Bezpieczeństwo

Organizational risk can include many types of risk (e.g., program management risk, investment risk, budgetary risk, legal liability risk, safety risk, inventory risk, supply chain risk, and security risk). Security risk related to the operation and use of information systems is just one of many components of organizational risk that senior leaders/executives address as part of their ongoing risk management responsibilities. Effective risk management requires that organizations operate in highly complex, interconnected environments using state-of-the-art and...

This guideline has been developed to assist Federal government agencies to categorize information and information systems. The guideline's objective is to facilitate application of appropriate levels of information security according to a range of levels of impact or consequences that might result from the unauthorized disclosure, modification, or use of the information or information system.

This document includes two volumes, a basic guideline and a volume of appendices. Users should review the guidelines provided in Volume I, then refer to only that...

An information system is typically in a constant state of change in response to new, enhanced, corrected, or updated hardware and software capabilities, patches for correcting software flaws and other errors to existing components, new security threats, changing business functions, etc. Implementing information system changes almost always results in some adjustment to the system configuration. To ensure that the required adjustments to the system configuration do not adversely affect the security of the information system or the organization from operation of...

Nicht nur im privaten Umfeld, auch im beruflichen sind Computer, Smartphones und das Internet Begleiter unseres täglichen Lebens. Dabei spielt der Schutz von Informationen eine wichtige Rolle. Über 70% aller Cyber-Angriffe zielen auf den Nutzer ab, lediglich ein kleiner Teil auf die tatsächlichen Systeme. Daher sind geschulte und aufmerksame Mitarbeiter ein unabdingbarer Bestandteil der allgemeinen Sicherheitsstrategie zum Schutz der Informationen. Das Ziel ist dabei der Aufbau einer Kultur der Cyber-Sicherheit, einer sogenannten human firewall.