Security management refers to several key activities that all work to identify risks and risk treatment for the organization s assets. In most organizations these activities should include Security governance Security governance is the practice of setting organization security policy, and then taking steps to ensure that policy is followed. Security governance also is involved with the management and continuous improvement of other key security activities discussed in this section. Risk assessment This is the practice of identifying all of the key assets in use by the organization, and identifying vulnerabilities and threats against each asset. This is followed by the development of risk treatment strategies that attempt to mitigate, transfer, avoid, or accept identified risks. Incident management This practice is concerned with the planned response to security incidents, when they occur in the organization. An incident is defined as a violation of security policy; such an incident may be minor (such as a user choosing an easily guessed password) or major (such as a hacking attack and theft of sensitive information). Some of the aspects of incident management include computer forensics (the preservation of evidence that
PART FOUR RELATIONAL DATABASE DESIGN 7 Normalization of Relational Tables
XYZ Corp immediately begins to formulate its disaster recovery plan and concludes that two questions need to be answered: What is the acceptable amount of time the business can be down This is commonly referred to as the recovery time objective (RTO). How much data will be lost after recovery This is defined as the recovery point objective (RPO).
