tailieunhanh - The CISSP Prep Guide, Second Edition Mastering the CISSP and ISSEP Exams phần 6

Cấp 3," Xác định "tập trung vào may xử lý kỷ luật từ cesses chuyên nghiệp đã được xác định ở cấp độ tổ chức. Một tuyên bố đặc trưng cho mức độ này sẽ được, "Sử dụng tốt nhất những gì bạn đã học được từ các dự án của bạn để tạo ra quy trình tổ chức". ✦ Level 4, | Chapter 11 Systems Security Engineering 497 Mission Business Function Information Management Functions Information Protection Policy Information Management Policy Figure 11-5 Discover Information Protection Needs activity from IATF document Release September 2002 . The information systems security engineer should use any reliable sources of information to learn about the customer s mission and business operations including areas such as human resources finance command and control engineering logistics and research and development. This knowledge can be used to generate a concept of operations CONOPS document or a mission needs statement MNS . Then with this information in hand an information management model IMM should be developed that ultimately defines a number of information domains. Information management is defined as Creating information Acquiring information Processing information Storing and retrieving information Transferring information Deleting information Information domains identify the members of a particular domain the applicable privileges roles rules and responsibilities of the users in the domain and a list of the information entities that are under control in the domain. The information management model should take into account The information being processed Processes being used 498 Part II The Information Systems Security Engineering Professional ISSEP Concentration Information generators Information consumers User roles Information management policy requirements Regulations Agreements or contracts The principle of least privilege should be used in developing the model by permitting users to access only the information required for them to accomplish their assigned tasks. The IMM is illustrated in Figure 11-6. Figure 11-6 Graphic of the information management model from IATF document Release Appendix H September 2002 . A short example of an IMM is given in Table 11-1. Table 11-1 Information Management Model Users Rules Process .