Lecture Professional Practices in IT: Lecture 29 - Saqib Iqbal

After studying this chapter you will be able to understand: The CIA; security governance; policies, procedures, etc; organizational structures; roles and responsibilities; information classification; risk management. | Lecture 29 Information Security Overview The CIA Security Governance Policies, Procedures, etc. Organizational Structures Roles and Responsibilities Information Classification Risk Management The CIA: Information Security Principles Confidentiality Allowing only authorized subjects access to information Integrity Allowing only authorized subjects to modify information Availability Ensuring that information and resources are accessible when needed Reverse CIA Confidentiality Preventing unauthorized subjects from accessing information Integrity Preventing unauthorized subjects from modifying information Availability Preventing information and resources from being inaccessible when needed Using the CIA Think in terms of the core information security principles How does this threat impact the CIA? What controls can be used to reduce the risk to CIA? If we increase confidentiality, will we decrease availability? Security Governance Security Governance is the organizational processes and relationships for managing risk Policies, Procedures, Standards, Guidelines, Baselines Organizational Structures Roles and Responsibilities Policy Mapping Functional Policies Procedures Standards Guidelines Baselines Laws, Regulations, Requirements, Organizational Goals, Objectives General Organizational Policies Policies Policies are statements of management intentions and goals Senior Management support and approval is vital to success General, high-level objectives Acceptable use, internet access, logging, information security, etc Procedures Procedures are detailed steps to perform a specific task Usually required by policy Decommissioning resources, adding user accounts, deleting user accounts, change management, etc Standards Standards specify the use of specific technologies in a uniform manner Requires uniformity throughout the organization Operating systems, applications, server tools, router configurations, etc Guidelines Guidelines are . | Lecture 29 Information Security Overview The CIA Security Governance Policies, Procedures, etc. Organizational Structures Roles and Responsibilities Information Classification Risk Management The CIA: Information Security Principles Confidentiality Allowing only authorized subjects access to information Integrity Allowing only authorized subjects to modify information Availability Ensuring that information and resources are accessible when needed Reverse CIA Confidentiality Preventing unauthorized subjects from accessing information Integrity Preventing unauthorized subjects from modifying information Availability Preventing information and resources from being inaccessible when needed Using the CIA Think in terms of the core information security principles How does this threat impact the CIA? What controls can be used to reduce the risk to CIA? If we increase confidentiality, will we decrease availability? Security Governance Security Governance is the organizational

Bấm vào đây để xem trước nội dung
TÀI LIỆU LIÊN QUAN
TÀI LIỆU XEM NHIỀU
TÀI LIỆU MỚI ĐĂNG
Đã phát hiện trình chặn quảng cáo AdBlock
Trang web này phụ thuộc vào doanh thu từ số lần hiển thị quảng cáo để tồn tại. Vui lòng tắt trình chặn quảng cáo của bạn hoặc tạm dừng tính năng chặn quảng cáo cho trang web này.