The Article & Link of IRRICA.COM

concepts & management of SS PDF Print E-mail
Written by Cecilia Chee, Singapore   
Saturday, 01 October 2011 15:44

 

Security concepts 

Certain concepts recur throughout different fields of security:

  • Assurance - assurance is the level of guarantee that a security system will behave as expected
  • Countermeasure - a countermeasure is a way to stop a threat from triggering a risk event
  • Defense in depth - never rely on one single security measure alone
  • Exploit - a vulnerability that has been triggered by a threat - a risk of 1.0 (100%)
  • Risk - a risk is a possible event which could cause a loss
  • Threat - a threat is a method of triggering a risk event that is dangerous
  • Vulnerability - a weakness in a target that can potentially be exploited by a threat security

Security management in organizations

In the corporate world, various aspects of security were historically addressed separately - notably by distinct and often noncommunicating departments for IT security, physical security, and fraud prevention. Today there is a greater recognition of the interconnected nature of security requirements, an approach variously known as holistic security, "all hazards" management, and other terms.

Inciting factors in the convergence of security disciplines include the development of digital video surveillance technologies (see Professional video over IP) and the digitization and networking of physical control systems (see SCADA). Greater interdisciplinary cooperation is further evidenced by the February 2005 creation of the Alliance for Enterprise Security Risk Management, a joint venture including leading associations in security (ASIS), information security (ISSA, the Information Systems Security Association), and IT audit (ISACA, the Information Systems Audit and Control Association).

In 2007 the International Organisation for Standardization (ISO) released ISO 28000 - Security Management Systems for the supply chain. Although the title supply chain is included, this Standard specifies the requirements for a security management system, including those aspects critical to security assurance for any organisation or enterprise wishing to management the security of the organisation and its activities. ISO 28000 is the foremost risk based security system and is suitable for managing both public and private regulatory security, customs and industry based security schemes and requirements.

 

alt alt

Last Updated on Thursday, 03 November 2011 17:59
 
Under Copyright © 2017 www.irrica.com. All Right Reserved By IRRICA Software Team. IRRICA.com is the Web Site provided in all of Software Engineering Development(SED) and all of Enhanced Business Implementation(EBI) for Enterprise Software Industry World.
For more information, please issued your enquiry at e-mail: office@irrica.com