This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Talk:Industry:Project Review/NIST SP 800-37r1 FPD Chapter 2

From OWASP
Revision as of 02:35, 16 December 2009 by Dan Philpott (talk | contribs) (Added footnotes section.)

Jump to: navigation, search

CHAPTER TWO

THE FUNDAMENTALS

BASIC CONCEPTS ASSOCIATED WITH MANAGING RISK FROM INFORMATION SYSTEMS


2.1 INTEGRATED ENTERPRISE-WIDE RISK MANAGEMENT

2.2 SYSTEM DEVELOPMENT LIFE CYCLE

2.3 INFORMATION SYSTEM BOUNDARIES

2.3.1 Establishing Information System Boundaries

Final chapter of this section is very concerning to me. Seems to imply that security of the Operating System is the paramount concern without regard to the fact that applications are where the majority of government data is held. Dan Philpott 03:26, 8 December 2009 (UTC)

2.3.2 Boundaries for Complex Information Systems (System of Systems)

2.3.3 Dynamic Subsystems

2.4 SECURITY CONTROL ALLOCATION

Footnotes