Information Assurance Professional V1
Information Assurance
Professional
National Security Registration
Board
Version 2.6
Course Goals
• This presents the fundamental concepts of information assurance.
• It is designed to foster a mastery level understanding of the IA process.
• The intention is to prepare a trained IA professional Course Application
• You learn how to tailor a practical information assurance architecture using this BOK.
• As well as how to deploy an appropriate set of flexible countermeasures.
Three Assumptions
•
Three major assumptions underlie this course: •
Assumption One
– Effective Information security requires an integrated set of business and technological processes.
The Three Assumption
•
Assumption Two
•
Effective information security programs must be deliberately designed and deployed organization-wide through a strategic planning process
The Three Assumption
•
Assumption Three
•
Information security programs are systematic, •
That is, they embody an appropriate set of persistent and interacting controls
•
These function seamlessly and as an integral element of day-to-day operation of the business
The Importance of Planning
•
All three of these requirements must be satisfied for the solution to be correct. •
That condition is not arrived at by chance. •
It is always derived from a valid set of common best practices.
The IBOK
•
The IBOK is a compendium, or body-ofknowledge rather than a standard
•
It is an integration of three existing models into a single unified concept
•
The idea is that, a harmonized set of recommendations is the most authoritative statement about best practice.
Best Practice Models
•
There are at least three models that are used to guide that process,
–
The Generally Accepted System Security
Principles (GASSP), 1999
–
ISO 17799 and BS 7799:2 (2002)
–
COBIT (2006)
Best Practice Models
•
Each of these embodies a fundamental set of principles derived from extensive
“lessons learned”
•
Each of these provides
Professional
National Security Registration
Board
Version 2.6
Course Goals
• This presents the fundamental concepts of information assurance.
• It is designed to foster a mastery level understanding of the IA process.
• The intention is to prepare a trained IA professional Course Application
• You learn how to tailor a practical information assurance architecture using this BOK.
• As well as how to deploy an appropriate set of flexible countermeasures.
Three Assumptions
•
Three major assumptions underlie this course: •
Assumption One
– Effective Information security requires an integrated set of business and technological processes.
The Three Assumption
•
Assumption Two
•
Effective information security programs must be deliberately designed and deployed organization-wide through a strategic planning process
The Three Assumption
•
Assumption Three
•
Information security programs are systematic, •
That is, they embody an appropriate set of persistent and interacting controls
•
These function seamlessly and as an integral element of day-to-day operation of the business
The Importance of Planning
•
All three of these requirements must be satisfied for the solution to be correct. •
That condition is not arrived at by chance. •
It is always derived from a valid set of common best practices.
The IBOK
•
The IBOK is a compendium, or body-ofknowledge rather than a standard
•
It is an integration of three existing models into a single unified concept
•
The idea is that, a harmonized set of recommendations is the most authoritative statement about best practice.
Best Practice Models
•
There are at least three models that are used to guide that process,
–
The Generally Accepted System Security
Principles (GASSP), 1999
–
ISO 17799 and BS 7799:2 (2002)
–
COBIT (2006)
Best Practice Models
•
Each of these embodies a fundamental set of principles derived from extensive
“lessons learned”
•
Each of these provides