What best describes your establishment of a common process, risk and control library?

– What information handled by or about the system should not be disclosed and to whom?

– Have you defined IT risk performance metrics that are monitored and reported?

– Who performs your companys information and technology risk assessments?

– Does your IT risk program have GRC tools or other tools and technology?

– How important is the information to the user organizations mission?

– How much money should be invested in technical security measures ?

– Do you actively monitor regulatory changes for the impact of ITRM?

– How much system downtime can the organization tolerate?

– Does the board have a conflict of interest policy?

– Does your company have a formal ITRM function?

– What triggers a risk assessment?

– How will we pay for it?

– Who are valid users?

Information Assurance Advisory Council Critical Criteria:

Reconstruct Information Assurance Advisory Council adoptions and display thorough understanding of the Information Assurance Advisory Council process.

– Do we aggressively reward and promote the people who have the biggest impact on creating excellent Information assurance services/products?

Information Assurance Collaboration Group Critical Criteria:

Deliberate Information Assurance Collaboration Group decisions and probe using an integrated framework to make sure Information Assurance Collaboration Group is getting what it needs.

– What are our best practices for minimizing Information assurance project risk, while demonstrating incremental value and quick wins throughout the Information assurance project lifecycle?

– Are there recognized Information assurance problems?

Information Assurance Vulnerability Alert Critical Criteria:

Distinguish Information Assurance Vulnerability Alert results and probe the present value of growth of Information Assurance Vulnerability Alert.

– How can you measure Information assurance in a systematic way?

– Who needs to know about Information assurance ?

– How do we maintain Information assurances Integrity?

Information security Critical Criteria:

Deliberate Information security governance and find out.

– Does the information security function actively engage with other critical functions, such as it, Human Resources, legal, and the privacy officer, to develop and enforce compliance with information security and privacy policies and practices?

– Has the organization established an Identity and Access Management program that is consistent with requirements, policy, and applicable guidelines and which identifies users and network devices?

– Is the software and application development process based on an industry best practice and is information security included throughout the software development life cycle (sdlc) process?

– Are information security events and weaknesses associated with information systems communicated in a manner to allow timely corrective action to be taken?

– Is mgmt able to determine whether security activities delegated to people or implemented by information security are performing as expected?

– Do suitable policies for the information security exist for all critical assets of the value added chain (degree of completeness)?

– Does your organization have a chief information security officer (ciso or equivalent title)?

– Is there a consistent and effective approach applied to the mgmt of information security events?

– Is an organizational information security policy established?

– What is the main driver for information security expenditure?

– Conform to the identified information security requirements?

– What is the goal of information security?

Management science Critical Criteria:

Gauge Management science engagements and differentiate in coordinating Management science.

– Among the Information assurance product and service cost to be estimated, which is considered hardest to estimate?

McCumber cube Critical Criteria:

Derive from McCumber cube results and oversee McCumber cube management by competencies.

– What tools and technologies are needed for a custom Information assurance project?

– Who sets the Information assurance standards?

– How to deal with Information assurance Changes?

Mission assurance Critical Criteria:

Chart Mission assurance results and get going.

– Who will be responsible for making the decisions to include or exclude requested changes once Information assurance is underway?

PCI DSS Critical Criteria:

Focus on PCI DSS adoptions and work towards be a leading PCI DSS expert.

– What management system can we use to leverage the Information assurance experience, ideas, and concerns of the people closest to the work to be done?

– What may be the consequences for the performance of an organization if all stakeholders are not consulted regarding Information assurance?

– Who is the main stakeholder, with ultimate responsibility for driving Information assurance forward?

Reference Model of Information Assurance and Security Critical Criteria:

Accumulate Reference Model of Information Assurance and Security strategies and maintain Reference Model of Information Assurance and Security for success.

– How will you measure your Information assurance effectiveness?

Regulatory compliance Critical Criteria:

Guide Regulatory compliance tasks and plan concise Regulatory compliance education.

– Does Information assurance include applications and information with regulatory compliance significance (or other contractual conditions that must be formally complied with) in a new or unique manner for which no approved security requirements, templates or design models exist?

– In the case of public clouds, will the hosting service provider meet their regulatory compliance requirements?

– Regulatory compliance: Is the cloud vendor willing to undergo external audits and/or security certifications?

– How does the organization define, manage, and improve its Information assurance processes?

– What are the Key enablers to make this Information assurance move?

– What is Regulatory Compliance ?

Risk IT Critical Criteria:

Think about Risk IT management and oversee Risk IT management by competencies.

– Risk Probability and Impact: How will the probabilities and impacts of risk items be assessed?

Risk Management Plan Critical Criteria:

Systematize Risk Management Plan tactics and report on the economics of relationships managing Risk Management Plan and constraints.

– Have you fully developed a Risk Management plan for any outsourcing agreement from inception to termination – for whatever reason?

– Has identifying and assessing security and privacy risks been incorporated into the overall Risk Management planning?

– Do the Information assurance decisions we make today help people and the planet tomorrow?

– Has the risk management plan been significantly changed since last years version?

– Have you identified your Information assurance key performance indicators?

– Has the Risk Management Plan been significantly changed since last year?

– What can we expect from project Risk Management plans?

Risk assessment Critical Criteria:

Investigate Risk assessment engagements and interpret which customers can’t participate in Risk assessment because they lack skills.

– Have the it security cost for the any investment/project been integrated in to the overall cost including (c&a/re-accreditation, system security plan, risk assessment, privacy impact assessment, configuration/patch management, security control testing and evaluation, and contingency planning/testing)?

– Are interdependent service providers (for example, fuel suppliers, telecommunications providers, meter data processors) included in risk assessments?

– Is the risk assessment approach defined and suited to the ISMS, identified business information security, legal and regulatory requirements?

– What core IT system are you using?  Does it have an ERM or risk assessment module; and if so, have you used it?

– Are standards for risk assessment methodology established, so risk information can be compared across entities?

– Does the process include a BIA, risk assessments, Risk Management, and risk monitoring and testing?

– What operating practices represent major roadblocks to success or require careful risk assessment?

– Is the priority of the preventive action determined based on the results of the risk assessment?

– How often are information and technology risk assessments performed?

– Do you use any homegrown IT system for ERM or risk assessments?

– Are regular risk assessments executed across all entities?

– Are regular risk assessments executed across all entities?

