SlideShare ist ein Scribd-Unternehmen logo

Lesson 1

Als PPT, PDF herunterladen
M
MLG College of Learning, Inc

Information Security Planning

Bildung
1 von 16
Principles of Information Security, Fifth Edition Chapter 4 Planning for Security Lesson 1 - Information Security Planning
Learning Objectives • Upon completion of this material, you should be able to: – Describe management’s role in the development, maintenance, and enforcement of information security policy, standards, practices, procedures, and guidelines – Explain what an information security blueprint is, identify its major components, and explain how it supports the information security program Principles of Information Security, Fifth Edition 2
Learning Objectives (cont’d) – Discuss how an organization institutionalizes its policies, standards, and practices using education, training, and awareness programs – Describe what contingency planning is and how it relates to incident response planning, disaster recovery planning, and business continuity plans Principles of Information Security, Fifth Edition 3
Introduction • Information security program begins with policies, standards, and practices, which are the foundation for information security architecture and blueprint. • Coordinated planning is required to create and maintain these elements. • Strategic planning for the management of allocation of resources • Contingency planning for the preparation of uncertain business environment Principles of Information Security, Fifth Edition 4
Information Security Planning and Governance • Planning levels help translate organization’s strategic plans into tactical objectives. • Planning and the CISO • Information Security Governance – Governance: • Set of responsibilities and practices exercised by the board and executive management • Goal to provide strategic direction, establishment of objectives, and measurement of progress toward objectives • Also verifies/validates that risk management practices are appropriate and assets used properly Principles of Information Security, Fifth Edition 5
Information Security Planning and Governance (cont’d) • Information Security Governance outcomes – Five goals: • Strategic alignment • Risk management • Resource management • Performance measures • Value delivery Principles of Information Security, Fifth Edition 6
Principles of Information Security, Fifth Edition 7
Information Security Policy, Standards, and Practices • Management from communities of interest must make policies the basis for all information security planning, design, and deployment. • Policies direct how issues should be addressed and technologies used. • Policies should never contradict law, must be able to stand up in court, and must be properly administered. • Security policies are the least expensive controls to execute but most difficult to implement properly. Principles of Information Security, Fifth Edition 8
Policy as the Foundation for Planning • Policy functions as organizational law that dictates acceptable and unacceptable behavior. • Standards: more detailed statements of what must be done to comply with policy • Practices, procedures, and guidelines effectively explain how to comply with policy. • For a policy to be effective, it must be properly disseminated, read, understood, and agreed to by all members of the organization, and uniformly enforced. Principles of Information Security, Fifth Edition 9
Principles of Information Security, Fifth Edition 10
Enterprise Information Security Policy (EISP) • Sets strategic direction, scope, and tone for all security efforts within the organization • Executive-level document, usually drafted by or with Chief Information Officer (CIO) of the organization • Typically addresses compliance in two areas: – Ensure meeting of requirements to establish program and assigning responsibilities therein to various organizational components – Use of specified penalties and disciplinary action Principles of Information Security, Fifth Edition 11
Enterprise Information Security Policy (EISP) (cont’d) • EISP Elements should include: – Overview of corporate security philosophy – Information on the structure of the organization and people in information security roles – Articulated responsibilities for security shared by all members of the organization – Articulated responsibilities for security unique to each role in the organization Principles of Information Security, Fifth Edition 12
Principles of Information Security, Fifth Edition 13
Issue-Specific Security Policy (ISSP) • The ISSP: – Addresses specific areas of technology – Requires frequent updates – Contains statement on the organization’s position on specific issue • Three common approaches when creating and managing ISSPs: – Create a number of independent ISSP documents – Create a single comprehensive ISSP document – Create a modular ISSP document Principles of Information Security, Fifth Edition 14
Issue-Specific Security Policy (ISSP) (cont’d) • Components of the policy: – Statement of policy – Authorized access and usage of equipment – Prohibited use of equipment – Systems management – Violations of policy – Policy review and modification – Limitations of liability Principles of Information Security, Fifth Edition 15
Principles of Information Security, Fifth Edition 16

Empfohlen

Lesson 3
Lesson 3Lesson 3
Lesson 3
MLG College of Learning, Inc
 
Lesson 3
Lesson 3Lesson 3
Lesson 3
MLG College of Learning, Inc
 
Lesson 3- Effectiveness of IDPS
Lesson 3- Effectiveness of IDPSLesson 3- Effectiveness of IDPS
Lesson 3- Effectiveness of IDPS
MLG College of Learning, Inc
 
