chapter06 - Management of Information Security 6-1 Chapter...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
Management of Information Security 6-1 Chapter 6 Security Management Models and Practices Chapter Overview In this chapter, readers will learn the components of the dominant information security management models, including U.S. government-sanctioned models, and how to customize them for a specific organization’s needs. This knowledge will be extended as readers learn how to implement the fundamental elements of key information security management practices and gain an understanding of emerging trends in the certification and accreditation of U.S. federal IT systems. Chapter Objectives When you complete this chapter, you will be able to: Upon completion of this material you should be able to: Select from the dominant information security management models, including U.S. government sanctioned models, and customize them for your organization’s needs Implement the fundamental elements of key information security management practices Follow emerging trends in the certification and accreditation of U. S. Federal IT systems Set-up Notes This chapter could be completed in a single class session, if there is sufficient time to cover the material. Unless the students have not had the opportunity to read the material in advance (in some settings, the textbooks are not made available until the first class meeting), it may be prudent to have a general discussion of the topic, with detailed lecture to follow at the next class meeting. The subject matter can be covered in 1.25 to 2.5 hours.
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Management of Information Security 6-2 Lecture Notes and Teaching Tips with Quick Quizzes Introduction To create or maintain a secure environment, one must design a working security plan and then implement a management model to execute and maintain the plan. This may begin with the creation or validation of a security framework, followed by an information security blueprint that describes existing controls and identifies other necessary security controls. A framework is the outline of the more thorough blueprint, which is the basis for the design, selection, and implementation of all subsequent security controls. Introduction To design a security blueprint, most organizations draw from established security models and practices. Security Management Models A security model is a generic blueprint offered by a service organization. One way to create the blueprint is to look at what other organizations have done (benchmarking). One way to select a methodology is to adapt or adopt an existing security management model or set of practices. BS 7799 Part 1 One of the most widely referenced and often discussed security models is Information Technology – Code of Practice for Information Security Management, which was originally published as British Standard BS 7799. The purpose of ISO/IEC 17799 is to “give recommendations for information security
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 18

chapter06 - Management of Information Security 6-1 Chapter...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online