– Who performs your companys IT risk assessments?

– Do you use any homegrown IT system for risk assessments?

– What are our Information assurance Processes?

Risk management Critical Criteria:

Reconstruct Risk management governance and define what our big hairy audacious Risk management goal is.

– Do you have a good understanding of emerging technologies and business trends that are vital for the management of IT risks in a fast-changing environment?

– Vrm programs run the gamut from the collection of a few documents to advanced Risk Management software tools. what is appropriate for our organization?

– Does your Cybersecurity plan contain both cyber and physical security components, or does your physical security plan identify critical cyber assets?

– Has your organization conducted a cyber risk or vulnerability assessment of its information systems, control systems, and other networked systems?

– What competencies are important to the organizations risk management process, and what type of training does the organization provide?

– How do you balance the total comprehensive view of security Risk Management that incorporates safety as well as privacy in that?

– Do you have a clearly defined organizational structure at organization level in order to sustain the risk management process?

– Will our actions, process, program or procedure prevent access to necessary records or result in changes to data in them?

– Risk treatment: do we know what steps must be taken to mitigate the risks identified?

– What is the sensitivity (or classification) level of the Risk assessed information?

– Has the company experienced an increase in the number of Cybersecurity breaches?

– What are the requirements for information availability and integrity?

– To whom does the ITRM function or oversight role report?

– Is there a common risk language (taxonomy) that is used?

– What risks should be avoided altogether?

– What is your budget for this initiative?

– Are executives sufficiently informed of risk?

– How do you design a secure network?

Security controls Critical Criteria:

Closely inspect Security controls planning and define what our big hairy audacious Security controls goal is.

– Are there multiple physical security controls (such as badges, escorts, or mantraps) in place that would prevent unauthorized individuals from gaining access to the facility?

– Does the cloud service agreement make its responsibilities clear and require specific security controls to be applied to the application?

– Are regular reviews of the effectiveness of the ISMS (including meeting of ISMS policy and objectives and review of security controls) undertaken?

– Do the security controls encompass not only the cloud services themselves, but also the management interfaces offered to customers?

– Can the cloud service provider demonstrate appropriate security controls applied to their physical infrastructure and facilities?

– Do we have policies and methodologies in place to ensure the appropriate security controls for each application?

– Is the measuring of the effectiveness of the selected security controls or group of controls defined?

– Does the cloud service provider have necessary security controls on their human resources?

– How do we measure improved Information assurance service perception, and satisfaction?

– Do we have sufficient processes in place to enforce security controls and standards?

– Have vendors documented and independently verified their Cybersecurity controls?

– Do we have sufficient processes in place to enforce security controls and standards?

– What are the known security controls?

Security engineering Critical Criteria:

Understand Security engineering goals and devote time assessing Security engineering and its risk.

– Which customers cant participate in our Information assurance domain because they lack skills, wealth, or convenient access to existing solutions?

– What are your most important goals for the strategic Information assurance objectives?

– Have all basic functions of Information assurance been defined?

Systems engineering Critical Criteria:

Disseminate Systems engineering engagements and give examples utilizing a core of simple Systems engineering skills.

– If you had to recreate the system at a certain state in its life cycle or duplicate the deployed system in the test lab to check out a fault, would you have all of the configuration data and documentation version information you would need to do so?

– What constraints apply, either in the nature and scope of our design effort (time, cost, funding, and other resources) or in the nature (size, cost, weight, etc.) of our solution?

– Regarding the way the system is formed and operates and the scale of interest; e.g., are we interested in complexity at the level of atoms or of cells or of organs?

– What happens if new needs (or more likely new requirements) are identified after the final needs or requirements have been developed?

– What approach will permit us to deal with the kind of unpredictable emergent behaviors that dynamic complexity can introduce?

– How to manage the complexity to permit us to answer questions, such as: when have we done enough?

– How are you going to know that the system is performing correctly once it is operational?

– Does management understand principles and concepts of system engineering?

– Do the requirements satisfy the intent and all key items of the need?

– Has organization developed a plan for continuous improvement?

– What is the geographic and physical extent of the system?

– Who are the stakeholders involved with the system?

– Where would we like to be in the future?

– How do we compare with the competition?

– How well should the system perform?

– Is the schedule too aggressive?

– Deliver interim releases?

– Right implementation?

– What is a system?

Conclusion:

This quick readiness checklist is a selected resource to help you move forward. Learn more about how to achieve comprehensive insights with the Information assurance Self Assessment:

https://store.theartofservice.com/Information-assurance-Second-Edition/

Author: Gerard Blokdijk

CEO at The Art of Service | http://theartofservice.com

gerard.blokdijk@theartofservice.com

https://www.linkedin.com/in/gerardblokdijk

Gerard is the CEO at The Art of Service. He has been providing information technology insights, talks, tools and products to organizations in a wide range of industries for over 25 years. Gerard is a widely recognized and respected information expert. Gerard founded The Art of Service consulting business in 2000. Gerard has authored numerous published books to date.

External links:

To address the criteria in this checklist, these selected resources are provided for sources of further research and information:

Information assurance External links:

Information Assurance Training Center
https://ia.signal.army.mil/DoDIAA

Information Assurance Training Center
https://ia.signal.army.mil

Job Title: INFORMATION ASSURANCE SPECIALIST
http://www.ausgar.com/job-57.aspx

Anti-virus software External links:

Understanding Anti-Virus Software – US-CERT
https://www.us-cert.gov/ncas/tips/ST04-005

Understanding Anti-Virus Software – US-CERT
https://www.us-cert.gov/ncas/tips/ST04-005

Business continuity External links:

Business Continuity and Other Disclosures – Pershing LLC
https://www.pershing.com/disclosures

Login – Business Continuity Office
https://bcoweb.fnf.com

Business Continuity Planning – Northwestern University
http://www.northwestern.edu/bcp

Business continuity planning External links:

Business Continuity Planning Suite | Ready.gov
https://www.ready.gov/business-continuity-planning-suite

Business Continuity Planning – Northwestern University
http://www.northwestern.edu/bcp

Business Continuity Planning – Business – Be Ready Utah
https://www.utah.gov/beready/business/make-a-plan.html

Computer emergency response team External links:

Ghana Computer Emergency Response Team | Services
https://www.cert-gh.org/services

