1 Managing the Security Function Chapter 11 2 Figure 11-1: Organizational Issues Top Management Support  Top-Management security awareness briefing.

Slides:



Advertisements
Similar presentations
Issues of collaborating in a Shibboleth FE/HE trust environment Graham Mason KC-ROLO.
Advertisements

CHAPTER 7 Business Management.
Guide to Network Defense and Countermeasures
Security and Personnel
Access Control Chapter 3 Part 5 Pages 248 to 252.
Appendix B: Designing Policies for Managing Networks.
Hands-On Ethical Hacking and Network Defense
Security Controls – What Works
How to Prepare for the Fall Exam COM380/CIT304 Harry Erwin, PhD University of Sunderland.
Information Systems Security Officer
Chapter 10 Managing the Delivery of Information Services.
Computer Security: Principles and Practice
Intro to Business Chapter 7
Chapter 2 Strategic Training
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Chapter 2 Modern Private Security
Computer Security: Principles and Practice
Cloud Computing How secure is it? Author: Marziyeh Arabnejad Revised/Edited: James Childress April 2014 Tandy School of Computer Science.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.
Joseph Ferracin Director IT Security Solutions Managing Security.
Chapter 13 Information Systems Organizations and Personnel Considerations.
Chapter 6 of the Executive Guide manual Technology.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
Should You Outsource Hardware Support? Jonathan Harber CIO, Dignity Health Arizona.
Chapter 4 of the Executive Guide manual
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
Management Responsibilities. Building a Culture of Safety.
Chapter 1 Ethical Hacking Overview. Objectives After reading this chapter and completing the exercises, you will be able to: Describe the role of an ethical.
Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.
Policies CIT 380: Securing Computer SystemsSlide #1.
Strategically Managing the HRM Function McGraw-Hill/Irwin ©2012 The McGraw-Hill Companies, All Rights Reserved.
Note1 (Admi1) Overview of administering security.
Strategic Human Resource Management SHRM. Public administration must meet the challenge of changing social needs and priorities, new directions in public.
Chapter 2 Securing Network Server and User Workstations.
Jeff Miller Tamra Pawloski IT Procurement Summit headline news…
HP World September 2002 Scott S. Blake, CISSP Vice President, Information Security BindView Corporation Vulnerability Assessment and Action.
TOP TEST SECURITY RECOMMENDATIONS FOR SCHOOL DISTRICTS John Fremer, Ph.D. President Caveon Test Security October 25, 2006.
PARTNERING for your INTERESTS Companies invest in security to protect their people, property and information. In doing so, they are also protecting the.
Copyright © 2007 Pearson Education Canada 7-1 Chapter 7: Audit Planning and Documentation.
Pro-active Security Measures
Placing Information Security within an Organization
Security Environment Assessment. Outline  Overview  Key Sources and Participants  General Findings  Policy / Procedures  Host Systems  Network Components.
1 Managing the Security Function Chapter Figure 11-1: Organizational Issues Top Management Support  Top-Management security awareness briefing.
Chapter 8 Auditing in an E-commerce Environment
Update on Recommendations from KPMG, Management Partners, and Task Force City Council Meeting November 16,
1 Figure 11-7: Mobilizing Users User Training  Security Awareness  Accountability Training  Self-Defense Training Social engineering threats and correct.
Chapter 1 Ethical Hacking Overview. Hands-On Ethical Hacking and Network Defense2  Describe the role of an ethical hacker  Describe what you can do.
Chapter 16: Understanding the HR Profession Jackson and Schuler © 2003 South-Western College Publishing. All rights reserved. Eighth edition.
Security Outsourcing Melissa Karolewski. Overview Introduction Definitions Offshoring MSSP Outsourcing Advice Vendors MSSPs Benefits & Risks Security.
Protection of Transportation Infrastructure from Cyber Attacks EXECUTIVE BRIEFING.
Chapter 15 Telecommunication Department Management.
BTEC NAT Unit 15 - Organisational Systems Security ORGANISATIONAL SYSTEMS SECURITY Unit 15 Lecture 7 EMPLOYMENT CONTRACTS & CODES OF CONDUCT.
Welcome to the ICT Department Unit 3_5 Security Policies.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
Physical Security at Data Center: A survey. Objective of the Survey  1. To identify the current physical security in data centre.  2.To analyse the.
Government Internal Audit Career
Performing Risk Analysis and Testing: Outsource or In-house
Managing the Delivery of Information Services
Microsoft 365 Get help with regulatory compliance
Recommending a Security Strategy
Introduction to the Federal Defense Acquisition Regulation
Figure 11-5: Control Principles
Enterprise Roles and Structures:
The Organizational Context
Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.
Managing the Security Function
County HIPAA Review All Rights Reserved 2002.
Cyber security Policy development and implementation
Presentation transcript:

1 Managing the Security Function Chapter 11

2 Figure 11-1: Organizational Issues Top Management Support  Top-Management security awareness briefing (emphasis on brief)  Corporate security policy statement: Vision, not details  Follow-through when security must be upheld in conflicts  Business champions to give support and business advice

3 Figure 11-1: Organizational Issues Should You Place Security Within IT?  Pros Compatible technical skills Making the CIO responsible for security breaches gives accountability  Cons Difficult to blow the whistle on the IT staff Vendor preference differences with networking staff (e.g., Cisco vs Check Point)

4 Figure 11-1: Organizational Issues Should You Place Security Within IT?  Locating security outside IT Can blow the whistle on IT actions If a staff group, can only give advice

5 Figure 11-1: Organizational Issues Security and Auditing  IT Auditing has the skills to determine whether IT rules are enforced, but IT auditing does not set policy  Internal Auditing also can audit IT-related procedures, but it does not make policy

6 Figure 11-1: Organizational Issues Managed Security Service Providers (Figure 11-2)  On-site logging, off-site analysis  Practice-based expertise Get plenty of experience on a daily basis— like fire departments  Separation of responsibilities: Can blow whistle on IT, even the CIO

7 Figure 11-1: Organizational Issues Managed Security Service Providers (Figure 11-2)  What to Outsource? Typically, intrusion detection and vulnerability assessment Rarely policy and other control practices Not commonly antivirus protection and other aspects of security, but MSSPs are expanding

8 Figure 11-1: Organizational Issues Managed Security Service Providers (Figure 11-2)  Evaluating the MSSP Diligence: Is it really reading the logs? (Contracts often are vague) Skills and background of testers

9 Figure 11-1: Organizational Issues Security and Business Staffs  Cannot Just Lob Policies Over the Wall Security and Business Partners  Your Business Partner’s Security Affects You Uniformed Security Personnel  They are often called first by suspicious users  They support investigations

10 Figure 11-1: Organizational Issues Staffing and Training  Hiring staff: Expertise  Training is necessary because few people on the market are security experts  Certifications are good but vary in what they require and do not make up for lack of experience  Background checks should be done on the security staff

11 Figure 11-1: Organizational Issues Staffing and Training  All workers involved in IT should have background checks, including the maintenance staff, consultants, and contractors  Should you hire a hacker? They are likely to have the knowledge you need But would you be afraid to fire or lay off one?

12 Figure 11-2: Managed Security Service Provider (MSSP) Firm MSSP MSSP Logging Server Log File Security Manager 2. Encrypted & Compressed Log Data 3. Analysis 5. Vulnerability Test 4. Small Number of Alerts

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.