2
|
1.9.6
|
Privacy policy requirements
|
2
|
|
1.10
|
Understand and apply risk management concepts
|
2
|
|
1.10.1
|
Identify threats and vulnerabilities
|
2
|
|
1.10.2
|
Risk assessment/analysis
|
2
|
|
1.10.3
|
Risk response
|
2
|
|
1.10.4
|
Countermeasure selection and implementation
|
2
|
|
1.10.5
|
Applicable types of controls (e.g., preventive, detective, corrective)
|
2
|
|
1.10.6
|
Control assessments (security and privacy)
|
2
|
|
1.10.7
|
Monitoring and measurement
|
2
|
|
1.10.8
|
Reporting
|
2
|
|
1.10.9
|
Continuous improvement (e.g., Risk maturity modeling)
|
2
|
|
1.10.10
|
Risk frameworks
|
2
|
|
1.11
|
Understand and apply threat modeling concepts and methodologies
|
1
|
|
1.12
|
Apply Supply Chain Risk Management (SCRM) concepts
|
1
|
|
1.12.1
|
Risks associated with hardware, software, and services
|
1
|
|
1.12.2
|
Third-party assessment and monitoring
|
1
|
|
1.12.3
|
Minimum security requirements
|
1
|
|
1.12.4
|
Service level requirements
|
1
|
|
1.13
|
Establish and maintain a security awareness, education, and training program
|
2
|
|
1.13.1
|
Methods and techniques to present awareness and training (e.g., social engineering, phishing, security champions, gamification)
|
2
|
|
1.13.2
|
Periodic content reviews
|
2
|
|
1.13.3
|
Program effectiveness evaluation
|
2
|
|
Domain 2
|
Asset Security
|
|
|
2.1
|
Identify and classify information and assets
|
5
|
|
2.1.1
|
Data classification
|
5
|
|
2.1.2
|
Asset Classification
|
5
|
|
2.2
|
Establish information and asset handling requirements
|
5
|
|
2.3
|
Provision resources securely
|
16
|
|
2.3.1
|
Information and asset ownership
|
16
|
|
2.3.2
|
Asset inventory (e.g., tangible, intangible)
|
16
|
|
2.3.3
|
Asset management
|
16
|
2.4
СКАЧАТЬ
|