CERT-GH – Ghana Computer Emergency Response Team
https://www.cert-gh.org

Tz Cert – Tanzania Computer Emergency Response Team
https://www.tzcert.go.tz

Computer science External links:

Computer Science and Engineering
https://cse.osu.edu

TEALS – Computer Science in Every High School
https://www.tealsk12.org

Computer Science | Kent State University
https://www.kent.edu/cs

Corporate governance External links:

Corporate Governance | Old Dominion Freight Line
https://www.odfl.com/Content/corpGovernance.faces

Corporate Governance – About Us | Aetna
https://www.aetna.com/about-us/corporate-governance.html

Corporate Governance – Expedia, Inc.
http://www.expediainc.com/corporate-governance

Data at rest External links:

What is data at rest? – Definition from WhatIs.com
http://searchstorage.techtarget.com/definition/data-at-rest

Data in transit External links:

Physical Security for Data in Transit – TCDI
https://www.tcdi.com/physical-security-for-data-in-transit

Disaster recovery External links:

Cloud Migration and Disaster Recovery
https://www.cloudendure.com

Enterprise & Private Cloud – Disaster Recovery – Backup
https://www.offsitedatasync.com

SCDRO – South Carolina Disaster Recovery Office
https://www.scdr.sc.gov

Factor Analysis of Information Risk External links:

ITSecurity Office: FAIR (Factor Analysis of Information Risk)
http://itsecurityoffice.blogspot.com/2011/09/fair.html

Factor Analysis of Information Risk | Bigueur’s Blogosphere
https://miguelbigueur.com/tag/factor-analysis-of-information-risk

FAIR means Factor Analysis of Information Risk – All …
https://www.allacronyms.com/FAIR/Factor_Analysis_of_Information_Risk

Fair information practice External links:

[PDF]FIPPs Fair Information Practice Principles
https://ethics.berkeley.edu/sites/default/files/fippscourse.pdf

CSRC – Glossary – Fair Information Practice Principles
https://csrc.nist.gov/Glossary/?term=4303

The FTC’s Fair Information Practice Principles
http://www.lawpublish.com/ftc-fair-information-practice-principles.html

Forensic science External links:

State of Delaware – Delaware Division of Forensic Science
https://dshs.delaware.gov/forensics

despp: Forensic Science Laboratory
http://www.ct.gov/despp/cwp/view.asp?a=4154&q=487828

Programs | UF Forensic Science Online Programs
https://forensicscience.ufl.edu/programs

ISO/IEC 27001 External links:

ISO/IEC 27001 Information Security Management Standard
https://www.itgovernanceusa.com/iso27001

ISO/IEC 27001 certification standard
http://www.iso27001security.com/html/27001.html

BSI Training – ISO/IEC 27001 Lead Implementer
https://bsi.learncentral.com/shop/Course.aspx?id=23237

ISO/IEC 27002 External links:

ISO/IEC 27002 code of practice
http://iso27001security.com/html/27002.html

Iso/iec 27002 : 2013. (Book, 2013) [WorldCat.org]
http://www.worldcat.org/title/isoiec-27002-2013/oclc/922901083

ISO/IEC 27002
http://ISO/IEC 27002 is an information security standard published by the International Organization for Standardization (ISO) and by the International Electrotechnical Commission (IEC), titled Information technology – Security techniques – Code of practice for information security management.

ISO 17799 External links:

What is ISO 17799? – ISO 17799 Implementation Portal
http://17799.denialinfo.com/whatisiso17799.htm

ISO 17799 Section 7: Physical and Environmental Security
http://www.praxiom.com/iso-17799-7.htm

ISO 9001 External links:

Bevel Gear Co., LTD | ISO 9001 Precision Gear Manufacturer
https://www.bevelgeartw.com

IT risk External links:

Contact Us | IT Risk Management Solutions | TraceSecurity
https://www.tracesecurity.com/contact

IT Risk Management and Compliance Solutions | Telos
https://www.telos.com/it-risk-management

IT Risk Management Reporting & Connectors | …
https://www.beyondtrust.com/solutions/reporting-connectors

Information Assurance Vulnerability Alert External links:

Information Assurance Vulnerability Alert – RMF for DoD IT
http://diarmfs.com/information-assurance-vulnerability-alert

Information security External links:

Title & Settlement Information Security
http://www.scasecurity.com/title-settlement-information-security

Managed Security Services | Information Security Solutions
https://www.intelisecure.com

[PDF]TITLE: INFORMATION SECURITY MANAGEMENT …
http://www.nyp.org/pdf/vendor-policy-I210.pdf

Management science External links:

Management science (Book, 1990) [WorldCat.org]
http://www.worldcat.org/title/management-science/oclc/20392405

Management Science and Information Systems
https://business.okstate.edu/msis

Management Science and Engineering
https://msande.stanford.edu

McCumber cube External links:

McCumber Cube: Key Aspects by Aaron Haglund on Prezi
https://prezi.com/qns_gr0hfbuv/mccumber-cube-key-aspects

Mccumber Cube – Term Paper
https://www.termpaperwarehouse.com/essay-on/Mccumber-Cube/326100

McCumber Cube Flashcards | Quizlet
https://quizlet.com/20211727/mccumber-cube-flash-cards

Mission assurance External links:

Mission Assurance Engineer Job Opening in Dulles, …
https://www.voltmilitary.com/job/mission-assurance-engineer/38209785

SMA Home | Code 300 Safety and Mission Assurance …
https://sma.gsfc.nasa.gov

[PDF]Department of Defense Mission Assurance Strategy
http://policy.defense.gov/Portals/11/Documents/MA_Strategy_Final_7May12.pdf

PCI DSS External links:

What’s New in PCI DSS 3.2 | PCI Compliance Guide
https://www.pcicomplianceguide.org/whats-new-in-pci-dss-3-2

PCI Compliance Guide about PCI DSS | PCICompliance…
https://www.pcicompliance.com

Reference Model of Information Assurance and Security External links:

A reference model of information assurance and security
http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.650.2945

Regulatory compliance External links:

Regulatory Compliance Association Reviews – …
https://rcaonline.org

Chemical Regulatory Compliance – ChemADVISOR, Inc.
https://www.chemadvisor.com

ABA Regulatory Compliance Conference
https://www.aba.com/Training/Conferences/Pages/RCC_schedule.aspx

Risk IT External links:

