What is ISO 27001?
After go through some documents and video training, the conclusion is:
it is about PHYSICAL and LOGICAL information security based on
AAA and CIA
AAA = AUTHENTICATION/ AUTHORIZATION and ACCOUNTING
CIA = CONFIDENTIALITY/ INTEGRITY and AVAILABILITY
Click HERE for FREE online video training.
From Security Engineer Point of View,
AUTHENTICATION / AUTHORIZATION = ISE/ Microsoft AD/NPS / Tacacs+ and Local Login
ACCOUNTING = SNMP/ Syslogs server/ netflow (Remedy and Siebel for ITSM)
CONFIDENTIALITY/ INTEGRITY = Microsoft AD/NPS/ Tacacs+ and Local Login
AVAILABILITY = VPN/ Failover / Redundancy / High Availability
Firewall/ IPS/ IDS supports traffic flow and content security.
No comments:
Post a Comment