This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: TECH 7350 – Managing Information Security The Graduate School of Management at the University of Dallas TECH 7350 MANAGING INFORMATION MANAGING INFORMATION SECURITY SECURITY Sandra Blanke, Ph.D., CISSP The Graduate School of Management at the University of Dallas Unit 2 Unit 2 Chapter 3 Part 4 Chapter 3 Part 4 Security Policies, Guidelines and Personnel Security Policies, Guidelines and Personnel 2 Learning Objectives ¡ Policy Standards ¡ Security Policy ¡ Information Classification ¡ Layers of Responsibilities ¡ Security Awareness Training & Education 3 ¡ Sr. Mgmt defines the scope of security and identify what needs to be protected ¡ Management understands Regulations, Laws and Liability Issues ¡ Sr. Management determines what is expected of employees and consequences for noncompliance ¡ HR and Legal needs to be involved in the development and enforcement of some of the elements Policies, Standards, Baselines, Guidelines & Procedures TECH 7350 – Managing Information Security The Graduate School of Management at the University of Dallas 4 ¡ Overall general statement produced by Senior Management ¡ Security Policy can be organizational policy or system policy ¡ Organizational Policy Characteristics: ¢ Business objectives should drive policy creation & implementation ¢ Should be Easily Understood ¢ Should be used to Integrate Security into all Business Functions ¢ Should be derived from legislation & regulation applicable to the company Security Policy 5 ¡ Issue Specific Policy (functional implementation policy) (ie user access, time of use, web access, for business purposes only) ¡ System-Specific Policy – presents managements decisions specific to computers, networks, applications & data ¡ Policies are written in broad terms ¡ Policy provides foundation ¡ Procedures, Standards & Guidelines provide the Security Framework Security Policy 6 £ Standards £ Organizational Security standards specify how hardware, and software products are to be...
View Full Document
This note was uploaded on 02/20/2011 for the course TECH 7350 taught by Professor Lee during the Spring '11 term at University of Arkansas for Medical Sciences.
- Spring '11