unit_2_p4_tech_7350_c3 - TECH 7350 – Managing Information...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: TECH 7350 – Managing Information Security The Graduate School of Management at the University of Dallas TECH 7350 MANAGING INFORMATION MANAGING INFORMATION SECURITY SECURITY Sandra Blanke, Ph.D., CISSP The Graduate School of Management at the University of Dallas Unit 2 Unit 2 Chapter 3 Part 4 Chapter 3 Part 4 Security Policies, Guidelines and Personnel Security Policies, Guidelines and Personnel 2 Learning Objectives ¡ Policy Standards ¡ Security Policy ¡ Information Classification ¡ Layers of Responsibilities ¡ Security Awareness Training & Education 3 ¡ Sr. Mgmt defines the scope of security and identify what needs to be protected ¡ Management understands Regulations, Laws and Liability Issues ¡ Sr. Management determines what is expected of employees and consequences for noncompliance ¡ HR and Legal needs to be involved in the development and enforcement of some of the elements Policies, Standards, Baselines, Guidelines & Procedures TECH 7350 – Managing Information Security The Graduate School of Management at the University of Dallas 4 ¡ Overall general statement produced by Senior Management ¡ Security Policy can be organizational policy or system policy ¡ Organizational Policy Characteristics: ¢ Business objectives should drive policy creation & implementation ¢ Should be Easily Understood ¢ Should be used to Integrate Security into all Business Functions ¢ Should be derived from legislation & regulation applicable to the company Security Policy 5 ¡ Issue Specific Policy (functional implementation policy) (ie user access, time of use, web access, for business purposes only) ¡ System-Specific Policy – presents managements decisions specific to computers, networks, applications & data ¡ Policies are written in broad terms ¡ Policy provides foundation ¡ Procedures, Standards & Guidelines provide the Security Framework Security Policy 6 £ Standards £ Organizational Security standards specify how hardware, and software products are to be...
View Full Document

This note was uploaded on 02/20/2011 for the course TECH 7350 taught by Professor Lee during the Spring '11 term at University of Arkansas for Medical Sciences.

Page1 / 7

unit_2_p4_tech_7350_c3 - TECH 7350 – Managing Information...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online