Lecture3.2

Lecture3.2 - TEL2813/IS2820 SecurityManagement...

Info iconThis preview shows pages 1–11. Sign up to view the full content.

View Full Document Right Arrow Icon
    TEL2813/IS2820  Security Management Security Management Models And  Practices Jan 24, 2006
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
    Introduction To create or maintain a secure environment 1. Design working security plan 2. Implement management model to execute and  maintain the plan May have steps: begin with creation or validation of security framework,  followed by an information security blueprint describing  existing controls and identifying other necessary  security controls
Background image of page 2
    Introduction (Continued) Framework:  outline of the more thorough blueprint, Blueprint basis for the design, selection, and implementation of all  subsequent security controls Most organizations draw from established  security models and practices to develop a  blueprint or methodology
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
    BS 7799 One of the most widely referenced and often  discussed security models  Information Technology – Code of Practice for  Information Security Management,  originally published as British Standard BS 7799 The purpose of ISO/IEC 17799  give recommendations for information security  management for use by those who are responsible  for initiating, implementing or maintaining security  in their organization
Background image of page 4
    BS 7799 (Continued) Intended to provide  a common basis for developing  organizational security standards and  effective security management practice, and  confidence in inter-organizational dealings Volume 2  provides information on how to implement  Volume 1 (17799) and  how to set up an Information Security  Management Structure (ISMS)
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
    ISO/IEC 17799 Drawbacks The global information security community has not  defined any justification for a code of practice as  identified in the ISO/IEC 17799 Lacks “the necessary measurement precision of a  technical standard”  No reason to believe that ISO/IEC 17799 is more  useful than any other approach Not as complete as other frameworks  Perceived to have been hurriedly prepared, given  tremendous impact its adoption could have on  industry information security controls
Background image of page 6
    The Ten Sections Of ISO/IEC  17799 1. Organizational Security Policy 2. Organizational Security Infrastructure objectives  3. Asset Classification and Control 4. Personnel Security objectives 5. Physical and Environmental Security objectives  6. Communications and Operations Management  objectives 7. System Access Control objectives 8. System Development and Maintenance objectives 9. Business Continuity Planning  10. Compliance objectives
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
    ISMS  Certification  Process
Background image of page 8
    Plan-Do- Check-Act of BS7799:2
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
    The Security Management  Index and ISO 17799 To determine how closely an organization is 
Background image of page 10
Image of page 11
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 08/27/2010 for the course IS 2820 taught by Professor Jameskoshi during the Spring '10 term at Webber.

Page1 / 48

Lecture3.2 - TEL2813/IS2820 SecurityManagement...

This preview shows document pages 1 - 11. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online