Ch06 - Management of Information Security, 2nd ed. 6-1...

Info iconThis preview shows pages 1–4. Sign up to view the full content.

View Full Document Right Arrow Icon
Management of Information Security, 2 nd ed. 6-1 Chapter 6 Security Management Models and Practices At a Glance Instructor’s Manual Table of Contents Chapter Overview Chapter Outline Chapter Objectives Setup Notes Lecture Notes and Teaching Tips with Quick Quizzes Key Terms
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Management of Information Security, 2 nd ed. 6-2 Chapter Overview In this chapter, readers will learn the components of the dominant information security management models, including U.S. government-sanctioned models, and how to customize them for a specific organization’s needs. This knowledge will be extended as readers learn how to implement the fundamental elements of key information security management practices and gain an understanding of emerging trends in the certification and accreditation of U.S. federal IT systems. Chapter Outline Lecture Topics Page # Introduction 212 Security Management Models 213 Security Management Practices 236 Metrics in Information Security Management 244 Emerging Trends in Certification and Accreditation 246 Chapter Objectives When you complete this chapter, you will be able to: Recognize the dominant information security management models, including U.S. government-sanctioned models, and customize them for your organization’s needs Implement the fundamental elements of key information security management practices Follow emerging trends in the certification and accreditation of U.S. federal IT systems
Background image of page 2
Management of Information Security, 2 nd ed. 6-3 Setup Notes This chapter could be completed in a single class session, if there is sufficient time to cover the material. Unless the students have not had the opportunity to read the material in advance (in some settings, the textbooks are not made available until the first class meeting), it may be prudent to have a general discussion of the topic, with detailed lecture to follow at the next class meeting. The subject matter can be covered in 1.25 to 2.5 hours. Lecture Notes and Teaching Tips with Quick Quizzes Introduction To create or maintain a secure environment, one must design a working security plan and then implement a management model to execute and maintain the plan. This may begin with the creation or validation of a security framework, followed by an information security blueprint that describes existing controls and identifies other necessary security controls. A framework is the outline of the more thorough blueprint, which is the basis for the design, selection, and implementation of all subsequent security controls. Introduction To design a security blueprint, most organizations draw from established security models and practices. Security Management Models A security model is a generic blueprint offered by a service organization. One way to create the blueprint is to look at what other organizations have done
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 4
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 23

Ch06 - Management of Information Security, 2nd ed. 6-1...

This preview shows document pages 1 - 4. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online