Risk It | Definition of Risk It by Merriam-Webster
https://www.merriam-webster.com/dictionary/risk it

Risk Management Plan External links:

[PDF]Sample Risk Management Plan for a Community …
http://bphc.hrsa.gov/ftca/riskmanagement/riskmgmtplan.pdf

Risk Management Plan (RMP) Rule | US EPA
https://www.epa.gov/rmp

Risk Management Plan (RMP) Rule Overview | US EPA
https://www.epa.gov/rmp/risk-management-plan-rmp-rule-overview

Risk assessment External links:

[PDF]Deliberate Risk Assessment Worksheet – United …
http://www.parks.army.mil/training/docs/dd2977.pdf

Risk Assessment : OSH Answers
http://ccohs.ca/oshanswers/hsprograms/risk_assessment.html

Ground Risk Assessment Tool – United States Army …
https://grat.safety.army.mil

Risk management External links:

Global Supply Chain Risk Management Solutions | Avetta
https://www.avetta.com

Risk Management Jobs – Apply Now | CareerBuilder
https://www.careerbuilder.com/jobs-risk-management

Risk Management – ue.org
https://www.ue.org/risk-management

Security controls External links:

Picture This: A visual guide to security controls – CertMag
http://certmag.com/picture-this-visual-guide-security-controls

Security engineering External links:

Master of Science in Cyber Security Engineering – UW …
https://www.uwb.edu/cybersecurity

Security engineering – ScienceDaily
https://www.sciencedaily.com/terms/security_engineering.htm

National Security Engineering Center | The MITRE …
https://www.mitre.org/centers/national-security-and-engineering-center

Systems engineering External links:

DoD Systems Engineering – Guidance & Tools
http://www.acq.osd.mil/se/pg/guidance.html

Industrial, Manufacturing and Systems Engineering
https://www.utep.edu/engineering/imse/index.html

Systems Engineering and Operations Research
https://seor.gmu.edu

Top 223 Information assurance Goals and Objectives Questions

What is involved in Information assurance

Find out what the related areas are that Information assurance connects with, associates with, correlates with or affects, and which require thought, deliberation, analysis, review and discussion. This unique checklist stands out in a sense that it is not per-se designed to give answers, but to engage the reader and lay out a Information assurance thinking-frame.

How far is your company on its Information assurance journey?

Take this short survey to gauge your organization’s progress toward Information assurance leadership. Learn your strongest and weakest areas, and what you can do now to create a strategy that delivers results.

To address the criteria in this checklist for your organization, extensive selected resources are provided for sources of further research and information.

Start the Checklist

Below you will find a quick checklist designed to help you think about which Information assurance related domains to cover and 223 essential critical questions to check off in that domain.

The following domains are covered:

Information assurance, Anti-virus software, Business continuity, Business continuity planning, Computer emergency response team, Computer science, Corporate governance, Data at rest, Data in transit, Disaster recovery, Factor Analysis of Information Risk, Fair information practice, Forensic science, ISO/IEC 27001, ISO/IEC 27002, ISO 17799, ISO 9001, IT risk, Information Assurance Advisory Council, Information Assurance Collaboration Group, Information Assurance Vulnerability Alert, Information security, Management science, McCumber cube, Mission assurance, PCI DSS, Reference Model of Information Assurance and Security, Regulatory compliance, Risk IT, Risk Management Plan, Risk assessment, Risk management, Security controls, Security engineering, Systems engineering:

Information assurance Critical Criteria:

Merge Information assurance leadership and ask questions.

– What is the purpose of Information assurance in relation to the mission?

– What are the long-term Information assurance goals?

Anti-virus software Critical Criteria:

Accelerate Anti-virus software quality and change contexts.

– Does each mobile computer with direct connectivity to the internet have a personal firewall and anti-virus software installed?

– Is anti-virus software installed on all computers/servers that connect to your network?

– Have you identified your Information assurance key performance indicators?

– Is the anti-virus software package updated regularly?

– Are there Information assurance problems defined?

Business continuity Critical Criteria:

Bootstrap Business continuity governance and do something to it.

– Who will be responsible for leading the various bcp teams (e.g., crisis/emergency, recovery, technology, communications, facilities, Human Resources, business units and processes, Customer Service)?

– Has specific responsibility been assigned for the execution of business continuity and disaster recovery plans (either within or outside of the information security function)?

– Has the organization established an enterprise-wide business continuity/disaster recovery program that is consistent with requirements, policy, and applicable guidelines?

– What management system can we use to leverage the Information assurance experience, ideas, and concerns of the people closest to the work to be done?

– Does our business continuity and/or disaster recovery plan (bcp/drp) address the timely recovery of its it functions in the event of a disaster?

– Do the response plans address damage assessment, site restoration, payroll, Human Resources, information technology, and administrative support?

– Do our business continuity andor disaster recovery plan (bcp/drp) address the timely recovery of our it functions in the event of a disaster?

– What programs/projects/departments/groups have some or all responsibility for business continuity/Risk Management/organizational resilience?

– Will Information assurance have an impact on current business continuity, disaster recovery processes and/or infrastructure?

– Which data center management activity involves eliminating single points of failure to ensure business continuity?

– What is the role of digital document management in business continuity planning management?

– Does increasing our companys footprint add to the challenge of business continuity?

– Has business continuity thinking and planning become too formulaic?

– Is there a business continuity/disaster recovery plan in place?

– What is business continuity planning and why is it important?

– Do you have any DR/business continuity plans in place?

– Do you have a tested IT disaster recovery plan?

– Is Information assurance Required?

Business continuity planning Critical Criteria:

Consider Business continuity planning planning and change contexts.

– Is the Information assurance organization completing tasks effectively and efficiently?

– Do you monitor the effectiveness of your Information assurance activities?

Computer emergency response team Critical Criteria:

Define Computer emergency response team issues and triple focus on important concepts of Computer emergency response team relationship management.

– Do you monitor security alerts and advisories from your system vendors, Computer Emergency Response Team (CERT) and other sources, taking appropriate and responsive actions?

– For your Information assurance project, identify and describe the business environment. is there more than one layer to the business environment?

– Who are the people involved in developing and implementing Information assurance?

– What vendors make products that address the Information assurance needs?

Computer science Critical Criteria:

Focus on Computer science projects and plan concise Computer science education.

– Record-keeping requirements flow from the records needed as inputs, outputs, controls and for transformation of a Information assurance process. ask yourself: are the records needed as inputs to the Information assurance process available?

