Lecture3.2

Lecture3.2 - TEL2813/IS2820 Security Management Security...

Info iconThis preview shows pages 1–11. Sign up to view the full content.

View Full Document Right Arrow Icon
TEL2813/IS2820 Security Management Security Management Models And Practices Jan 24, 2006
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Introduction To create or maintain a secure environment 1. Design working security plan 2. Implement management model to execute and maintain the plan May have steps: begin with creation or validation of security framework, followed by an information security blueprint describing existing controls and identifying other necessary security controls
Background image of page 2
Introduction (Continued) Framework: outline of the more thorough blueprint, Blueprint basis for the design, selection, and implementation of all subsequent security controls Most organizations draw from established security models and practices to develop a blueprint or methodology
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
BS 7799 One of the most widely referenced and often discussed security models Information Technology – Code of Practice for Information Security Management, originally published as British Standard BS 7799 The purpose of ISO/IEC 17799 give recommendations for information security management for use by those who are responsible for initiating, implementing or maintaining security in their organization
Background image of page 4
BS 7799 (Continued) Intended to provide a common basis for developing organizational security standards and effective security management practice, and confidence in inter-organizational dealings Volume 2 provides information on how to implement Volume 1 (17799) and how to set up an Information Security Management Structure (ISMS)
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
ISO/IEC 17799 Drawbacks The global information security community has not defined any justification for a code of practice as identified in the ISO/IEC 17799 Lacks “the necessary measurement precision of a technical standard” No reason to believe that ISO/IEC 17799 is more useful than any other approach Not as complete as other frameworks Perceived to have been hurriedly prepared, given tremendous impact its adoption could have on industry information security controls
Background image of page 6
The Ten Sections Of ISO/IEC 17799 1. Organizational Security Policy 2. Organizational Security Infrastructure objectives 3. Asset Classification and Control 4. Personnel Security objectives 5. Physical and Environmental Security objectives 6. Communications and Operations Management objectives 7. System Access Control objectives 8. System Development and Maintenance objectives 9. Business Continuity Planning 10. Compliance objectives
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
ISMS Certification Process
Background image of page 8
Plan-Do- Check-Act of BS7799:2
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
The Security Management Index and ISO 17799 To determine how closely an organization is complying with ISO 17799, take Human Firewall Council’s survey, the Security Management Index (SMI) Asks 35 questions over 10 domains of ISO standard Gathers metrics on how organizations manage security Survey has been developed according to ISO 17799 international security standards to reflect best practices from a global perspective Enables information security officers to benchmark their practices against those of other organizations
Background image of page 10
Image of page 11
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 08/27/2010 for the course IS 2820 taught by Professor Jameskoshi during the Spring '10 term at Webber.

Page1 / 48

Lecture3.2 - TEL2813/IS2820 Security Management Security...

This preview shows document pages 1 - 11. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online