Lesson 1 - Technical Controls
Lesson 1 - Technical ControlsLesson 1 - Technical Controls
Lesson 1 - Technical Controls
MLG College of Learning, Inc
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
MLG College of Learning, Inc
 
Lesson 2- Information Asset Valuation
Lesson 2- Information Asset ValuationLesson 2- Information Asset Valuation
Lesson 2- Information Asset Valuation
MLG College of Learning, Inc
 
Lesson 1- Risk Managment
Lesson 1- Risk ManagmentLesson 1- Risk Managment
Lesson 1- Risk Managment
MLG College of Learning, Inc
 
Lesson 4
Lesson 4Lesson 4
Lesson 4
MLG College of Learning, Inc
 

Empfohlen

Lesson 3
Lesson 3Lesson 3
Lesson 3
MLG College of Learning, Inc
 
Lesson 3
Lesson 3Lesson 3
Lesson 3
MLG College of Learning, Inc
 
Lesson 3- Effectiveness of IDPS
Lesson 3- Effectiveness of IDPSLesson 3- Effectiveness of IDPS
Lesson 3- Effectiveness of IDPS
MLG College of Learning, Inc
 
Lesson 1 - Technical Controls
Lesson 1 - Technical ControlsLesson 1 - Technical Controls
Lesson 1 - Technical Controls
MLG College of Learning, Inc
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
MLG College of Learning, Inc
 
Lesson 2- Information Asset Valuation
Lesson 2- Information Asset ValuationLesson 2- Information Asset Valuation
Lesson 2- Information Asset Valuation
MLG College of Learning, Inc
 
Lesson 1- Risk Managment
Lesson 1- Risk ManagmentLesson 1- Risk Managment
Lesson 1- Risk Managment
MLG College of Learning, Inc
 
Lesson 4
Lesson 4Lesson 4
Lesson 4
MLG College of Learning, Inc
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
MLG College of Learning, Inc
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
MLG College of Learning, Inc
 
Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2
MLG College of Learning, Inc
 
Lesson 4
Lesson 4Lesson 4
Lesson 4
MLG College of Learning, Inc
 
Lesson 1 - Introduction
Lesson 1 - Introduction Lesson 1 - Introduction
Lesson 1 - Introduction
MLG College of Learning, Inc
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
MLG College of Learning, Inc
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
MLG College of Learning, Inc
 
Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4
MLG College of Learning, Inc
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
MLG College of Learning, Inc
 
Lesson 1- Information Policy
Lesson 1- Information PolicyLesson 1- Information Policy
Lesson 1- Information Policy
MLG College of Learning, Inc
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
MLG College of Learning, Inc
 
Lesson 1- Intrusion Detection
Lesson 1- Intrusion DetectionLesson 1- Intrusion Detection
Lesson 1- Intrusion Detection
MLG College of Learning, Inc
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
MLG College of Learning, Inc
 
Information Assurance And Security - Chapter 1 - Lesson 3
Information Assurance And Security - Chapter 1 - Lesson 3Information Assurance And Security - Chapter 1 - Lesson 3
Information Assurance And Security - Chapter 1 - Lesson 3
MLG College of Learning, Inc
 
Ise viii-information and network security [10 is835]-solution
Ise viii-information and network security [10 is835]-solutionIse viii-information and network security [10 is835]-solution
Ise viii-information and network security [10 is835]-solution
Vivek Maurya
 
Information Assurance And Security - Chapter 1 - Lesson 1
Information Assurance And Security - Chapter 1 - Lesson 1Information Assurance And Security - Chapter 1 - Lesson 1
Information Assurance And Security - Chapter 1 - Lesson 1
MLG College of Learning, Inc
 
Lessson 2 - Application Layer
Lessson 2 - Application LayerLessson 2 - Application Layer
Lessson 2 - Application Layer
MLG College of Learning, Inc
 
Information Security Blueprint
Information Security BlueprintInformation Security Blueprint
Information Security Blueprint
Zefren Edior
 