– Is Information assurance Realistic, or are you setting yourself up for failure?

– How do we maintain Information assurances Integrity?

Corporate governance Critical Criteria:

Nurse Corporate governance goals and find out what it really means.

– What are the disruptive Information assurance technologies that enable our organization to radically change our business processes?

– What prevents me from making the changes I know will make me a more effective Information assurance leader?

– In a project to restructure Information assurance outcomes, which stakeholders would you involve?

Data at rest Critical Criteria:

Design Data at rest issues and prioritize challenges of Data at rest.

– How do we measure improved Information assurance service perception, and satisfaction?

– Do we have past Information assurance Successes?

– How to Secure Information assurance?

Data in transit Critical Criteria:

Air ideas re Data in transit risks and devote time assessing Data in transit and its risk.

– Who will be responsible for documenting the Information assurance requirements in detail?

– What business benefits will Information assurance goals deliver if achieved?

– Is the scope of Information assurance defined?

Disaster recovery Critical Criteria:

Guide Disaster recovery leadership and probe the present value of growth of Disaster recovery.

– Has your organization ever had to invoke its disaster recovery plan which included the CRM solution and if so was the recovery time objective met and how long did it take to return to your primary solution?

– How do you intend to fund the reopening: from existing business sources, your own resources, other investors, banks, lenders, or a mix?

– What is your insurance agent telling you about your policy and what will be covered and what wont be covered?

– Can existing lines of credit be accessed (and increased if necessary) to fund the reopening of the business?

– Do we know what we have specified in continuity of operations plans and disaster recovery plans?

– Can we self insure for disaster recovery or do we use a recommend vendor certified hot site?

– How will businesses be impacted by a disaster (e.g., earthquake, tsunami, flood)?

– How often do you fully test your disaster recovery capabilities?

– Key customers and/or suppliers will be affected by the disaster?

– What is the current financial position of your business?

– Make decisions about staff in immediate future. layoff?

– Who needs to know about Information assurance ?

– What types of businesses will be impacted?

– What are ideal use cases for the cloud?

– If I didnt reopen, what would I do?

– What are your chances for success?

– What is post-disaster recovery?

– Can team members work off site?

– Access to your computers?

– What was selling?

Factor Analysis of Information Risk Critical Criteria:

Co-operate on Factor Analysis of Information Risk planning and spearhead techniques for implementing Factor Analysis of Information Risk.

– How would one define Information assurance leadership?

Fair information practice Critical Criteria:

Rank Fair information practice quality and perfect Fair information practice conflict management.

– What are the barriers to increased Information assurance production?

– How do we go about Comparing Information assurance approaches/solutions?

– What are the usability implications of Information assurance actions?

Forensic science Critical Criteria:

Mine Forensic science tactics and get going.

– Why is Information assurance important for you now?

ISO/IEC 27001 Critical Criteria:

Map ISO/IEC 27001 adoptions and describe which business rules are needed as ISO/IEC 27001 interface.

– What is the total cost related to deploying Information assurance, including any consulting or professional services?

– To what extent does management recognize Information assurance as a tool to increase the results?

– Can Management personnel recognize the monetary benefit of Information assurance?

ISO/IEC 27002 Critical Criteria:

Cut a stake in ISO/IEC 27002 visions and probe using an integrated framework to make sure ISO/IEC 27002 is getting what it needs.

– Is maximizing Information assurance protection the same as minimizing Information assurance loss?

– How important is Information assurance to the user organizations mission?

ISO 17799 Critical Criteria:

Accumulate ISO 17799 decisions and innovate what needs to be done with ISO 17799.

– Does our organization need more Information assurance education?

ISO 9001 Critical Criteria:

Scan ISO 9001 failures and question.

– In the case of a Information assurance project, the criteria for the audit derive from implementation objectives. an audit of a Information assurance project involves assessing whether the recommendations outlined for implementation have been met. in other words, can we track that any Information assurance project is implemented as planned, and is it working?

– What are our best practices for minimizing Information assurance project risk, while demonstrating incremental value and quick wins throughout the Information assurance project lifecycle?

– Does a supplier having an ISO 9001 or AS9100 certification automatically satisfy this requirement?

– Does Information assurance analysis isolate the fundamental causes of problems?

IT risk Critical Criteria:

Frame IT risk failures and revise understanding of IT risk architectures.

– Do you have a good understanding of emerging technologies and business trends that are vital for the management of IT risks in a fast-changing environment?

– Roles and Responsibilities: Who are the individuals responsible for implementing specific tasks and providing deliverables related to risk management?

– Do you have enough focus on ITRM documentation to help formalize processes to increase communications and integration with ORM?

– Is there a need to use a formal planning processes including planning meetings in order to assess and manage the risk?

– Risk Documentation: What reporting formats and processes will be used for risk management activities?

– What is the effect on the organizations mission if the system or information is not reliable?

– Estimate the change in financial investment for ITRM activities in the next 12 months?

– How does your company report on its information and technology risk assessment?

– Does the IT Risk Management framework align to a three lines of defense model?

– How can organizations advance from good IT Risk Management practice to great?

– Which risks are managed or monitored in the scope of the ITRM function?

– To what extent are you involved in IT Risk Management at your company?

– Does the board explore options before arriving at a decision?

– Where specifically is the information processed and stored?

– To what extent are you involved in ITRM at your company?

– Does the board have a manual and operating procedures?

– Does your company have a formal ITRM function?

– What will we do if something does go wrong?

Information Assurance Advisory Council Critical Criteria:

Have a session on Information Assurance Advisory Council projects and simulate teachings and consultations on quality process improvement of Information Assurance Advisory Council.

– Are there any easy-to-implement alternatives to Information assurance? Sometimes other solutions are available that do not require the cost implications of a full-blown project?

– What are the record-keeping requirements of Information assurance activities?

Information Assurance Collaboration Group Critical Criteria:

Trace Information Assurance Collaboration Group strategies and attract Information Assurance Collaboration Group skills.

– Who will be responsible for deciding whether Information assurance goes ahead or not after the initial investigations?

– Does Information assurance systematically track and analyze outcomes for accountability and quality improvement?

– What are the business goals Information assurance is aiming to achieve?

