| About Blog Cheatsheets Defense Links Offense |
| Defense |
| Architecture Authorities Concept Forensic Introduction ITlawCH Malware Management Measures Methods Network Policy Risks Rules Threats Unix Linux Windows |
Management
|
strategically legal compliance, security politics, management, information politics, authority, responsabilities, enterprise goals, visions |
|
tactically security conception, security officer, danger analysis, risk management, measure identification, emergency plan, training, configuration management, change management |
|
operative realisation of measures, implementation, system administration, operating, monitoring, disaster recovery, configuration management, change management |
Principles
|
Top-Down A "top down" approach is one where an executive or other person/body makes a decision. This approach is disseminated under their authority to lower levels in the hierarchy, who are, to a greater or lesser extent, bound by them. |
|
Bottom-Up A "bottom up" approach is one that works from the grassroots — from a large number of people working together, causing a decision to arise from their joint involvement. |
Security conception
| 1 Identification of protectable objects |
| 2 Implementation of baseline protection |
| 3 Analysing threat situation, riskanalysis, evaluation |
| 4 Measure identification, evaluation, security concept |
| 5 Measure implementing, residual risk regulation |
| 6 Controlling, re-evaluation threats and risks, measure management |