Lesson 2 Cryptography tools
Lesson 2 Cryptography toolsLesson 2 Cryptography tools
Lesson 2 Cryptography tools
MLG College of Learning, Inc
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
MLG College of Learning, Inc
 
Ch04_MoIS5e_v02.pptx business business business business business business bu...
Ch04_MoIS5e_v02.pptx business business business business business business bu...Ch04_MoIS5e_v02.pptx business business business business business business bu...
Ch04_MoIS5e_v02.pptx business business business business business business bu...
JawaherAlbaddawi
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
MLG College of Learning, Inc
 

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Lesson 1
Lesson 1Lesson 1
Lesson 1
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2
 
Lesson 4
Lesson 4Lesson 4
Lesson 4
 
Lesson 1 - Introduction
Lesson 1 - Introduction Lesson 1 - Introduction
Lesson 1 - Introduction
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
 
Lesson 1- Information Policy
Lesson 1- Information PolicyLesson 1- Information Policy
Lesson 1- Information Policy
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
Lesson 1- Intrusion Detection
Lesson 1- Intrusion DetectionLesson 1- Intrusion Detection
Lesson 1- Intrusion Detection
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
Information Assurance And Security - Chapter 1 - Lesson 3
Information Assurance And Security - Chapter 1 - Lesson 3Information Assurance And Security - Chapter 1 - Lesson 3
Information Assurance And Security - Chapter 1 - Lesson 3
 
Ise viii-information and network security [10 is835]-solution
Ise viii-information and network security [10 is835]-solutionIse viii-information and network security [10 is835]-solution
Ise viii-information and network security [10 is835]-solution
 
Information Assurance And Security - Chapter 1 - Lesson 1
Information Assurance And Security - Chapter 1 - Lesson 1Information Assurance And Security - Chapter 1 - Lesson 1
Information Assurance And Security - Chapter 1 - Lesson 1
 
Lessson 2 - Application Layer
Lessson 2 - Application LayerLessson 2 - Application Layer
Lessson 2 - Application Layer
 
Information Security Blueprint
Information Security BlueprintInformation Security Blueprint
Information Security Blueprint
 
Lesson 2 Cryptography tools
Lesson 2 Cryptography toolsLesson 2 Cryptography tools
Lesson 2 Cryptography tools
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
 

Ähnlich wie Lesson 1

Governance and management of IT.pptx
Governance and management of IT.pptxGovernance and management of IT.pptx
Governance and management of IT.pptx
Prashant Singh
 
Chapter 7 Managing Secure System.pdf
Chapter 7 Managing Secure System.pdfChapter 7 Managing Secure System.pdf
Chapter 7 Managing Secure System.pdf
AbuHanifah59
 
CHAPTER 5 Security Policies, Standards, Procedures, a
CHAPTER 5 Security Policies, Standards, Procedures, aCHAPTER 5 Security Policies, Standards, Procedures, a
CHAPTER 5 Security Policies, Standards, Procedures, a
MaximaSheffield592
 
There are two general types of data dictionaries a database manag
There are two general types of data dictionaries a database managThere are two general types of data dictionaries a database manag
There are two general types of data dictionaries a database manag
GrazynaBroyles24
 
Solve the exercise in security management.pdf
Solve the exercise in security management.pdfSolve the exercise in security management.pdf
Solve the exercise in security management.pdf
sdfghj21
 
Information security policy how to writing
Information security policy how to writingInformation security policy how to writing
Information security policy how to writing
PasangdolmoTamang
 

Ähnlich wie Lesson 1 (20)

Ch04_MoIS5e_v02.pptx business business business business business business bu...
Ch04_MoIS5e_v02.pptx business business business business business business bu...Ch04_MoIS5e_v02.pptx business business business business business business bu...
Ch04_MoIS5e_v02.pptx business business business business business business bu...
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
 
Chapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.pptChapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.ppt
 
Planning for security and security audit process
Planning for security and security audit processPlanning for security and security audit process
Planning for security and security audit process
 
Governance and management of IT.pptx
Governance and management of IT.pptxGovernance and management of IT.pptx
Governance and management of IT.pptx
 
Chapter 7 Managing Secure System.pdf
Chapter 7 Managing Secure System.pdfChapter 7 Managing Secure System.pdf
Chapter 7 Managing Secure System.pdf
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
 
