SlideShare a Scribd company logo

Security Framework

M
Marcel Dera

This document outlines security controls and processes across four key areas: security management, access controls, contingency planning, and configuration management. It details activities like regularly reviewing and updating security documentation, performing account reviews to remove inactive accounts, testing contingency plans and backups, managing patches and vulnerabilities, monitoring networks and logs, and ensuring proper configuration management. The overall goal appears to be maintaining strong security practices and controls across the organization.

1 of 2
Download to read offline
1
2
Framework Security Management Access Controls Contingency Planning Configuration Management Security Management – Review and update key security documentation Accounts Management – period reviews to ID and remove generic and inactive accts on systems and networks. Contingency Plan Baseline Configuration/Configuration Settings Process to ensure contractors complete Security Authorization Packages. Monitor production environments for individuals with elevated system privileges Contingency Plan Testing Patch and Vulnerability Management (database platforms & networks) Background investigations Monitoring network and audit logs and maintain in accordance with policies. Alternate Processing Approved and unapproved software, process for monitoring, presenting installation and removing unauthorized software. Ensure Position Descriptions are appropriately marked for position risk and sensitivity levels. Backup Testing Process to ensure closed issues are adequately supported with appropriate documentations Building a house on the right frames
24 Hours Configuration Management Access Control Contingency Planning Security Management Vulnerability Assessment Auditing

More Related Content

PPT
Network security
Nur Aishah Roslan
 
PDF
Professional Roles and Responsibilities
Mahesh Hiremath
 
PDF
Understanding the Risk Management Framework & (ISC)2 CAP Module 1: Exam
Donald E. Hester
 
PDF
Understanding the Risk Management Framework & (ISC)2 CAP Module 13: Contingen...
Donald E. Hester
 
DOC
Knowedge Skills Ability
Joseph Lynn
 
PPTX
Automating for NERC CIP-007-5-R1
Tripwire
 
PPT
NIST 800-37 Certification & Accreditation Process
timmcguinness
 
PPTX
FISMA NextGen - Continuous Monitoring, Near Real-Time Risk Management
danphilpott
 
Network security
Nur Aishah Roslan
 
Professional Roles and Responsibilities
Mahesh Hiremath
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 1: Exam
Donald E. Hester
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 13: Contingen...
Donald E. Hester
 
Knowedge Skills Ability
Joseph Lynn
 
Automating for NERC CIP-007-5-R1
Tripwire
 
NIST 800-37 Certification & Accreditation Process
timmcguinness
 
FISMA NextGen - Continuous Monitoring, Near Real-Time Risk Management
danphilpott
 

What's hot (20)

PDF
Vulnerability Scans & Penetration Test Comparison Chart
I.S. Partners, LLC
 
DOC
Professional Roles and Responsibilities
Mahesh Hiremath
 
PDF
Understanding the Risk Management Framework & (ISC)2 CAP Module 6: Categorize
Donald E. Hester
 
PDF
Practical IT auditing
Frederick Altum Pokoo-Aikins
 
PPTX
RMF Roles and Responsibilities (Part 1)
Donald E. Hester
 
PDF
Understanding the Risk Management Framework & (ISC)2 CAP Module 10: Authorize
Donald E. Hester
 
PDF
Information Security Continuous Monitoring within a Risk Management Framework
William McBorrough
 
PPTX
Security and Risk management in SDLC Software development Life cycle
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
DOC
Professional Roles and Responsibilities
Mahesh Hiremath
 
PDF
fsp_22Sep15
Felicia Pearson
 
PDF
Understanding the Risk Management Framework & (ISC)2 CAP Module 7: Select Con...
Donald E. Hester
 
PPT
Isa 4
Darshan Kumar
 
PPTX
Ceps departmental environment
cepsuclan
 
PDF
NIST cybersecurity framework
Shriya Rai
 
DOCX
Network Security Expert and Risk Analyst
Ashok K DL
 
PPT
The security sdlc
Mohamed Siraj
 
PPTX
Geist Presentation
stacygriggs
 
PDF
ClinMetanoia_Single
Raghuveer Swarnapuri
 
DOC
01-15a
Susan Walser
 
PPTX
Continual Monitoring
Tripwire
 
Vulnerability Scans & Penetration Test Comparison Chart
I.S. Partners, LLC
 
Professional Roles and Responsibilities
Mahesh Hiremath
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 6: Categorize
Donald E. Hester
 
Practical IT auditing
Frederick Altum Pokoo-Aikins
 
RMF Roles and Responsibilities (Part 1)
Donald E. Hester
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 10: Authorize
Donald E. Hester
 
