Download presentation
Presentation is loading. Please wait.
Published byMervin Gardner Modified over 8 years ago
1
Dr. Bhavani Thuraisingham Information Security and Risk Management June 5, 2015 Lecture #5 Summary of Chapter 3
2
13-2 3/10/2016 23:48 Outline 0 Security Management 0 Security Administration and Supporting Controls 0 Organizational Security Model 0 Information Risk Management 0 Risk Analysis 0 Policies, Standards, Baselines, Guidelines, Procedures 0 Information Classification 0 Layers of Responsibility 0 Security Awareness and Training
3
13-3 3/10/2016 23:48 Security Management 0 Security Management Responsibilities 0 Top-Down approach to security
4
13-4 3/10/2016 23:48 Security Administration and Supporting Controls 0 Fundamental principles of security -CIA 0 Security definitions -Threats, Vulnerabilities, Risk, Countermeasures/safeguard 0 Security through obscurity
5
13-5 3/10/2016 23:48 Organizational Security Model 0 Security Program Components 0 Security Frameworks 0 Security Governance 0 Security Program Development
6
13-6 3/10/2016 23:48 Information Risk Management 0 Who really understands risk management? 0 Information Risk Management Policy 0 The Risk Management Team
7
13-7 3/10/2016 23:48 Risk Analysis 0 Risk Analysis Team 0 Risk Ownership 0 The value of information and assets 0 Costs that make up the value 0 Identifying Threats 0 Failure and Fault Analysis 0 Quantitative Risk Analysis 0 Qualitative Risk Analysis 0 Protection Mechanisms
8
13-8 3/10/2016 23:48 Policies, Standards, Baselines, Guidelines, Procedures 0 Security Policy 0 Standards 0 Baselines 0 Guidelines 0 Procedures 0 Implementation
9
13-9 3/10/2016 23:48 Information Classification 0 Private Business vs. Military Classification 0 Classification Controls
10
13-10 3/10/2016 23:48 Layers of Responsibility 0 Board of Directors 0 Executive Management 0 Chief Information Officer 0 Chief Security Officer 0 IS Security Steering Committee 0 Audit Committee 0 Data Owner 0 Data Custodian 0 System Owner 0 Security Administrator 0 Security Analyst 0 Application Owner 0 Supervisor 0 Change Control Analyst 0 Data Analyst 0 Process Owner 0 Solution Provider 0 User 0 Product Line Manager 0 Auditor 0 Other: HR, Hiring Practices, Termination
11
13-11 3/10/2016 23:48 Security Awareness and Training 0 Different Types of Security Awareness and Training 0 Evaluating the Program 0 Specialized Security Training
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.