Chapter 5
Chapter 5Chapter 5
Chapter 5
 
CHAPTER 5 Security Policies, Standards, Procedures, a
CHAPTER 5 Security Policies, Standards, Procedures, aCHAPTER 5 Security Policies, Standards, Procedures, a
CHAPTER 5 Security Policies, Standards, Procedures, a
 
ANS_Ch_06_Handouts.pdf
ANS_Ch_06_Handouts.pdfANS_Ch_06_Handouts.pdf
ANS_Ch_06_Handouts.pdf
 
Information security
Information securityInformation security
Information security
 
CLE-Unit-III.ppt
CLE-Unit-III.pptCLE-Unit-III.ppt
CLE-Unit-III.ppt
 
There are two general types of data dictionaries a database manag
There are two general types of data dictionaries a database managThere are two general types of data dictionaries a database manag
There are two general types of data dictionaries a database manag
 
Information Assurance And Security - Chapter 2 - Lesson 1
Information Assurance And Security - Chapter 2 - Lesson 1Information Assurance And Security - Chapter 2 - Lesson 1
Information Assurance And Security - Chapter 2 - Lesson 1
 
Solve the exercise in security management.pdf
Solve the exercise in security management.pdfSolve the exercise in security management.pdf
Solve the exercise in security management.pdf
 
Security Governance Primer - Eric Vanderburg - JURINNOV
Security Governance Primer - Eric Vanderburg - JURINNOVSecurity Governance Primer - Eric Vanderburg - JURINNOV
Security Governance Primer - Eric Vanderburg - JURINNOV
 
Whitman_Ch04.pptx
Whitman_Ch04.pptxWhitman_Ch04.pptx
Whitman_Ch04.pptx
 
Khas bank isms 3 s
Khas bank isms 3 sKhas bank isms 3 s
Khas bank isms 3 s
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
 
Information security policy how to writing
Information security policy how to writingInformation security policy how to writing
Information security policy how to writing
 

Mehr von MLG College of Learning, Inc

Mehr von MLG College of Learning, Inc (20)

PC111.Lesson2
PC111.Lesson2PC111.Lesson2
PC111.Lesson2
 
PC111.Lesson1
PC111.Lesson1PC111.Lesson1
PC111.Lesson1
 
PC111-lesson1.pptx
PC111-lesson1.pptxPC111-lesson1.pptx
PC111-lesson1.pptx
 
PC LEESOON 6.pptx
PC LEESOON 6.pptxPC LEESOON 6.pptx
PC LEESOON 6.pptx
 
PC 106 PPT-09.pptx
PC 106 PPT-09.pptxPC 106 PPT-09.pptx
PC 106 PPT-09.pptx
 
PC 106 PPT-07
PC 106 PPT-07PC 106 PPT-07
PC 106 PPT-07
 
PC 106 PPT-01
PC 106 PPT-01PC 106 PPT-01
PC 106 PPT-01
 
PC 106 PPT-06
PC 106 PPT-06PC 106 PPT-06
PC 106 PPT-06
 
PC 106 PPT-05
PC 106 PPT-05PC 106 PPT-05
PC 106 PPT-05
 
PC 106 Slide 04
PC 106 Slide 04PC 106 Slide 04
PC 106 Slide 04
 
PC 106 Slide no.02
PC 106 Slide no.02PC 106 Slide no.02
PC 106 Slide no.02
 
pc-106-slide-3
pc-106-slide-3pc-106-slide-3
pc-106-slide-3
 
PC 106 Slide 2
PC 106 Slide 2PC 106 Slide 2
PC 106 Slide 2
 
PC 106 Slide 1.pptx
PC 106 Slide 1.pptxPC 106 Slide 1.pptx
PC 106 Slide 1.pptx
 
Db2 characteristics of db ms
Db2 characteristics of db msDb2 characteristics of db ms
Db2 characteristics of db ms
 
Db1 introduction
Db1 introductionDb1 introduction
Db1 introduction
 
Lesson 3.2
Lesson 3.2Lesson 3.2
Lesson 3.2
 
Lesson 3.1
Lesson 3.1Lesson 3.1
Lesson 3.1
 
Lesson 1.6
Lesson 1.6Lesson 1.6
Lesson 1.6
 
Lesson 3.2
Lesson 3.2Lesson 3.2
Lesson 3.2
 

Kürzlich hochgeladen

1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
QucHHunhnh
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
kauryashika82
 

