Professional Documents
Culture Documents
Group 6 Ias
Group 6 Ias
Group 6 Ias
FOR
SECURITY
GROUP 6
Planning for security refers to understanding your
regulatory requirements, your geographical
limitations, and the sensitivity of the data you are
managing.
When you are planning your implementation, an
important part of your plan is security. By planning
for a secure implementation, you avoid known
vulnerabilities.
The two major
categories to plan for
are data in transit and
data at rest.
•Secure communications(data in transit)
Plan how your business requirements and
environment affect your approach to
securing communications between the
components of the system. Balance security
with ease of use and performance.
•Secure communications(data in transit)
Plan how your business requirements and
environment affect your approach to
securing communications between the
components of the system. Balance security
with ease of use and performance.
Screening: Screening people who have access to your firm’s data reduces
the risk that they will use it maliciously or unknowingly create issues. Look
for prior security problems and previous records during the hiring process.
For most security professionals, data privacy and governance make up the
primary area of responsibility. In addition, most information security plans
address these three components:
Screening: Screening people who have access to your firm’s data reduces
the risk that they will use it maliciously or unknowingly create issues. Look
for prior security problems and previous records during the hiring process.
Screening: Screening people who have access to your firm’s data reduces
the risk that they will use it maliciously or unknowingly create issues. Look
for prior security problems and previous records during the hiring process.
01 02
Form a Security Team Assess System Security
Risks, Threats and
Vulnerabilities
03 04 05
Identify Current Perform Cyber Risk Perform Third-Party
Safeguards Assessment Risk Assessment
Steps to Create an Information Security Plan
06 07
Classify and Manage Identify Applicable
Data Assets Regulatory Standards
08 09 10
Create a Compliance Develop Incident Train and Test
Strategy Management and Disaster Employees
Recovery Programs
Thank you!