Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dr. Bhavani Thuraisingham Information Security and Risk Management June 5, 2015 Lecture #5 Summary of Chapter 3.

Published byMervin Gardner Modified over 8 years ago

Similar presentations

Presentation on theme: "Dr. Bhavani Thuraisingham Information Security and Risk Management June 5, 2015 Lecture #5 Summary of Chapter 3."— Presentation transcript:

1 Dr. Bhavani Thuraisingham Information Security and Risk Management June 5, 2015 Lecture #5 Summary of Chapter 3

2 13-2 3/10/2016 23:48 Outline 0 Security Management 0 Security Administration and Supporting Controls 0 Organizational Security Model 0 Information Risk Management 0 Risk Analysis 0 Policies, Standards, Baselines, Guidelines, Procedures 0 Information Classification 0 Layers of Responsibility 0 Security Awareness and Training

3 13-3 3/10/2016 23:48 Security Management 0 Security Management Responsibilities 0 Top-Down approach to security

4 13-4 3/10/2016 23:48 Security Administration and Supporting Controls 0 Fundamental principles of security -CIA 0 Security definitions -Threats, Vulnerabilities, Risk, Countermeasures/safeguard 0 Security through obscurity

5 13-5 3/10/2016 23:48 Organizational Security Model 0 Security Program Components 0 Security Frameworks 0 Security Governance 0 Security Program Development

6 13-6 3/10/2016 23:48 Information Risk Management 0 Who really understands risk management? 0 Information Risk Management Policy 0 The Risk Management Team

7 13-7 3/10/2016 23:48 Risk Analysis 0 Risk Analysis Team 0 Risk Ownership 0 The value of information and assets 0 Costs that make up the value 0 Identifying Threats 0 Failure and Fault Analysis 0 Quantitative Risk Analysis 0 Qualitative Risk Analysis 0 Protection Mechanisms

8 13-8 3/10/2016 23:48 Policies, Standards, Baselines, Guidelines, Procedures 0 Security Policy 0 Standards 0 Baselines 0 Guidelines 0 Procedures 0 Implementation

9 13-9 3/10/2016 23:48 Information Classification 0 Private Business vs. Military Classification 0 Classification Controls

10 13-10 3/10/2016 23:48 Layers of Responsibility 0 Board of Directors 0 Executive Management 0 Chief Information Officer 0 Chief Security Officer 0 IS Security Steering Committee 0 Audit Committee 0 Data Owner 0 Data Custodian 0 System Owner 0 Security Administrator 0 Security Analyst 0 Application Owner 0 Supervisor 0 Change Control Analyst 0 Data Analyst 0 Process Owner 0 Solution Provider 0 User 0 Product Line Manager 0 Auditor 0 Other: HR, Hiring Practices, Termination

11 13-11 3/10/2016 23:48 Security Awareness and Training 0 Different Types of Security Awareness and Training 0 Evaluating the Program 0 Specialized Security Training

Download ppt "Dr. Bhavani Thuraisingham Information Security and Risk Management June 5, 2015 Lecture #5 Summary of Chapter 3."

Similar presentations

PhoenixPro Procurement. technology. contracts. projects.

PhoenixPro Procurement. technology. contracts. projects.
Security and Personnel

Security and Personnel
Security Controls – What Works

Security Controls – What Works
ISA 562 Summer 2008 1 Information Security Management CISSP Topic 1 ISA 562 Internet Security Theory and Practice.

ISA 562 Summer Information Security Management CISSP Topic 1 ISA 562 Internet Security Theory and Practice.
Author(s): Don M. Blumenthal, 2010 License: Unless otherwise noted, this material is made available under the terms of the Attribution – Non-commercial.

Author(s): Don M. Blumenthal, 2010 License: Unless otherwise noted, this material is made available under the terms of the Attribution – Non-commercial.
Information Security Policies and Standards

Information Security Policies and Standards
Security Management Practices Keith A. Watson, CISSP CERIAS.

Security Management Practices Keith A. Watson, CISSP CERIAS.
Unit # 3: Information Security and Risk Management

Unit # 3: Information Security and Risk Management
Introduction to Information Security

Introduction to Information Security
By: Ashwin Vignesh Madhu

By: Ashwin Vignesh Madhu
Information Security Governance and Risk Chapter 2 Part 1 Pages 21 to 69.

Information Security Governance and Risk Chapter 2 Part 1 Pages 21 to 69.
Managing Risk in Information Systems Strategies for Mitigating Risk

Managing Risk in Information Systems Strategies for Mitigating Risk
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
Chapter 11.  The board is ultimately responsible for risk management  Oversee strategic risks, operational risks, and financial risks  Many federal.

Chapter 11.  The board is ultimately responsible for risk management  Oversee strategic risks, operational risks, and financial risks  Many federal.
Complying With The Federal Information Security Act (FISMA)

Complying With The Federal Information Security Act (FISMA)
Information Technology Audit

Information Technology Audit
Peer Information Security Policies: A Sampling Summer 2015.

Peer Information Security Policies: A Sampling Summer 2015.
AUDITING INFORMATION SYSTEMS SECURITY. AUDIT OF LOGICAL ACCESS USE OF TECHNIQUES FOR TESTING SECURITY USE OF INVESTIGATION TECHNIQUES.

AUDITING INFORMATION SYSTEMS SECURITY. AUDIT OF LOGICAL ACCESS USE OF TECHNIQUES FOR TESTING SECURITY USE OF INVESTIGATION TECHNIQUES.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
Auditing Information Systems (AIS)

Auditing Information Systems (AIS)

Similar presentations

Ads by Google