KAZ Security SIG Questionnaire

please enter your name:
please indicate your primary work location:	290 182 Electranet ETSA Other:

Existing Knowledge/Skills:
Security Management	None	A little	A reasonable amount	A lot	Expert
Security Architecture	None	A little	A reasonable amount	A lot	Expert
Access Control Systems	None	A little	A reasonable amount	A lot	Expert
Application Development	None	A little	A reasonable amount	A lot	Expert
Operations Security	None	A little	A reasonable amount	A lot	Expert
Physical Security	None	A little	A reasonable amount	A lot	Expert
Cryptography	None	A little	A reasonable amount	A lot	Expert
Network and Internet Security	None	A little	A reasonable amount	A lot	Expert
Business Continuity Planning	None	A little	A reasonable amount	A lot	Expert
Law, Investigations, and Ethics	None	A little	A reasonable amount	A lot	Expert

I would like to learn/talk more about:
Security Management	Not interested	Maybe a bit	Yes - perhaps	Definitely
Security Architecture	Not interested	Maybe a bit	Yes - perhaps	Definitely
Access Control Systems	Not interested	Maybe a bit	Yes - perhaps	Definitely
Application Development	Not interested	Maybe a bit	Yes - perhaps	Definitely
Operations Security	Not interested	Maybe a bit	Yes - perhaps	Definitely
Physical Security	Not interested	Maybe a bit	Yes - perhaps	Definitely
Cryptography	Not interested	Maybe a bit	Yes - perhaps	Definitely
Network and Internet Security	Not interested	Maybe a bit	Yes - perhaps	Definitely
Business Continuity Planning	Not interested	Maybe a bit	Yes - perhaps	Definitely
Law, Investigations, and Ethics	Not interested	Maybe a bit	Yes - perhaps	Definitely

My present commitments/interest level means that I would be able to regularly come to:
Can't attend meetings	Once/Quarter	Once/two months	Once/month	Irregularly/can't commit

any comments you would like to make:
or

Explanatory notes

Security Management Practices

Security management entails the identification of an organization's information assets, development of documentation, and implementation of policies with supporting standards, procedures, and guidelines.

Information Security Objectives
Management Policies, Guidelines, Standards, Procedures
Data classification
Risk assessment/analysis models to identify threats, classify assets, and to rate system vulnerabilities so that effective controls can be implemented.
Compliance issues

Security Architecture and Models

The Security Architecture and Models domain contains the concepts, principles, structures, and standards used to design, monitor, and secure operating systems, equipment, networks, applications and those controls used to enforce various levels of availability, integrity, and confidentiality. Examples would include:

Architecture of hardware and software
Acceptable Standards
DOD & NIST security design models
Design minimums to prevent disclosure, inference, alteration, destruction, or loss of functionality.

Access Control Systems and Methodology

Access controls are a collection of mechanisms that work together to create a security architecture to protect the assets of the information system. Examples would include:

Application controls
Physical and Logical methods
Circumvention methods affecting Alteration, Disclosure, Destruction.

Application Development Security

This domain addresses the important security concepts that apply to application software development. It outlines the environment where software is designed and developed and explains the critical role software plays in providing information system security. Examples would include:

Definitions and Design Models
Lifecycle management
Actual VS Perceived Specifications
Gate review & Change control process

Operations Security

Operations Security is used to identify the controls over hardware, media, and all persons with access privileges to any of these resources. Examples would include:

Definition and Separation of personnel duties
Acceptable Standards
Safeguards, Procedures, Reporting
Audit and Monitoring
Incident response

Physical Security

The physical security domain provides protection techniques for the entire facility, from the outside perimeter to inside office space, including all of the information system resources. Examples would include:

People issues
Building designs & construction specifications
Electronic Systems

Cryptography

The cryptography domain addresses the principles, means, and methods of disguising information to ensure its integrity, confidentiality and authenticity. Examples would include:

Methods & Models to conceal data from ancient time to present.
Internal workings of modern cryptographic systems
Terminology, Specifications, Design
Strengths, Weaknesses, and capabilities of each type
Computer crime laws and regulations

Telecommunications, Network, and Internet Security

The telecommunications, network, and Internet security domain is a very large technical area. We will discusses a lot of detail including the:

Network Structures
Transmission methods
Transport formats
Security measures used to provide availability, integrity, and confidentiality
Firewall models, terminology, and structure.
Authentication models, designs, and associated weaknesses
Various hacker weaknesses

Business Continuity Planning

The Business Continuity Plan (BCP) domain addresses the preservation and recovery of business operations in the event of outages.

IT Disaster Planning
Statistical Risk Analysis Models
Business Operation Resumption outside of I.T.
Risk, Cost, and Justification

Law, Investigations, and Ethics

The Law, Investigations, and Ethics domain addresses the spirit, intent, concept, and purposes of significant legal functions in the industry. It is important to understand which laws impact use of computers, jurisdiction, legal protocols, and proper forensic procedures.

Computer crime laws and regulations
Federal Statutes and application to industry
Measures, Methods and Technologies used to investigate computer crime incidents