Pfleeger cp 2015 security in computing 5th edition

This preview shows page 45 - 51 out of 346 pages.

Pfleeger C.P., 2015, Security in Computing , 5th Edition Prentice-Hall Eloff, M. M. and S. H. v. Solms, 2000, "Information Security Management: a hierarchical framework for various approaches." Computers & Security March 2000 19(3): 243-256. A.Blyth and G.L.Kovacich, Information Assurance , Springer Verlag, 2001, ISBN 1-85233-326-X D.Denning and P.J.Denning, Internet Besieged: Countering Cyberspace Scofflaws , Addison Wesley, 1998, ISBN 0-201-30820-7. R.C.Summers, Secure Computing: Threats and Safeguards , McGraw-Hill, 1997, ISBN 0-07-069419- 2. Taylor, P. M. (2002). "Perception Management and the War Against Terrorism." Journal of Information Warfare 1 (3): 16-29. Jones, A. and G. L. Kovacich (2001). "What InfoSec professionals should know about information warfare tactics by terrorists." Computers & Security January 2001 21 (1): 35-41.
Additional Reading
Security in Small Organizations 10-100 Computers Have simple, centralised IT organisational model Spend disproportionately more on security Information security in small org is often responsibility of a single security administrator Such organizations frequently have little in the way of formal policy, planning, or security measures Commonly outsource their Web presence or electronic commerce operations Security training and awareness is commonly conducted on a 1-on-1 basis Policies are often issue-specific Formal planning is often part of IT planning Threats from insiders are less likely in an environment where every employee knows every other employee
Security in Medium-Sized Organizations 100-1,000 Computers Have small total budget Have same sized security staff as small org, but larger need Must rely on help from IT staff for plans and practices Ability to set policy, handle incidents in regular manner and effectively allocate resources is, overall, worse than any other size May be large enough to implement multi-tiered approach to security with fewer dedicated groups and more functions assigned to each group Medium-sized organizations tend to ignore some security functions
Security in Large Organizations Information security departments in large organizations tend to form and re-form internal groups to meet long-term challenges even as they handle day-to-day security operations Functions are likely to be split into groups In contrast, smaller organizations typically create fewer groups, perhaps only having one general group of specialists Responsibilities CISO’s responsibility to see that information security functions are adequately performed somewhere within the organization Deployment of full-time security personnel depends on a number of factors, including sensitivity of information to be protected, industry regulations and general profitability The more money a company can dedicate to its personnel budget, the more likely it is to maintain a large information security staff
Security in Large Organizations With 1,000 to 10,000 computers Mature approach to security, integrating planning and policy into organisation’s culture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture