Chapter 5

Chapter 5 - Learning Objectives Upon completion of this...

Info iconThis preview shows pages 1–10. Sign up to view the full content.

View Full Document Right Arrow Icon
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Principles of Information Security, 3rd Edition 2 Define management’s role in the development, maintenance, and enforcement of information security policy, standards, practices, procedures, and guidelines. Describe what an information security blueprint is, what its major components are, and how it is used to support the information security program. Learning Objectives Upon completion of this material, you should be able to:
Background image of page 2
Principles of Information Security, 3rd Edition 3 Learning Objectives (continued) Discuss how an organization institutionalizes its policies, standards, and practices using education, training, and awareness programs. Explain what contingency planning is and how incident response planning, disaster recovery planning, and business continuity plans are related to contingency planning.
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Principles of Information Security, 3rd Edition 4 Introduction Creation of information security program begins with creation and/or review of organization’s information security policies, standards, and practices Then, selection or creation of information security architecture and the development and use of a detailed information security blueprint creates plan for future success Without policy, blueprints, and planning, organization is unable to meet information security needs of various communities of interest
Background image of page 4
Principles of Information Security, 3rd Edition 5 Information Security Policy, Standards and Practices Communities of interest must consider policies as basis for all information security efforts Policies direct how issues should be addressed and technologies used Security policies are least expensive controls to execute but most difficult to implement properly Shaping policy is difficult
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Principles of Information Security, 3rd Edition 6 Definitions Policy: course of action used by organization to convey instructions from management to those who perform duties Policies are organizational laws Standards: more detailed statements of what must be done to comply with policy Practices, procedures and guidelines effectively explain how to comply with policy For a policy to be effective, must be properly disseminated, read, understood, agreed to by all members of organization and uniformly enforced
Background image of page 6
Principles of Information Security, 3rd Edition 7
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Principles of Information Security, 3rd Edition 8 Enterprise Information Security Policy (EISP) Sets strategic direction, scope, and tone for all security efforts within the organization Executive-level document, usually drafted by or with CIO of the organization Typically addresses compliance in two areas Ensure meeting requirements to establish program and responsibilities assigned therein to various organizational components Use of specified penalties and disciplinary action
Background image of page 8
Principles of Information Security, 3rd Edition 9 Issue-Specific Security Policy (ISSP) The ISSP: Addresses specific areas of technology
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 10
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 53

Chapter 5 - Learning Objectives Upon completion of this...

This preview shows document pages 1 - 10. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online