Information Technology Reference
In-Depth Information
table 2.3
iA
2
implementation taxonomy examples
Security
Service/Process
Security
Mechanism
Implementation Best
Practice
Business Requirement
Vendor X
Product Y
IA Operations
Protect intellectual
property
Secure
communications
SSL v. IPSec
Vendor X
Product Y
Standard XYZ
Internal policy X,
standard Y, and
procedure Z
Protect intellectual
property
Secure servers
Host-based
intrusion
detection
system (HIDS)
Vendor X
Product Y
Standard ABC
Internal policy X,
standard Y, and
procedure Z
Protection between
publicly accessible
servers and internal
network
Firewall
Proxy v. ilter v.
stateful
Vendor X
Product Y
Standard XYZ
Internal policy X,
standard Y, and
procedure Z
Test cyber-security
defenses
Vulnerability scanning/
penetration testing
Automated tools
Vendor X v.
Internet
security
systems
Scanner X
v. ISS
Best practice guide
XYZ
Internal policy X,
standard Y, and
procedure Z
Determine
organizational risk
exposure
Vulnerability
assessment
Interviews and
validation tests
Vendor Y
TBD
Standard XYZ
Internal policy X,
standard Y, and
procedure Z
Secure operations
Computer security
incident response
team (CSIRT)
TBD
In-house v.
outsource
TBD
NIST 800-3:
Establishing a
Computer Security
Incident Response
Capability (CSIRC)
Internal policy X,
standard Y, and
procedure Z
