Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dr. Bhavani Thuraisingham Information Security and Risk Management June 5, 2015 Lecture #5 Summary of Chapter 3.

Similar presentations


Presentation on theme: "Dr. Bhavani Thuraisingham Information Security and Risk Management June 5, 2015 Lecture #5 Summary of Chapter 3."— Presentation transcript:

1 Dr. Bhavani Thuraisingham Information Security and Risk Management June 5, 2015 Lecture #5 Summary of Chapter 3

2 13-2 3/10/2016 23:48 Outline 0 Security Management 0 Security Administration and Supporting Controls 0 Organizational Security Model 0 Information Risk Management 0 Risk Analysis 0 Policies, Standards, Baselines, Guidelines, Procedures 0 Information Classification 0 Layers of Responsibility 0 Security Awareness and Training

3 13-3 3/10/2016 23:48 Security Management 0 Security Management Responsibilities 0 Top-Down approach to security

4 13-4 3/10/2016 23:48 Security Administration and Supporting Controls 0 Fundamental principles of security -CIA 0 Security definitions -Threats, Vulnerabilities, Risk, Countermeasures/safeguard 0 Security through obscurity

5 13-5 3/10/2016 23:48 Organizational Security Model 0 Security Program Components 0 Security Frameworks 0 Security Governance 0 Security Program Development

6 13-6 3/10/2016 23:48 Information Risk Management 0 Who really understands risk management? 0 Information Risk Management Policy 0 The Risk Management Team

7 13-7 3/10/2016 23:48 Risk Analysis 0 Risk Analysis Team 0 Risk Ownership 0 The value of information and assets 0 Costs that make up the value 0 Identifying Threats 0 Failure and Fault Analysis 0 Quantitative Risk Analysis 0 Qualitative Risk Analysis 0 Protection Mechanisms

8 13-8 3/10/2016 23:48 Policies, Standards, Baselines, Guidelines, Procedures 0 Security Policy 0 Standards 0 Baselines 0 Guidelines 0 Procedures 0 Implementation

9 13-9 3/10/2016 23:48 Information Classification 0 Private Business vs. Military Classification 0 Classification Controls

10 13-10 3/10/2016 23:48 Layers of Responsibility 0 Board of Directors 0 Executive Management 0 Chief Information Officer 0 Chief Security Officer 0 IS Security Steering Committee 0 Audit Committee 0 Data Owner 0 Data Custodian 0 System Owner 0 Security Administrator 0 Security Analyst 0 Application Owner 0 Supervisor 0 Change Control Analyst 0 Data Analyst 0 Process Owner 0 Solution Provider 0 User 0 Product Line Manager 0 Auditor 0 Other: HR, Hiring Practices, Termination

11 13-11 3/10/2016 23:48 Security Awareness and Training 0 Different Types of Security Awareness and Training 0 Evaluating the Program 0 Specialized Security Training


Download ppt "Dr. Bhavani Thuraisingham Information Security and Risk Management June 5, 2015 Lecture #5 Summary of Chapter 3."

Similar presentations


Ads by Google