Presentation is loading. Please wait.

Presentation is loading. Please wait.

IS Security Policies and Strategies Dr Gurpreet Dhillon Virginia Commonwealth University.

Published byJeffery Tate Modified over 8 years ago

Similar presentations

Presentation on theme: "IS Security Policies and Strategies Dr Gurpreet Dhillon Virginia Commonwealth University."— Presentation transcript:

1 IS Security Policies and Strategies Dr Gurpreet Dhillon Virginia Commonwealth University

2 Understanding security risks IT enabled improvement Business change Benefits Management Risk Management Positive outcomes Negative outcomes Business improvement needed

3 The systems lifecycle Plan Design Implement Evaluate evaluate

4 Planning for IS security Plan Design Implement Evaluate 1.A well conceived corporate plan establishes a basis for developing a security vision 2.A secure organization lays emphasis on the quality of its operations 3.A security policy denotes specific responses to specific recurring situations and hence cannot be considered as a top level document 4.Information systems security planning is of significance if there is a concurrent security evaluation procedure

5 Planning for IS security

6 IS security planning process

7 Designing IS security Plan Design Implement Evaluate 1.The adherence to a specific security design ideal determines the overall security of a system 2.Good security design will lay more emphasis on ‘correctness’ during system specification 3.A secure design should not impose any particular controls, but choose appropriate ones based on the real setting

8 Implementing IS security Plan Design Implement Evaluate 1.Successful implementation of security measures can be brought about if analysts consider the informal organization before the formal 2.Implementation of security measures should take a ‘situational issue-centered’ approach 3.To facilitate successful implementation of security controls, organizations need to share and develop expertise and commitment between the ‘experts’ and managers

9 Evaluating IS security Plan Design Implement Evaluate 1.Security evaluation can only be carried out if the nature of an organization is understood 2.The level of security cannot be quantified and measured; it can only be interpreted 3.Security evaluation cannot be based on the expert viewpoint of any one individual, rather an analysis of all stakeholders should be carried out

10 Risks in Systems Life Cylce Outcome risks Operational risks Process risks

11 Risk management: classification Inherent risks Planning needed Can be assessed and predicted Strategic High Potential Key Operational Support Outcome: high Operational: low Process: low What risk? Outcome: low Operational: high Process: medium Outcome: low Operational: low Process: high

12 Typical concerns StrategicHigh Potential Outcome risks Opportunity & financial risks? Lack of strategic framework: poor business understanding Conflicts of strategy and problems of coordination IT supplier problems Poor management of change Senior management not involved Large and complex projects; too many stakeholders Rigid methodology and strict budgetary controls Key Operational Support Operational risks Process based risks Too much faith in the ‘technical fix’ Use of technology for its novelty value Poor technical skills in the development team Inexperienced staff Large and complex projects; too many stakeholders Poor testing procedures Poor implementation Lack of technical standards

13 Risk management: core strategies StrategicHigh Potential Key OperationalSupport CONFIGURE COMMUNICATE CONTROL CONSTRAIN

14 Risk management: directions - 1 StrategicHigh Potential Business and corporate risks Opportunity & financial risks Key OperationalSupport Operational risks Process based risks Controllable Uncontrollable Predictable Unpredictable No problem - carry out plans Practice quick response to manage as events unfold Emphasis forecasting and thus “steer around” these events Develop a contingency planning system

15 Risk management: directions -2 StrategicHigh Potential Business and corporate risks Key OperationalSupport Operational risks Process based risks History Context (external) Context (internal) Business processes Content Risk Outcomes Context oriented risk assessment Opportunity & financial risks

16 Security management: the way forward StrategicHigh Potential Outcome risks Opportunity & financial risks? Key Operational Support Operational risks Process based risks The organizational context

Download ppt "IS Security Policies and Strategies Dr Gurpreet Dhillon Virginia Commonwealth University."

Similar presentations

1 of 17 Information Strategy The Features of an Information Strategy © FAO 2005 IMARK Investing in Information for Development Information Strategy The.

1 of 17 Information Strategy The Features of an Information Strategy © FAO 2005 IMARK Investing in Information for Development Information Strategy The.
Program Management Office (PMO) Design

Program Management Office (PMO) Design
Thematic evaluation on the contribution of UN Women to increasing women’s leadership and participation in Peace and Security and in Humanitarian Response.

Thematic evaluation on the contribution of UN Women to increasing women’s leadership and participation in Peace and Security and in Humanitarian Response.
Internal Control–Integrated Framework

Internal Control–Integrated Framework
Course: e-Governance Project Lifecycle Day 1

Course: e-Governance Project Lifecycle Day 1
Understanding the management of IS security GP Dhillon, Ph. D. Associate Professor of IS, VCU

Understanding the management of IS security GP Dhillon, Ph. D. Associate Professor of IS, VCU
IMFO Audit & Risk Indaba June 2012

IMFO Audit & Risk Indaba June 2012
Chapter 7: Key Process Areas for Level 2: Repeatable - Arvind Kabir Yateesh.

Chapter 7: Key Process Areas for Level 2: Repeatable - Arvind Kabir Yateesh.
VCU Master Class IT Project Management Critical success and failure factors in IT project management: getting IT right GP Dhillon, PhD.

VCU Master Class IT Project Management Critical success and failure factors in IT project management: getting IT right GP Dhillon, PhD.
Client's aspirations, briefing and alignment of needs both within the client organisation and throughout the supply chain.

Client's aspirations, briefing and alignment of needs both within the client organisation and throughout the supply chain.
It’s Time to Talk About Risk and Control

It’s Time to Talk About Risk and Control
INITIATING THE PLANNING PROCESS. CONTENT Outputs from this stage Stage general description Obtaining government commitment Raising awareness Establishing.

INITIATING THE PLANNING PROCESS. CONTENT Outputs from this stage Stage general description Obtaining government commitment Raising awareness Establishing.
2-1 The Organizational Context: Strategy, Structure, and Culture Chapter 2 © 2007 Pearson Education.

2-1 The Organizational Context: Strategy, Structure, and Culture Chapter 2 © 2007 Pearson Education.
Copyright © 2010 Pearson Education, Inc. Publishing as Prentice Hall 2-1 The Organizational Context: Strategy, Structure, and Culture Chapter 2.

Copyright © 2010 Pearson Education, Inc. Publishing as Prentice Hall 2-1 The Organizational Context: Strategy, Structure, and Culture Chapter 2.
© 2015 Cengage Learning. All rights reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license.

© 2015 Cengage Learning. All rights reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license.
The Nature of Strategic Management

The Nature of Strategic Management
Viewpoint Consulting – Committed to your success.

Viewpoint Consulting – Committed to your success.
The Information Systems Planning Process

The Information Systems Planning Process
Evaluation and Human Resources Focus: discuss how evaluation of schools is conducted and where the emphasis should be placed in these evaluations. Thesis:

Evaluation and Human Resources Focus: discuss how evaluation of schools is conducted and where the emphasis should be placed in these evaluations. Thesis:
Learning and Development Developing leaders and managers

Learning and Development Developing leaders and managers

Similar presentations

Ads by Google