Information Assurance Vulnerability Alert Critical Criteria:

Adapt Information Assurance Vulnerability Alert adoptions and finalize the present value of growth of Information Assurance Vulnerability Alert.

– Among the Information assurance product and service cost to be estimated, which is considered hardest to estimate?

– What threat is Information assurance addressing?

– Are we Assessing Information assurance and Risk?

Information security Critical Criteria:

Demonstrate Information security tasks and track iterative Information security results.

– Is the software and application development process based on an industry best practice and is information security included throughout the software development life cycle (sdlc) process?

– Do we maintain our own threat catalogue on the corporate intranet to remind employees of the wide range of issues of concern to Information Security and the business?

– Is there an information security policy to provide mgmt direction and support for information security in accordance with business requirements, relevant laws and regulations?

– Do suitable policies for the information security exist for all critical assets of the value added chain (indication of completeness of policies, Ico )?

– Is the risk assessment approach defined and suited to the ISMS, identified business information security, legal and regulatory requirements?

– Is the documented Information Security Mgmt System (ISMS) established, implemented, operated, monitored, reviewed, maintained and improved?

– Are information security roles and responsibilities coordinated and aligned with internal roles and external partners?

– Have the roles and responsibilities for information security been clearly defined within the company?

– Does your organization have a chief information security officer (CISO or equivalent title)?

– Are damage assessment and disaster recovery plans in place?

– Is information security an it function within the company?

– Does your company have an information security officer?

– What is the goal of information security?

– What is information security?

Management science Critical Criteria:

Be clear about Management science goals and proactively manage Management science risks.

– How does the organization define, manage, and improve its Information assurance processes?

– What are the Essentials of Internal Information assurance Management?

– Have all basic functions of Information assurance been defined?

McCumber cube Critical Criteria:

Look at McCumber cube strategies and revise understanding of McCumber cube architectures.

– How do mission and objectives affect the Information assurance processes of our organization?

Mission assurance Critical Criteria:

Win new insights about Mission assurance goals and integrate design thinking in Mission assurance innovation.

– Who will provide the final approval of Information assurance deliverables?

PCI DSS Critical Criteria:

Study PCI DSS results and gather practices for scaling PCI DSS.

– Do those selected for the Information assurance team have a good general understanding of what Information assurance is all about?

– What knowledge, skills and characteristics mark a good Information assurance project manager?

Reference Model of Information Assurance and Security Critical Criteria:

Understand Reference Model of Information Assurance and Security quality and grade techniques for implementing Reference Model of Information Assurance and Security controls.

– What are all of our Information assurance domains and what do they do?

– How do we go about Securing Information assurance?

Regulatory compliance Critical Criteria:

Own Regulatory compliance strategies and summarize a clear Regulatory compliance focus.

– Does Information assurance include applications and information with regulatory compliance significance (or other contractual conditions that must be formally complied with) in a new or unique manner for which no approved security requirements, templates or design models exist?

– In the case of public clouds, will the hosting service provider meet their regulatory compliance requirements?

– Regulatory compliance: Is the cloud vendor willing to undergo external audits and/or security certifications?

– Risk factors: what are the characteristics of Information assurance that make it risky?

– What about Information assurance Analysis of results?

– What are our Information assurance Processes?

– What is Regulatory Compliance ?

Risk IT Critical Criteria:

Troubleshoot Risk IT planning and get the big picture.

– A compounding model resolution with available relevant data can often provide insight towards a solution methodology; which Information assurance models, tools and techniques are necessary?

– Risk Probability and Impact: How will the probabilities and impacts of risk items be assessed?

– Which individuals, teams or departments will be involved in Information assurance?

Risk Management Plan Critical Criteria:

Contribute to Risk Management Plan planning and use obstacles to break out of ruts.

– Marketing budgets are tighter, consumers are more skeptical, and social media has changed forever the way we talk about Information assurance. How do we gain traction?

– Have you fully developed a Risk Management plan for any outsourcing agreement from inception to termination – for whatever reason?

– Has identifying and assessing security and privacy risks been incorporated into the overall Risk Management planning?

– Has the risk management plan been significantly changed since last years version?

– Has the Risk Management Plan been significantly changed since last year?

– What can we expect from project Risk Management plans?

Risk assessment Critical Criteria:

Differentiate Risk assessment visions and inform on and uncover unspoken needs and breakthrough Risk assessment results.

– Have the it security cost for the any investment/project been integrated in to the overall cost including (c&a/re-accreditation, system security plan, risk assessment, privacy impact assessment, configuration/patch management, security control testing and evaluation, and contingency planning/testing)?

– Do we have a a cyber Risk Management tool for all levels of an organization in assessing risk and show how Cybersecurity factors into risk assessments?

– Are interdependent service providers (for example, fuel suppliers, telecommunications providers, meter data processors) included in risk assessments?

– With Risk Assessments do we measure if Is there an impact to technical performance and to what level?

– How frequently, if at all, do we conduct a business impact analysis (bia) and risk assessment (ra)?

– What operating practices represent major roadblocks to success or require careful risk assessment?

– What other jobs or tasks affect the performance of the steps in the Information assurance process?

– Who performs your companys information and technology risk assessments?

– How often are information and technology risk assessments performed?

– Are accountability and ownership for Information assurance clearly defined?

– Do you use any homegrown IT system for ERM or risk assessments?

– How are risk assessment and audit results communicated to executives?

– Do you use any homegrown IT system for ERM or risk assessments?

– What drives the timing of your risk assessments?

– Are regular risk assessments executed across all entities?

– Who performs your companys IT risk assessments?

– Are risk assessments at planned intervals reviewed?

Risk management Critical Criteria:

Think carefully about Risk management engagements and ask questions.

– At what point will vulnerability assessments be performed once Information assurance is put into production (e.g., ongoing Risk Management after implementation)?

– Has Cybersecurity been identified in the physical security plans for the assets, reflecting planning for a blended cyber/physical attack?

– Which is the financial loss that the organization will experience as a result of every possible security incident ?

– How can senior executive teams strengthen Risk Management in a way that is both strategic and value-adding?

– Is our organization doing any form of outreach or education on Cybersecurity Risk Management?

– Are we currently required to report any cyber incidents to any federal or state agencies?

– People risk -Are people with appropriate skills available to help complete the project?

– If information is destroyed due to a virus or catastrophe, how could it be restored?

– Do you have an enterprise-wide risk management program that includes Cybersecurity?

