Presentation is loading. Please wait.

Presentation is loading. Please wait.

IS4550 Security Policies and Implementation

Published byΝικηφόρος Κοντολέων Modified over 5 years ago

Similar presentations

Presentation on theme: "IS4550 Security Policies and Implementation"— Presentation transcript:

1 IS4550 Security Policies and Implementation
Unit 1 Information Security Policy Management

2 Class Agenda 6/16/16 Introduction Course Syllabus. Learning Objectives
Lesson Presentation and Discussions. Discussion on Assignments. Discussion on Lab Activities. Break Times as per School Regulations.

3 Course Syllabus Introduction of Course Syllabus. Course Summary
Course Plan Evaluation Academic integrity Discussion and questions about syllabus.

4 Name: Williams Obinkyereh
Bachelor of Science in Statistics (BSc Stats) Master of Science in Information Technology (MSc IT) Post Masters of Advanced Studies in Software Engineering. Doctor of Computer Science (DCS) Ongoing Contacts:

5

6 Learning Objective Identify the role of an information systems security (ISS) policy framework in overcoming business challenges. Unit 1 cover Chapters 1, 2 and 3

7 Key Concepts ISS and information assurance in organizations
ISS policies and their importance in organizations Four information security controls Business drivers that create the need for ISS policy framework U.S. compliancy laws and industry standards

8 EXPLORE: CONCEPTS

9 Information system security and Business.
Business exist to make money or to provide some service. Business do not exist because of Security. Business are now faced with security attacks. Discussion. Why do business need security?

10 Information Security Controls
Policy Standards Procedures Guidelines Defines how an organization performs and conducts business functions and transactions with a desired outcome. An established method implemented organization-wide. Steps required to implement a process. A parameter within which a policy, standard, or procedure is suggested.

11 Why do organization need security policies?
Information system Security Information Assurance Information Governance Importance of Governance Importance of policies

12 Information Security Governance
Risk Assessment Security Policy Framework Compliance Information Assurance Information Security Governance

13 EXPLORE: PROCESS

14 Process for Creating a Policy Framework (Generic)
Business recognizes a need for a new policy to be developed. Purpose and mission for policy Responsibilities for enforcing policy Compliance issues covered by new policy Scope of policy coverage Collect documents relating to the new policy. Analyze existing policies for overlap and coverage. Develop case study relating to the new policy. Examine existing frameworks for policies that can be used. Implement new policy and add to policy change control board process.

15 EXPLORE: ROLES

16 Typical Large Public Organization
Chief Information Security Officer Security Manager Risk Manager Compliance Officer Information Assurance Auditor

17 EXPLORE: RATIONALE

18 Organizational Policy Development and Importance
Policy = Business Requirement on Actions or Processes Performed Frameworks Policy Standard Procedure Guideline Threats to Systems Controls on Systems

19 Summary In this presentation, the following were covered:
Four information security controls Components of information security governance Process for creating a policy framework Importance of security policy in an organization

20 Unit 1 Discussion and Assignments
Discussion 1.1 Importance of Security Policies( Group Discussion) Assignment 1.3 Security Policies Overcoming Business Challenges

21 Unit 1 Lab Activities Lab is in the lab manual on line Lab 1.2 Craft an Organization-Wide Security Management Policy for Acceptable Use Reading assignment: Read chapter 1, 2 and 3

22 Class Project Project Title Department of Defense DOD Audit This is a Team Project. You will create 3 teams. Deliverables or milestone drafts as specified in the project content will be submitted. Due on Week 11

Download ppt "IS4550 Security Policies and Implementation"

Similar presentations

USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.

USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.
Control and Accounting Information Systems

Control and Accounting Information Systems
Security Controls – What Works

Security Controls – What Works
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
Chapter 7 Database Auditing Models

Chapter 7 Database Auditing Models
INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.

INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.
Chapter 1: Introduction to Project Management

Chapter 1: Introduction to Project Management
BSBPMG404A Apply Quality Management Techniques Apply Quality Management Techniques Unit Guide C ertificate IV in Project Management 17871 Qualification.

BSBPMG404A Apply Quality Management Techniques Apply Quality Management Techniques Unit Guide C ertificate IV in Project Management Qualification.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Module N° 8 – SSP implementation plan. SSP – A structured approach Module 2 Basic safety management concepts Module 2 Basic safety management concepts.

Module N° 8 – SSP implementation plan. SSP – A structured approach Module 2 Basic safety management concepts Module 2 Basic safety management concepts.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 7 Database Auditing Models.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 7 Database Auditing Models.
IRM304 CDR Course Manager: Denny Involved Competency Leads: 26 (Cybersecurity)-Denman, 19 (Measurement)-Denny, 7 (DBS)-Corcoran [Capability Planning],

IRM304 CDR Course Manager: Denny Involved Competency Leads: 26 (Cybersecurity)-Denman, 19 (Measurement)-Denny, 7 (DBS)-Corcoran [Capability Planning],
Module 2: Creating a Plan for Network Security. Overview Introduction to Security Policies Designing Security by Using a Framework Creating a Security.

Module 2: Creating a Plan for Network Security. Overview Introduction to Security Policies Designing Security by Using a Framework Creating a Security.
Audit Planning Process

Audit Planning Process
Www.theiia.org IT Controls Global Technology Auditing Guide 1.

IT Controls Global Technology Auditing Guide 1.
Chapter 9: Introduction to Internal Control Systems

Chapter 9: Introduction to Internal Control Systems
Access Security IS3230.

Access Security IS3230.
FISSEA Conference 2004 Developing Role-based Learning Activities U.S. Department of State.

FISSEA Conference 2004 Developing Role-based Learning Activities U.S. Department of State.
Organizing a Privacy Program: Administrative Infrastructure and Reporting Relationships Presented by: Samuel P. Jenkins, Director Defense Privacy Office.

Organizing a Privacy Program: Administrative Infrastructure and Reporting Relationships Presented by: Samuel P. Jenkins, Director Defense Privacy Office.
Deck 5 Accounting Information Systems Romney and Steinbart Linda Batch February 2012.

Deck 5 Accounting Information Systems Romney and Steinbart Linda Batch February 2012.

Similar presentations

Ads by Google