Es wird kein Kindle Gerät benötigt. Laden Sie eine der kostenlosen Kindle Apps herunter und beginnen Sie, Kindle-Bücher auf Ihrem Smartphone, Tablet und Computer zu lesen.

  • Apple
  • Android
  • Windows Phone
  • Android

Geben Sie Ihre Mobiltelefonnummer ein, um die kostenfreie App zu beziehen.

Kindle-Preis: EUR 1,02
inkl. MwSt.
Kindle Unlimited-Logo
Lesen Sie diesen Titel kostenfrei. Weitere Informationen
Kostenlos lesen
ODER

Diese Aktionen werden auf diesen Artikel angewendet:

Einige Angebote können miteinander kombiniert werden, andere nicht. Für mehr Details lesen Sie bitte die Nutzungsbedingungen der jeweiligen Promotion.

An Ihren Kindle oder ein anderes Gerät senden

An Ihren Kindle oder ein anderes Gerät senden

Facebook Twitter Pinterest <Einbetten>
Understanding Risk Management and Compliance, What Is Different After Monday, August 18, 2014 (English Edition) von [Lekatis, George]
Anzeige für Kindle-App

Understanding Risk Management and Compliance, What Is Different After Monday, August 18, 2014 (English Edition) Kindle Edition


Alle Formate und Ausgaben anzeigen Andere Formate und Ausgaben ausblenden
Preis
Neu ab Gebraucht ab
Kindle Edition
EUR 1,02

Länge: 163 Seiten Word Wise: Aktiviert Verbesserter Schriftsatz: Aktiviert
PageFlip: Aktiviert Sprache: Englisch

Unsere Schatzkiste
Entdecken Sie monatlich Top-eBooks für je 1,99 EUR. Exklusive und beliebte eBooks aus verschiedenen Genres stark reduziert.

Produktbeschreibungen

Kurzbeschreibung

When you are not “satisfied (S)”, how do you feel?

No, you didn’t find it!

You are “Other than satisfied (O)”

This is part of the new (and excellent if you forget the above approach) NIST Special Publication 800-53A, Revision 4, Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans (Initial Public Draft).

We read: “After the security assessment plan or privacy assessment plan is approved by the organization, the assessor(s) or assessment team executes the plan in accordance with the agreed-upon schedule.”

“Each determination statement contained within an assessment procedure executed by an assessor produces one of the following findings:

(i) satisfied (S); or

(ii) other than satisfied (O).

A finding of satisfied indicates that for the portion of the security or privacy control addressed by the determination statement, the assessment information obtained (i.e., evidence collected) indicates that the assessment objective for the control has been met producing a fully acceptable result.

A finding of other than satisfied indicates that for the portion of the security or privacy control addressed by the determination statement, the assessment information obtained indicates potential anomalies in the operation or implementation of the control that may need to be addressed by the organization.

A finding of other than satisfied may also indicate that for reasons specified in the assessment report, the assessor was unable to obtain sufficient information to make the particular determination called for in the determination statement.”

I can’t imagine how we could use this approach in the Basel iii framework… We have “fit and proper (FP) employees” and “Other than fit and proper employees (O)”? (O) Like zero? Hero or zero? No, it is not working in Basel iii. It is not black or white.
Again, the rest is an excellent document.

We read:

“Security control assessments and privacy control assessments are not about checklists, simple pass-fail results, or generating paperwork to pass inspections or audits—rather, such assessments are the principal vehicle used to verify that implemented security controls and privacy controls are meeting their stated goals and objectives.”

Also: “Organizations should carefully consider the potential impacts of employing the assessment procedures defined in this Special Publication when assessing the security and privacy controls in operational systems.

Certain assessment procedures, particularly those procedures that directly impact the operation or function of the hardware, software, or firmware components of an information system, may inadvertently affect the routine processing, transmission, or storage of information supporting organizational missions or business functions.

For example, a critical information system component may be taken offline for assessment purposes or a component may suffer a fault or failure during the assessment process.

Organizations should also take the necessary precautions to ensure that organizational missions and business functions continue to be supported by information systems and that any potential impacts to operational effectiveness resulting from assessment activities are considered in advance”.

Read more at Number 4 below.

Welcome to the Top 10 list.

Produktinformation

  • Format: Kindle Edition
  • Dateigröße: 3536 KB
  • Seitenzahl der Print-Ausgabe: 163 Seiten
  • Gleichzeitige Verwendung von Geräten: Keine Einschränkung
  • Verkauf durch: Amazon Media EU S.à r.l.
  • Sprache: Englisch
  • ASIN: B00MPZBZIE
  • Text-to-Speech (Vorlesemodus): Aktiviert
  • X-Ray:
  • Word Wise: Aktiviert
  • Screenreader: Unterstützt
  • Verbesserter Schriftsatz: Aktiviert
  • Durchschnittliche Kundenbewertung: Schreiben Sie die erste Bewertung
  • Amazon Bestseller-Rang: #1.672.749 Bezahlt in Kindle-Shop (Siehe Top 100 Bezahlt in Kindle-Shop)

  •  Ist der Verkauf dieses Produkts für Sie nicht akzeptabel?

Kundenrezensionen

Noch keine Kundenrezensionen vorhanden.
Sagen Sie Ihre Meinung zu diesem Artikel
click to open popover

Wo ist meine Bestellung?

Versand & Rücknahme

Brauchen Sie Hilfe?