– Does your company have a formal IT risk framework and assessment process in place?

– Our project management standards do they support or undermine Risk Management?

– Are new risks introduced as a result of the identified risks being controlled?

– What is our approach to Risk Management in the specific area of social media?

– Where specifically is the Risk assessed information processed and stored?

– Can highly-effective IT Risk Management programs ever eliminate IT Risk?

– Is the Cybersecurity policy reviewed or audited?

– Which rules appear frequently? Which are anomalies?

– what is our Ultimate Disaster Scenario?

– Who needs risk planning ?

– How do we categorize risk?

Security controls Critical Criteria:

Differentiate Security controls decisions and suggest using storytelling to create more compelling Security controls projects.

– Are there multiple physical security controls (such as badges, escorts, or mantraps) in place that would prevent unauthorized individuals from gaining access to the facility?

– Does the cloud service agreement make its responsibilities clear and require specific security controls to be applied to the application?

– Are regular reviews of the effectiveness of the ISMS (including meeting of ISMS policy and objectives and review of security controls) undertaken?

– Do the security controls encompass not only the cloud services themselves, but also the management interfaces offered to customers?

– Can the cloud service provider demonstrate appropriate security controls applied to their physical infrastructure and facilities?

– Do we have policies and methodologies in place to ensure the appropriate security controls for each application?

– Is the measuring of the effectiveness of the selected security controls or group of controls defined?

– Why is it important to have senior management support for a Information assurance project?

– Does the cloud service provider have necessary security controls on their human resources?

– Do we have sufficient processes in place to enforce security controls and standards?

– Have vendors documented and independently verified their Cybersecurity controls?

– Do we have sufficient processes in place to enforce security controls and standards?

– What are the known security controls?

Security engineering Critical Criteria:

Contribute to Security engineering risks and learn.

– Is there any existing Information assurance governance structure?

– How do we Lead with Information assurance in Mind?

Systems engineering Critical Criteria:

Consolidate Systems engineering goals and oversee implementation of Systems engineering.

– The complexity of our design task is significantly affected by the nature of the objectives for the systems to be designed. is the task intricate, or difficult?

– Is the project using any technologies that have not been widely deployed or that the project team is unfamiliar with?

– Do we have confidence in the reliability and robustness of the systems we design?

– What is the detailed set of functions and properties of a given interface?

– What are the elements and the high-level capabilities of the system?

– Is systems engineering the solution to all of our systems problems?

– What kind of support for requirements management will be needed?

– Why has systems engineering emerged as a distinct discipline?

– Does the requirement have a verification method assigned?

– Who will use the systems engineering plan (sep)?

– What policies are currently being implemented?

– Where would we like to be in the future?

– How much architecting is enough?

– Is the schedule too aggressive?

– How confident are we?

– What option is best?

– Right business case?

– What is a system?

Conclusion:

This quick readiness checklist is a selected resource to help you move forward. Learn more about how to achieve comprehensive insights with the Information assurance Self Assessment:

https://store.theartofservice.com/Information-assurance-Second-Edition/

Author: Gerard Blokdijk

CEO at The Art of Service | http://theartofservice.com

gerard.blokdijk@theartofservice.com

https://www.linkedin.com/in/gerardblokdijk

Gerard is the CEO at The Art of Service. He has been providing information technology insights, talks, tools and products to organizations in a wide range of industries for over 25 years. Gerard is a widely recognized and respected information expert. Gerard founded The Art of Service consulting business in 2000. Gerard has authored numerous published books to date.

External links:

To address the criteria in this checklist, these selected resources are provided for sources of further research and information:

Information assurance External links:

Job Title: INFORMATION ASSURANCE SPECIALIST
http://www.ausgar.com/job-57.aspx

Title Information Assurance Jobs, Employment | Indeed.com
https://www.indeed.com/q-Title-Information-Assurance-jobs.html

[PDF]Information Assurance Specialist – GC Associates USA
http://www.gcassociates-usa.com/images/Information_Assurance_Specialist.pdf

Anti-virus software External links:

UK agencies warned off Russian anti-virus software – CNN
http://www.cnn.com/2017/12/02/europe/uk-russia-anti-virus-software-intl

Business continuity External links:

[PDF]Job Description Job Title: Business Continuity …
https://www.slc.co.uk/media/9344/business-continuity-manager-jd.pdf

Computer emergency response team External links:

Ghana Computer Emergency Response Team | Services
https://www.cert-gh.org/services

Tz Cert – Tanzania Computer Emergency Response Team
https://www.tzcert.go.tz

Computer science External links:

College of Engineering and Computer Science | Wright …
https://engineering-computer-science.wright.edu

Wendt Commons Library | Engineering and Computer Science
https://www.library.wisc.edu/wendt

Computer Science and Engineering
https://cse.osu.edu

Corporate governance External links:

Corporate Governance – About Us | Aetna
https://www.aetna.com/about-us/corporate-governance.html

Morgan Stanley Corporate Governance
https://www.morganstanley.com/about-us-governance

Cleary Gottlieb M&A and Corporate Governance Watch
https://www.clearymawatch.com

Data at rest External links:

What is data at rest? – Definition from WhatIs.com
http://searchstorage.techtarget.com/definition/data-at-rest

Data in transit External links:

Physical Security for Data in Transit – TCDI
https://www.tcdi.com/physical-security-for-data-in-transit

Disaster recovery External links:

United Way Disaster Recovery Funds | United Way Worldwide
https://www.unitedway.org/recovery

Disaster Recovery Assistance | United States Department …
https://www.dol.gov/general/disasterrecovery

Enterprise & Private Cloud – Disaster Recovery – Backup
https://www.offsitedatasync.com

Factor Analysis of Information Risk External links:

FAIR means Factor Analysis of Information Risk – All …
https://www.allacronyms.com/FAIR/Factor_Analysis_of_Information_Risk

ITSecurity Office: FAIR (Factor Analysis of Information Risk)
http://itsecurityoffice.blogspot.com/2011/09/fair.html

Fair information practice External links:

[PDF]FIPPs Fair Information Practice Principles
https://ethics.berkeley.edu/sites/default/files/fippscourse.pdf

Fair Information Practices are a set of principles and practices that describe how an information-based society may approach information handling, storage, management, and flows with a view toward maintaining fairness, privacy, and security in a rapidly evolving global technology environment.
http://Reference: www.worldprivacyforum.org/2008/01/report-a-brief-introducti…

Forensic science External links:

[PDF]HERTZBERG – DAVIS FORENSIC SCIENCE CENTER
https://www.lasd.org/pdfjs/publications/144942_Hertzberg-Davis.pdf

What is Forensic Science (Staffordshire University)
http://www.staffs.ac.uk/schools/sciences/forensic/whatisforsci/whatisforensicsci/

ISO/IEC 27001 External links:

ISO/IEC 27001 certification standard
http://www.iso27001security.com/html/27001.html

ISO/IEC 27001:2013
http://ISO/IEC 27001:2013 is an information security standard that was published on the 25th September 2013. It supersedes ISO/IEC 27001:2005, and is published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) under the joint ISO and IEC subcommittee, ISO/IEC JTC 1/SC 27.

