Supervisory: A system routine, or highly privileged routine, is being executed by the system. Ready: Processing can be resumed for an application. Wait: A specific event must be completed before another process resumes. (Needs review: Problem: An application is being run by the system.(?))

Control Objects for Information and Related Technology (COBIT) can be used to as the basis for internal and external security audits. determines the security mechanisms to be implemented for a system.

ISO / IEC 27001:2005 can be used for certifying a company’s ISMS and making comaprisons to other companies’ ISMSs. Defines a company’s ISMS and how it’s structured, controlled, run, and maintained.

ISO / IEC 27002 Defines the way in which security mechanisms should be run Provides guidelines for ensuring that security controls are consistent with industry best practices

Information Technology Security Evaluation Criteria (ITSEC) involves evaluation assurance by reviewing the development practices, documentation, configuration management and testing mechanisms of a system. Also, it provides separate ratings for functionality and assurance.

Trusted Computer System Evaluation Criteria aren’t a good evaluation tool for commercial systems, because it’ won’t address the issue of data integrity. It evaluates the security policy and assurance levels of a system.  

Active Prevents any unauthorized access to objects Includes mechanisms for memory protection Passive Prevents the unauthorized disclosure of information Includes the use of cryptographic techniques

What are the points of exposure for data flowing in and out of the cloud? How critical is the data to be used within the cloud to the organization’s operations? What data is being considered for use in the cloud? Should the organization adopt a private or public cloud?

The grid’s quality of service needs to remain at a level acceptable to users. Host machines on the grid shouldn’t be over-utilized to the extent that their local clients are denied service. Trust levels need to be managed when new grid members join, or existing depart.

Prevention Use non-flammable building materials Conduct training on how to respond when a fire occurs Suppression Use portable fire extinguishers Detection Install heat-detectors Install ionization smoke detectors