| About Blog Cheatsheets Defense Links Offense |
| Defense |
| Architecture Authorities Concept Forensic Introduction ITlawCH Malware Management Measures Methods Network Policy Risks Rules Threats Unix Linux Windows |
Concept
| Security concepts define measures for information technology system, whenever a risk analysis has shown, that additional security measures are needed. A security concept should at least reference each of the points below. |
|
I Document Owner II Change History III Document Distribution IV Project Classification V Referenced Documents VI Table of Contents |
|
0 Signatures |
|
1 Management Summary 1.1 Management Summary 1.2 Summary Residual Risks |
|
2 Security-relevant Project Description 2.1 Project 2.2 Roles and Contacts 2.3 Description of Project 3.4 Detailed Information 3.5 Technology Impact 3.6 Legal Compliance |
|
4 Risk Analysis 4.1 Measures already in Place 4.2 Security Requirements 4.3 Security Recommendations 4.4 Security Measures 4.5 Gap-Analysis Requirements vs. Measures 4.6 Residual Risks |
|
5 Emergency Concept 5.1 Business Continuity 5.2 Disaster Recovery |
|
6 Implementation Check 6.1 First Cut 6.2 Vulnerability Scan 6.3 Penetration Test |
|
7 Operational Aspects 7.1 Roles and Responsibilities 7.2 Change Management 7.3 Backup and Recovery 7.4 Vulnerability Management |
|
8 Liquidation 8.1 Confirmation Signature 8.2 Important Points |
|
9 Annex 9.1 Terms and Abbreviations 9.2 Network and Architectural Plans 9.3 Other Relevant Technical Documentation |