Kürzlich hochgeladen (20)

Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
Spatium Project Simulation student brief
Spatium Project Simulation student briefSpatium Project Simulation student brief
Spatium Project Simulation student brief
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 

Lesson 1

  • 1. Principles of Information Security, Fifth Edition Chapter 4 Planning for Security Lesson 1 - Information Security Planning
  • 2. Learning Objectives • Upon completion of this material, you should be able to: – Describe management’s role in the development, maintenance, and enforcement of information security policy, standards, practices, procedures, and guidelines – Explain what an information security blueprint is, identify its major components, and explain how it supports the information security program Principles of Information Security, Fifth Edition 2
  • 3. Learning Objectives (cont’d) – Discuss how an organization institutionalizes its policies, standards, and practices using education, training, and awareness programs – Describe what contingency planning is and how it relates to incident response planning, disaster recovery planning, and business continuity plans Principles of Information Security, Fifth Edition 3
  • 4. Introduction • Information security program begins with policies, standards, and practices, which are the foundation for information security architecture and blueprint. • Coordinated planning is required to create and maintain these elements. • Strategic planning for the management of allocation of resources • Contingency planning for the preparation of uncertain business environment Principles of Information Security, Fifth Edition 4
  • 5. Information Security Planning and Governance • Planning levels help translate organization’s strategic plans into tactical objectives. • Planning and the CISO • Information Security Governance – Governance: • Set of responsibilities and practices exercised by the board and executive management • Goal to provide strategic direction, establishment of objectives, and measurement of progress toward objectives • Also verifies/validates that risk management practices are appropriate and assets used properly Principles of Information Security, Fifth Edition 5
  • 6. Information Security Planning and Governance (cont’d) • Information Security Governance outcomes – Five goals: • Strategic alignment • Risk management • Resource management • Performance measures • Value delivery Principles of Information Security, Fifth Edition 6
  • 7. Principles of Information Security, Fifth Edition 7
  • 8. Information Security Policy, Standards, and Practices • Management from communities of interest must make policies the basis for all information security planning, design, and deployment. • Policies direct how issues should be addressed and technologies used. • Policies should never contradict law, must be able to stand up in court, and must be properly administered. • Security policies are the least expensive controls to execute but most difficult to implement properly. Principles of Information Security, Fifth Edition 8
  • 9. Policy as the Foundation for Planning • Policy functions as organizational law that dictates acceptable and unacceptable behavior. • Standards: more detailed statements of what must be done to comply with policy • Practices, procedures, and guidelines effectively explain how to comply with policy. • For a policy to be effective, it must be properly disseminated, read, understood, and agreed to by all members of the organization, and uniformly enforced. Principles of Information Security, Fifth Edition 9
  • 10. Principles of Information Security, Fifth Edition 10
  • 11. Enterprise Information Security Policy (EISP) • Sets strategic direction, scope, and tone for all security efforts within the organization • Executive-level document, usually drafted by or with Chief Information Officer (CIO) of the organization • Typically addresses compliance in two areas: – Ensure meeting of requirements to establish program and assigning responsibilities therein to various organizational components – Use of specified penalties and disciplinary action Principles of Information Security, Fifth Edition 11
  • 12. Enterprise Information Security Policy (EISP) (cont’d) • EISP Elements should include: – Overview of corporate security philosophy – Information on the structure of the organization and people in information security roles – Articulated responsibilities for security shared by all members of the organization – Articulated responsibilities for security unique to each role in the organization Principles of Information Security, Fifth Edition 12
  • 13. Principles of Information Security, Fifth Edition 13
  • 14. Issue-Specific Security Policy (ISSP) • The ISSP: – Addresses specific areas of technology – Requires frequent updates – Contains statement on the organization’s position on specific issue • Three common approaches when creating and managing ISSPs: – Create a number of independent ISSP documents – Create a single comprehensive ISSP document – Create a modular ISSP document Principles of Information Security, Fifth Edition 14
  • 15. Issue-Specific Security Policy (ISSP) (cont’d) • Components of the policy: – Statement of policy – Authorized access and usage of equipment – Prohibited use of equipment – Systems management – Violations of policy – Policy review and modification – Limitations of liability Principles of Information Security, Fifth Edition 15
  • 16. Principles of Information Security, Fifth Edition 16