IS4550 Security Policies and Implementation

Slides:



Advertisements
Similar presentations
USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.
Advertisements

Control and Accounting Information Systems
Security Controls – What Works
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
Chapter 7 Database Auditing Models
INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.
Chapter 1: Introduction to Project Management
BSBPMG404A Apply Quality Management Techniques Apply Quality Management Techniques Unit Guide C ertificate IV in Project Management Qualification.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Module N° 8 – SSP implementation plan. SSP – A structured approach Module 2 Basic safety management concepts Module 2 Basic safety management concepts.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 7 Database Auditing Models.
IRM304 CDR Course Manager: Denny Involved Competency Leads: 26 (Cybersecurity)-Denman, 19 (Measurement)-Denny, 7 (DBS)-Corcoran [Capability Planning],
Module 2: Creating a Plan for Network Security. Overview Introduction to Security Policies Designing Security by Using a Framework Creating a Security.
Audit Planning Process
IT Controls Global Technology Auditing Guide 1.
Chapter 9: Introduction to Internal Control Systems
Access Security IS3230.
FISSEA Conference 2004 Developing Role-based Learning Activities U.S. Department of State.
Organizing a Privacy Program: Administrative Infrastructure and Reporting Relationships Presented by: Samuel P. Jenkins, Director Defense Privacy Office.
Deck 5 Accounting Information Systems Romney and Steinbart Linda Batch February 2012.
Belgian Technical Cooperation Internal audit presentation.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
SEC 440 OUTLET The learning interface/sec440outletdotcom.
Department of Computer Science Introduction to Information Security Chapter 8 ISO/IEC Semester 1.
SEC 440 Entire Course (UOP) For more course tutorials visit  SEC 440 Week 1 Organizational Information Security System Analysis.
© ITT Educational Services, Inc. All rights reserved. IS4680 Security Auditing for Compliance Unit 1 Information Security Compliance.
BSBPMG404A Apply Quality Management Techniques Apply Quality Management Techniques Unit Guide C ertificate IV in Project Management Qualification.
Modern Auditing: Assurance Services and the Integrity of Financial Reporting, 8th Edition William C. Boynton California Polytechnic State University at.
The Common Criteria for Information Technology Security Evaluation
Sample Fit-Gap Kick-off
IS4680 Security Auditing for Compliance
Computer Network Fundamentals CNT4007C
Dutchess Community College Middle States Self-Study 2015
IS4550 Security Policies and Implementation
Teaching and Learning in Higher Education
Data Architecture World Class Operations - Impact Workshop.
Computer Networks CNT5106C
Software Configuration Management
IS4550 Security Policies and Implementation Unit 7 Risk Management
IS4680 Security Auditing for Compliance
Chapter 9 Control, security and audit
IS4550 Security Policies and Implementation
IS4680 Security Auditing for Compliance
IS4550 Security Policies and Implementation
SEC 440 Competitive Success/snaptutorial.com
ACC 561 TUTORIAL Lessons in Excellence--acc561tutorial.com.
CMGT 445 MASTER Lessons in Excellence--cmgt445master.com.
SEC 440 Education for Service-- snaptutorial.com.
CMGT 582 STUDY Lessons in Excellence--cmgt582study.com.
SEC 440 Teaching Effectively-- snaptutorial.com
Building the Foundation of Compliance
Building the Foundation of Compliance
Computer Networks CNT5106C
IS4550 Security Policies and Implementation Unit 5 User Policies
IS4680 Security Auditing for Compliance
IS4550 Security Policies and Implementation
IS4550 Security Policies and Implementation
IS4680 Security Auditing for Compliance
IS4550 Security Policies and Implementation
IS4550 Security Policies and Implementation
IS4680 Security Auditing for Compliance
Canadian Auditing Standards (CAS)
IS4680 Security Auditing for Compliance
IS4680 Security Auditing for Compliance
Computer Networks CNT5106C
Internal Audit Who? What? When? How? Why? In brief . . .
Process and Procedure Documentation
Computer System Validation
FY 2020 Audit Plan Kickoff July 15, 2019
Security Policies and Implementation Issues
Presentation transcript:

IS4550 Security Policies and Implementation Unit 1 Information Security Policy Management

Class Agenda 6/16/16 Introduction Course Syllabus. Learning Objectives Lesson Presentation and Discussions. Discussion on Assignments. Discussion on Lab Activities. Break Times as per School Regulations.

Course Syllabus Introduction of Course Syllabus. Course Summary Course Plan Evaluation Academic integrity Discussion and questions about syllabus.

Name: Williams Obinkyereh Bachelor of Science in Statistics (BSc Stats) Master of Science in Information Technology (MSc IT) Post Masters of Advanced Studies in Software Engineering. Doctor of Computer Science (DCS) Ongoing Contacts: Email: WObinkyereh@itt-tech.edu

Learning Objective Identify the role of an information systems security (ISS) policy framework in overcoming business challenges. Unit 1 cover Chapters 1, 2 and 3

Key Concepts ISS and information assurance in organizations ISS policies and their importance in organizations Four information security controls Business drivers that create the need for ISS policy framework U.S. compliancy laws and industry standards

EXPLORE: CONCEPTS

Information system security and Business. Business exist to make money or to provide some service. Business do not exist because of Security. Business are now faced with security attacks. Discussion. Why do business need security?

Information Security Controls Policy Standards Procedures Guidelines Defines how an organization performs and conducts business functions and transactions with a desired outcome. An established method implemented organization-wide. Steps required to implement a process. A parameter within which a policy, standard, or procedure is suggested.

Why do organization need security policies? Information system Security Information Assurance Information Governance Importance of Governance Importance of policies

Information Security Governance Risk Assessment Security Policy Framework Compliance Information Assurance Information Security Governance

EXPLORE: PROCESS

Process for Creating a Policy Framework (Generic) Business recognizes a need for a new policy to be developed. Purpose and mission for policy Responsibilities for enforcing policy Compliance issues covered by new policy Scope of policy coverage Collect documents relating to the new policy. Analyze existing policies for overlap and coverage. Develop case study relating to the new policy. Examine existing frameworks for policies that can be used. Implement new policy and add to policy change control board process.

EXPLORE: ROLES

Typical Large Public Organization Chief Information Security Officer Security Manager Risk Manager Compliance Officer Information Assurance Auditor

EXPLORE: RATIONALE

Organizational Policy Development and Importance Policy = Business Requirement on Actions or Processes Performed Frameworks Policy Standard Procedure Guideline Threats to Systems Controls on Systems

Summary In this presentation, the following were covered: Four information security controls Components of information security governance Process for creating a policy framework Importance of security policy in an organization

Unit 1 Discussion and Assignments Discussion 1.1 Importance of Security Policies( Group Discussion) Assignment 1.3 Security Policies Overcoming Business Challenges

Unit 1 Lab Activities Lab is in the lab manual on line Lab 1.2 Craft an Organization-Wide Security Management Policy for Acceptable Use Reading assignment: Read chapter 1, 2 and 3

Class Project Project Title Department of Defense DOD Audit This is a Team Project. You will create 3 teams. Deliverables or milestone drafts as specified in the project content will be submitted. Due on Week 11

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.