This preview shows pages 1–3. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: TECH 7350 Managing Information Security The Graduate School of Management at the University of Dallas TECH 7350 MANAGING INFORMATION MANAGING INFORMATION SECURITY SECURITY Sandra Blanke, Ph.D., CISSP The Graduate School of Management at the University of Dallas Unit 2 Unit 2 - Chapter 3 Chapter 3 Part 2 Part 2 Organizational Security Model Organizational Security Model 2 Learning Objectives Organizational Security Model Security Framework Security Standards Security Life Cycle 3 Organizational Security Model Framework Made Up of: Entities Protection Mechanisms Logical, Administrative & Physical Components Procedures Business Processes Configurations Models Work in Layers: One layer provides support for layer above it and Protection for the Layer below it: Balanced Approach of Technical (access control lists & encryption) and Non-Technical (administrative, compliance) Controls TECH 7350 Managing Information Security The Graduate School of Management at the University of Dallas 4 Organizational Security Model 5 Security Model Goals Planning Horizon Consists of Various Goals: Operational (Daily) Focus on Productivity & Task-Oriented Activities Tactical (Mid-term) Integrate All Work Stations & Resources Strategic (Long-Term) Move all Branches from Dedicated Communication lines to F-Relay Integrate Wireless Technology 6 Security Framework (CobiT) The Control Objectives for Information and Related Technology (CobiT) Model for IT Governance Provides what is to be achieved not how to do it Developed by Information Systems Audit and...
View Full Document
This note was uploaded on 02/20/2011 for the course TECH 7350 taught by Professor Lee during the Spring '11 term at University of Arkansas for Medical Sciences.
- Spring '11