In the context of Risk Management with new technologies, the main goal is to ensure the technology used within company is adequately protected.
When deploying new technology you need to address following areas:
- training,
- policies & procedures,
- backup schemes and continuity plans,
- risk ownership,
- consent of information owners,
- legal & regulatory requirements,
- monitoring and reporting.
Always, always have in mind the CIA Triad.
Confidentiality.
Integrity.
Availability.
Sometime add to the above:
Nonrepudiation.
System Authorization.
…
When working with Access Control the IAAA is the foundation:
Identification.
Authentication.
Authorization.
Accountability.
…
Public Key Encryption:
- Message Integrity and Hashing Algorithms
- Digital Signatures
- Certificates