IS4550 Security Policies and Implementation Unit 2 Risk Mitigation and Business Support Processes
Class Agenda 6/23/16 Lesson Covers Chapter 4 and 5 Learning Objectives 12/6/2018 Class Agenda 6/23/16 Lesson Covers Chapter 4 and 5 Learning Objectives Lesson Presentation and Discussions. Discussion on Assignments. Discussion on Lab Activities. Break Times as per School Regulations. Try to read the text book before class. (c) ITT Educational Services, Inc.
Learning Objective Analyze how security policies help mitigate risks and support business processes in various domains in the information technology (IT) infrastructure.
Key Concepts Business challenges in each IT domain Risk mitigation in seven IT domains Organizational hurdles to policy implementation Policy implementation issues related to humans in the workplace Executive management
EXPLORE: CONCEPTS
Seven Domains of a Typical IT Infrastructure Switch
Risk Mitigation and the Role of Security Policies Each of the seven IT domains have different types of risks associated with them, and policy creation seeks to reduce or mitigate these risks. Each policy created for the seven IT domains must address as many risks in that domain as possible.
Student check and Discuss sample of Security Policies Security policies template http://www.sans.org/security resources/policies/
Relevance of Executive Management Support Data supporting policy implementation aligned with business objectives Business objectives identified align with compliance laws or regulations required to conduct business Security Policy implementation can expect executive management support
Lack of Executive Management Support Data supporting policy implementation not aligned with business objectives Business objectives identified do not align with compliance laws or regulations required to conduct business, or are unclear and have insufficient support from leadership Security Policy implementation can expect to fail without executive management support
EXPLORE: PROCESS
Policy Implementation Steps Build Support for Policy Implement Security Policy Transition From Informal to Formal Implementation Tasks Informal Discussions Formal Implementation Project Step One: Create Urgency Step Two: Form a Powerful Coalition Step Four: Communicate the Vision Step Three: Create a Vision for Change Step Five: Remove Obstacles Step Six: Create Short-Term Wins Step Seven: Build on the Change Step Eight: Anchor the Changes in Corporate Culture Adapted from “Kotter’s Eight-Step Change Model.”
Policy Implementation Issues Each organization has many different types of personal traits, each affecting the organization in its attempt to implement a policy in the workplace.
Summary In this presentation, the following were covered: Seven domains of a typical IT infrastructure Importance of executive management support to implement security policy Policy implementation steps Policy implementation issues related to humans in the workplace
Unit 2 Discussion and Assignments Unit 2 Discussion 1: Risk Mitigation Unit 2 Assignment 1: Good Policy Implementation
Unit 2 Lab Activities Lab is in the lab manual on line Lab 2.2 Develop an Organization-Wide Policy Framework Implementation Plan Reading assignment: Read chapter 4 and 5
Class Project Project Title Department of Defense DOD Audit This is a Team Project. You will create 3 teams. Deliverables or milestone drafts as specified in the project content will be submitted. Due on Week 11