This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Talk:Industry:Project Review/NIST SP 800-37r1 FPD Chapter 2"

From OWASP
Jump to: navigation, search
(Installing layout of main document to structure comments)
 
(2.3.1 Establishing Information System Boundaries)
Line 25: Line 25:
 
=== 2.3.1  Establishing Information System Boundaries ===
 
=== 2.3.1  Establishing Information System Boundaries ===
  
 
+
Final chapter of this section is very concerning to me. Seems to imply that security of the Operating System is the paramount concern without regard to the fact that applications are where the majority of government data is held. [[User:Dan Philpott|Dan Philpott]] 03:26, 8 December 2009 (UTC)
  
 
=== 2.3.2  Boundaries for Complex Information Systems (System of Systems) ===
 
=== 2.3.2  Boundaries for Complex Information Systems (System of Systems) ===

Revision as of 03:26, 8 December 2009

CHAPTER TWO

THE FUNDAMENTALS

BASIC CONCEPTS ASSOCIATED WITH MANAGING RISK FROM INFORMATION SYSTEMS


2.1 INTEGRATED ENTERPRISE-WIDE RISK MANAGEMENT

2.2 SYSTEM DEVELOPMENT LIFE CYCLE

2.3 INFORMATION SYSTEM BOUNDARIES

2.3.1 Establishing Information System Boundaries

Final chapter of this section is very concerning to me. Seems to imply that security of the Operating System is the paramount concern without regard to the fact that applications are where the majority of government data is held. Dan Philpott 03:26, 8 December 2009 (UTC)

2.3.2 Boundaries for Complex Information Systems (System of Systems)

2.4 SECURITY CONTROL ALLOCATION