week04 - Week 04 ITC482 Computer Management & Security...

Info iconThis preview shows pages 1–6. Sign up to view the full content.

View Full Document Right Arrow Icon
ITC482 Computer Management & Security Week 04 Management of Information Security, 2nd ed. - Chapter 4 Slide 2 Learning Objectives Upon completion of this material, you should be able to: Define information security policy and understand its central role in a successful information security program Know the three major types of information security policy often used and what goes into each type Develop, implement, and maintain various types of information security policies
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Management of Information Security, 2nd ed. - Chapter 4 Slide 3 Introduction This chapter focuses on information security policy What it is How to write it How to implement it How to maintain it Introduction (continued) Policy is the essential foundation of an effective information security program “The success of an information resources protection program depends on the policy generated, and on the attitude of management toward securing information on automated systems. You, the policy maker, set the tone and the emphasis on how important a role information security will have within your agency. Your primary responsibility is to set the information resource security policy for the organization with the objectives of reduced risk, compliance with laws and regulations and assurance of operational continuity, information integrity, and confidentiality.” Management of Information Security, 2nd ed. - Chapter 4 Slide 4
Background image of page 2
Management of Information Security, 2nd ed. - Chapter 4 Slide 5 Why Policy? A quality information security program begins and ends with policy Policies are the least expensive means of control and often the most difficult to implement Some basic rules must be followed when shaping a policy: Never conflict with law Stand up in court Properly supported and administered Contribute to the success of the organization Involve end users of information systems Management of Information Security, 2nd ed. - Chapter 4 Slide 6 Figure 4-1 The Bulls-eye Model
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Management of Information Security, 2nd ed. - Chapter 4 Slide 7 Policy Centric Decision Making Bulls-eye model layers Policies — first layer of defense Networks — threats first meet the organization’s network Systems — computers and manufacturing systems Applications — all applications systems Policies are important reference documents for internal audits and for the resolution of legal disputes about management's due diligence, and policy documents can act as a clear statement of management's intent Management of Information Security, 2nd ed. - Chapter 4 Slide 8 Figure 4-2 Policies, Standards, & Practices
Background image of page 4
Management of Information Security, 2nd ed. - Chapter 4 Slide 9 Policy, Standards, and Practices Policy is a plan or course of action that influences and determine decisions Standards are a more detailed statement of what must be done to comply with policy practices Procedures and guidelines explain how employees will comply with policy
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 6
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 02/15/2010 for the course ITC 594 taught by Professor Peterdalmaris during the Three '10 term at Charles Sturt University.

Page1 / 30

week04 - Week 04 ITC482 Computer Management & Security...

This preview shows document pages 1 - 6. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online