Lecture W6 - Terminology SIT 284: IT Security Management...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
1 SIT 284: IT Security Management J. H. Abawajy IT Security Management Slide#: 1 Security Management Models And Practices Learning Objectives Upon completion of this lecture, you should be able to: Select from the dominant information security management models and customize them for your J. H. Abawajy IT Security Management Slide#: 2 organization’s needs Implement the fundamental elements of key information security management practices Follow emerging trends in the certification and accreditation of IT systems Terminology Best security practice security efforts that are among the best in the industry. Gold Standard a model level of performance that demonstrates industrial leadership, quality, and concern for the protection of information J. H. Abawajy IT Security Management Slide#: 3 for the protection of information. Benchmarking is looking at what other organizations have done and compare it to yourself (i.e., comparing yourself to other companies). Baselining is a value or profile of a performance metric against which changes in the performance metric can usefully compared (i.e, comparing to your own company). Terminology… Blueprint (i.e., methodology) describe existing controls and identifying other necessary security controls Framework It is the outline of the blueprint, J. H. Abawajy IT Security Management Slide#: 4 which is the basis for design, selection, and implementation of all subsequent security controls, including information security policies, security education and training programs, and technological controls. Security model is a generic blueprint offered by a service organisation. Introduction To create or maintain a secure environment Design working security plan Implement management model to execute and maintain the plan This effort may begin with the creation or J. H. Abawajy IT Security Management Slide#: 5 validation of the following: Security framework for the design, selection, and implementation of security controls Security blueprint (i.e., methodology) describe existing controls and identifying other necessary security controls Create Security Model Most organisations draw from established security models and practices (e.g., ISO/IEC 17799) to develop a security blueprint Alternative way of creating a security blueprint is to follow the best practice or industry J. H. Abawajy IT Security Management Slide#: 6 is to follow the best practice or industry standards (i.e., benchmarking ) Each information security environment is unique. The method you select must be Flexible Scalable Robust Sufficiently detailed
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
2 Security Management Models British Standard BS 7799 Security Model Widely used globally You must purchase J. H. Abawajy IT Security Management Slide#: 7 NIST Security Models - have two notable advantages: Publicly available at no charge Have been broadly reviewed by
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 10/01/2009 for the course SIT 284 taught by Professor Jam during the Spring '09 term at Alfred University.

Page1 / 6

Lecture W6 - Terminology SIT 284: IT Security Management...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online