Sumários

Standards and Guidelines

26 Outubro 2017, 16:30 Ana Respicio

Introduction to ISO/IEC 27005 and 31000; Enisa documents. More frameworks and guidelines:  OctaveItil, Cobit, ISO/IEC 27005:2011, and  NIST SP800-30.  


Business case for IS: ALE revisited. Complementary to ALE metrics. 

TP: presentations of the students on frameworks and guidelines. Assignment: auto-study ISO/IEC 27005:2011, NP ISO 31000:2013. 


No lecture

19 Outubro 2017, 18:30 Ana Respicio

No lecture: the Professor was on external mission. Auto-study: paper review.  


No lecture

19 Outubro 2017, 16:30 Ana Respicio

No lecture: the Professor was on external mission. Auto-study: paper review.  


Breaches

12 Outubro 2017, 18:30 Ana Respicio

My favorite data breach: students fast talks.


Risk management

12 Outubro 2017, 16:30 Ana Respicio

Risk identification: the TVA table.

Risk assessment. Risk scoring. Risk ranking. 
Documenting the results of risk assessment.
Controlling Risk. Risk control strategies.ISO/IEC 27005:2011 standard.
Readings: Whitman & Mattord, chapters 8 and 9. ISO/IEC 27005:2011.