Ch04 - Management of Information Security, 2nd ed. 4-1...

Info iconThis preview shows pages 1–5. Sign up to view the full content.

View Full Document Right Arrow Icon
Management of Information Security, 2 nd ed. 4-1 Chapter 4 Information Security Policy At a Glance Instructor’s Manual Table of Contents Chapter Overview Chapter Outline Chapter Objectives Setup Notes Lecture Notes and Teaching Tips with Quick Quizzes Discussion Topics Key Terms Additional Project Ideas
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Management of Information Security, 2 nd ed. 4-2 Chapter Overview In this chapter, readers will learn to define information security policy and understand its central role in a successful information security program. Research has shown that there are three major types of information security policy, and the chapter will explain what goes into each type as the reader learns how to develop, implement, and maintain various types of information security policies. Chapter Outline Lecture Topics Page # Introduction 108 Why Policy? 109 Enterprise Information Security Policy 113 Issue-Specific Security Policy 118 System-Specific Policy 124 Guidelines for Policy Development 130 Chapter Objectives When you complete this chapter, you will be able to: Define information security policy and understand its central role in a successful information security program Recognize the three major types of information security policy and know what goes into each type Develop, implement, and maintain various types of information security policies
Background image of page 2
Management of Information Security, 2 nd ed. 4-3 Setup Notes This chapter could be completed in a single class session, if there is sufficient time to cover the material. Unless the students have not had the opportunity to read the material in advance (in some settings, the textbooks are not made available until the first class meeting), it may be prudent to have a general discussion of the topic, with detailed lecture to follow at the next class meeting. The subject matter can be covered in 1.25 to 2.5 hours. Lecture Notes and Teaching Tips with Quick Quizzes Introduction This chapter focuses on information security policy: What it is How to write it How to implement it How to maintain it Policy is the essential foundation of an effective information security program. “The success of an information resources protection program depends on the policy generated, and on the attitude of management toward securing information on automated systems. You, the policy maker, set the tone and the emphasis on how important a role information security will have within your agency. Your primary responsibility is to set the information resource security policy for the organization with the objectives of reduced risk, compliance with laws and regulations, and assurance of operational continuity, information integrity, and confidentiality.”
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Management of Information Security, 2 nd ed. 4-4 Why Policy? A quality information security program begins and ends with policy.
Background image of page 4
Image of page 5
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 23

Ch04 - Management of Information Security, 2nd ed. 4-1...

This preview shows document pages 1 - 5. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online