ISO/IEC 27001 Information Security | BSI America
https://www.bsigroup.com/en-US/ISO-IEC-27001-Information-Security

ISO/IEC 27002 External links:

ISO/IEC 27002
http://ISO/IEC 27002 is an information security standard published by the International Organization for Standardization (ISO) and by the International Electrotechnical Commission (IEC), titled Information technology – Security techniques – Code of practice for information security management.

Iso/iec 27002 : 2013. (Book, 2013) [WorldCat.org]
http://www.worldcat.org/title/isoiec-27002-2013/oclc/922901083

ISO 17799 External links:

ISO 17799 Information Security Standard – praxiom.com
http://praxiom.com/iso-17799-2000.htm

ISO 17799 – What is iso17799 (the ISO Security Standard)?
http://computersecuritynow.com/presentation

HIPAA, Sarbanes-Oxley, ISO 17799 – Gap Analysis – netlogx
https://netlogx.com/services/information-security-management/hipaa

ISO 9001 External links:

ISO 9001 : 2015 Certification – Chicago
https://www.iso-certification.us

What Is ISO 9001? | eHow
http://www.ehow.com/facts_5032354_iso.html

Bevel Gear Co., LTD | ISO 9001 Precision Gear Manufacturer
https://www.bevelgeartw.com

IT risk External links:

Magic Quadrant for IT Risk Management Solutions – Gartner
https://www.gartner.com/doc/3752465/magic-quadrant-it-risk-management

How to Develop an IT Risk‐Management Policy: 12 Steps
https://www.wikihow.com/Develop-an-IT-Risk‐Management-Policy

Information Assurance Advisory Council External links:

Information Assurance Advisory Council – WOW.com
http://www.wow.com/wiki/Information_Assurance_Advisory_Council

Information Assurance Vulnerability Alert External links:

Information Assurance Vulnerability Alert – RMF for DoD IT
http://diarmfs.com/information-assurance-vulnerability-alert

Information security External links:

Information Security
https://www.gsa.gov/reference/gsa-privacy-program/information-security

Title & Settlement Information Security
http://www.scasecurity.com/title-settlement-information-security

[PDF]Tax Information Security Guidelines For Federal, …
https://www.irs.gov/pub/irs-pdf/p1075.pdf

Management science External links:

Management science (Book, 1990) [WorldCat.org]
http://www.worldcat.org/title/management-science/oclc/20392405

Management Science on JSTOR
http://www.jstor.org/journal/manascie

Management Science – Official Site
https://pubsonline.informs.org/journal/mnsc

McCumber cube External links:

Information Security Awareness: “The McCumber Cube” – YouTube
https://www.youtube.com/watch?v=SNuIVXGOn7w

Mccumber Cube – Term Paper
https://www.termpaperwarehouse.com/essay-on/Mccumber-Cube/326100

McCumber Cube: Key Aspects by Aaron Haglund on Prezi
https://prezi.com/qns_gr0hfbuv/mccumber-cube-key-aspects

Mission assurance External links:

[PDF]Department of Defense Mission Assurance Strategy
http://policy.defense.gov/Portals/11/Documents/MA_Strategy_Final_7May12.pdf

Mission Assurance Jobs, Employment | Indeed.com
https://www.indeed.com/q-Mission-Assurance-jobs.html

Office of Mission Assurance – GSA
https://www.gsa.gov/about-us/organization/office-of-mission-assurance

PCI DSS External links:

PCI Compliance Guide about PCI DSS | PCICompliance…
https://www.pcicompliance.com

Reference Model of Information Assurance and Security External links:

A reference model of information assurance and security
http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.650.2945

Regulatory compliance External links:

Regulatory Compliance Consulting for Money Managers
https://www.hardincompliance.com

What is regulatory compliance? – Definition from WhatIs.com
http://searchcompliance.techtarget.com/definition/regulatory-compliance

Chemical Regulatory Compliance – ChemADVISOR, Inc.
https://www.chemadvisor.com

Risk Management Plan External links:

School Risk Management Plan – North Carolina
https://sera.nc.gov/srmp

[PDF]Sample Risk Management Plan for a Community …
http://bphc.hrsa.gov/ftca/riskmanagement/riskmgmtplan.pdf

Risk Management Plan (RMP) Rule | US EPA
https://www.epa.gov/rmp

Risk assessment External links:

[PDF]Deliberate Risk Assessment Worksheet – United …
http://www.parks.army.mil/training/docs/dd2977.pdf

[DOC]SUICIDE RISK ASSESSMENT GUIDE
http://www.mentalhealth.va.gov/docs/Suicide_Risk_Assessment_Guide.doc

Breast Cancer Risk Assessment Tool
https://www.cancer.gov/bcrisktool

Risk management External links:

Driver Risk Management Solutions | AlertDriving
https://www.alertdriving.com

Celgene Risk Management
https://www.celgeneriskmanagement.com

Security controls External links:

Picture This: A visual guide to security controls – CertMag
http://certmag.com/picture-this-visual-guide-security-controls

Security engineering External links:

Blockchain Protocol Analysis and Security Engineering …
https://cyber.stanford.edu/bpase18

Master of Science Cyber Security Engineering – USC Online
https://online.usc.edu/programs/cyber-security

Systems engineering External links:

DoD Systems Engineering – Guidance & Tools
http://www.acq.osd.mil/se/pg/guidance.html

Industrial & Systems Engineering | College of Engineering
http://engineering.tamu.edu/industrial

Systems Engineering and Operations Research
https://seor.gmu.edu