Outline Chapter 5 & 6 - Outline Chapter 5...

Info icon This preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
Outline Chapter 5 INTRODUCTION The creation of an information security program begins with the creation or review of the organization’s information security policies, standards, and practices, followed by the selection or creation of information security architecture and a detailed information security blueprint. 172 POLICY Is a plan or course of action used to convey instructions from an organization’s senior-most management to those who make decisions, take actions, and perform other duties. 174 STANDARDS On the other hand, are more detailed statements of what must be done to comply with policy. They have the same requirement for compliance as policies. 174 MISSION The mission of an organization is a written statement of an organization’s purpose. 174 VISION The vision of an organization is a written statement about the organization’s goals. Where will the organization be in five years? In ten? 174 STRATEGIC PLANNING Is the process of moving the organization toward its vision. 174 SECURITY POLICY The meaning of the term security policy depends on the context in which it is used. In general, security policy is a set of rules that protect an organization’s assets. A security policy can also represent a credit card agency’s method for processing credit card numbers. 175 INFORMATION SECURITY POLICY Provides rules for the protection of the information assets of the organization. 175 STANDARD and TECHNOLOGY SPECIAL PUBLICATION Management must define three types of security policy: 1. Enterprise information security policies 2. Issue-specific security policies 3. System-specific security policies 175 THREE TYPES OF SECURITY POLICY 1-Enterprise information security policies , 2-Issue-specific security policies, 3-Systems-specific security policies. 175 CRITERIA FOR POLICY TO BE EFFECTIVE 1-Dissmemination(distribution), 2-Review(reading), 3- Comprehension(understanding),4-Compliance (agreement), 5- Uniform enforcement 175 ENTERPRISE INFORMATION SECURITY POLICY (EISP) Is also known as a general security policy, organizational security policy, IT security policy, or information security policy. The EISP is based on and directly supports the mission, vision, and direction of the organization and sets the strategic direction, scope, and tone for all security efforts 175 ISSUE-SPECIFIC SECURITY POLICY (ISSP) 1)addresses specific area of technology, 2) requires frequent updates and 3) contains a statement on the organization’s position on a specific issue. Three of the most common area to create the following types of ISSP documents: 1. Independent ISSP documents, each tailored to a specific issue 2. A single comprehensive ISSP document covering all issues 3. A modular ISSP document that unifies policy creation and administration, while maintaining each specific issue’s requirements.
Image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern