CRISC Domain 3 Management - PowerPoint PPT Presentation

About This Presentation
Title:

CRISC Domain 3 Management

Description:

In today’s data-driven world, robust data management is essential for safeguarding information and maintaining operational integrity. From data protection to effective identity management, every aspect plays a crucial role in mitigating risk. – PowerPoint PPT presentation

Number of Views:0
Date added: 17 September 2024
Slides: 9
Provided by: infosectrain02
Tags:

less

Transcript and Presenter's Notes

Title: CRISC Domain 3 Management


1
learntorise
2
DATA PROTECTION
  • Paper printouts
  • Magnetic media Optical drive media
  • Formats
  • Audio/Video Photos/Screensavers
  • Discarded material

CRISC DOMAIN 3
Range checks Format checks Special character
checks
Data Validation
Size checks
Likelihood checks Whitelist vs Blacklist Canonical
ization issues
www.infosectrain.com
3
DATA PROTECTION
  • Data checks and balances
  • Anti-malware
  • Data Integrity
  • SoD
  • Transaction approval
  • Least privilege

CRISC DOMAIN 3
User Permissions
Regular review
Revocation of permissions Isolation Network
segmentation
Data in Storage
Role-based access control
Physical access controls Encryption
www.infosectrain.com
4
IDENTITY MANAGEMENT
Least privilege
Access misuse
Regular review
CRISC DOMAIN 3
Disable unused accounts
Mutual exclusivity to prevent fraud and
errors Review and approval Implementation Dual
control
Segregation of Duties (SoD)
Limitation
Collusion risk
Reduce reliance on key staff Benefits
Detect collusion Broader skill sets attract other
employers
Cross-training and Job Rotation
Risc Transition inefficiencies
www.infosectrain.com
5
ACCESS CONTROL
IAAA Identification, Authentication,
Authorization, Accountability User ID
Unique identifiers
Account number Account number, Employee ID
Identification
CRISC DOMAIN 3
Knowledge Ownership Methods
Characteristic Node authentication
Authentication
Strong Authentication
Multifactor authentication
Least privilege Authorization Temporal
Isolation Logging activity Accountability/Auditi
ng Preserving logs
www.infosectrain.com
6
CRYPTOGRAPHY
Confidentiality Integrity
Nonrepudiation Access control
Benefits
Authentication Example AES Advantages
CRISC DOMAIN 3
Less complex Less processing power Key
delivery Message origin verification
Symmetric Algorithms
Encryption
Disadvantages
Example Diffie-Hellman
Public key distribution Message
origin verification Multifactor authentication
Asymmetric Algorithms
Advantages
Hashing Digital Signatures
Message Integrity
Disadvantages
Link public key with specific owner Certificate
Authority (CA) Standard X.509 Implementation of
public key cryptography Certificates CAs
Certificates
Public Key Infrastructure (PKI)
www.infosectrain.com
7
BUSINESS CONTINUITY AND DISASTER RECOVERY
MANAGEMENT
Affect accuracy and appropriateness of resiliency
plans.
Previously accepted risks may require mitigation.
Risk Environment Changes
CRISC DOMAIN 3
Advise BCP/DRP teams of risk environment changes.
Identify impact of an incident.
Business Impact Assessments (BIAs)
Understand and prioritize prevention or response
steps. Learn lessons regarding control
placement. Likelihood checks Improve incident
handling procedures.
www.infosectrain.com
8
FOUND THIS USEFUL?
To Get More Insights
Through Our FREE
Courses Workshops eBooks Checklists Mock
Tests
LIKE
FOLLOW
SHARE
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "CRISC Domain 3 Management" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!