Information Security Continuous Monitoring within a Risk Management Framework
William McBorrough
 
Security and Risk management in SDLC Software development Life cycle
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Professional Roles and Responsibilities
Mahesh Hiremath
 
fsp_22Sep15
Felicia Pearson
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 7: Select Con...
Donald E. Hester
 
Isa 4
Darshan Kumar
 
Ceps departmental environment
cepsuclan
 
NIST cybersecurity framework
Shriya Rai
 
Network Security Expert and Risk Analyst
Ashok K DL
 
The security sdlc
Mohamed Siraj
 
Geist Presentation
stacygriggs
 
ClinMetanoia_Single
Raghuveer Swarnapuri
 
01-15a
Susan Walser
 
Continual Monitoring
Tripwire
 
Ad

Similar to Security Framework (20)

DOCX
Risk Assessment
jenito21
 
DOCX
R.a 1
jenito21
 
DOCX
TEBO NDAGHA cyber resume
FRANKLINE TEBO
 
PPTX
Critical Controls Of Cyber Defense
Rishu Mehra
 
PPTX
Criticalcontrolsofcyberdefensefinal 100128032433 Phpapp02
technext1
 
PPTX
ICAB - ITA Chapter 5 class 7-8 - Controls and Standards
Mohammad Abdul Matin Emon
 
DOCX
Effects of IT on internal controls
Lou Foja
 
PDF
Security in the Software Development Life Cycle (SDLC)
Frances Coronel
 
PPTX
System Administration for security o.pptx
MuhammadAbdullah1076
 
PPT
Audit of it infrastructure
pramod_kmr73
 
PPT
8. operations security
7wounders
 
PDF
Monotype IS Policy Supplement for Information Technology, DevOps, Production ...
nopihab937
 
PDF
Patch and Vulnerability Management
Marcelo Martins
 
PPTX
Making PCI V3.0 Business as Usual (BAU)
ControlCase
 
PDF
system admin for the networking and cyber security.pdf
MuhammadAbdullah1076
 
PDF
SynerComm's Tech TV series CIS Top 20 Critical Security Controls #3
Lisa Niles
 
PDF
OpenText Security Health Check Service
Marc St-Pierre
 
PPTX
Candelaria montague final_project
candymontague
 
DOCX
Resume_Mr Herbert A Thompson 10_16_2015
Herbert Thompson
 
PDF
Ch09 Information Security Best Practices
phanleson
 
Risk Assessment
jenito21
 
R.a 1
jenito21
 
TEBO NDAGHA cyber resume
FRANKLINE TEBO
 
Critical Controls Of Cyber Defense
Rishu Mehra
 
Criticalcontrolsofcyberdefensefinal 100128032433 Phpapp02
technext1
 
ICAB - ITA Chapter 5 class 7-8 - Controls and Standards
Mohammad Abdul Matin Emon
 
Effects of IT on internal controls
Lou Foja
 
Security in the Software Development Life Cycle (SDLC)
Frances Coronel
 
System Administration for security o.pptx
MuhammadAbdullah1076
 
Audit of it infrastructure
pramod_kmr73
 
8. operations security
7wounders
 
Monotype IS Policy Supplement for Information Technology, DevOps, Production ...
nopihab937
 
Patch and Vulnerability Management
Marcelo Martins
 
Making PCI V3.0 Business as Usual (BAU)
ControlCase
 
system admin for the networking and cyber security.pdf
MuhammadAbdullah1076
 
SynerComm's Tech TV series CIS Top 20 Critical Security Controls #3
Lisa Niles
 
OpenText Security Health Check Service
Marc St-Pierre
 
Candelaria montague final_project
candymontague
 
Resume_Mr Herbert A Thompson 10_16_2015
Herbert Thompson
 
Ch09 Information Security Best Practices
phanleson
 
Ad

Security Framework

  • 1. Framework Security Management Access Controls Contingency Planning Configuration Management Security Management – Review and update key security documentation Accounts Management – period reviews to ID and remove generic and inactive accts on systems and networks. Contingency Plan Baseline Configuration/Configuration Settings Process to ensure contractors complete Security Authorization Packages. Monitor production environments for individuals with elevated system privileges Contingency Plan Testing Patch and Vulnerability Management (database platforms & networks) Background investigations Monitoring network and audit logs and maintain in accordance with policies. Alternate Processing Approved and unapproved software, process for monitoring, presenting installation and removing unauthorized software. Ensure Position Descriptions are appropriately marked for position risk and sensitivity levels. Backup Testing Process to ensure closed issues are adequately supported with appropriate documentations Building a house on the right frames