Information Security IBK3IBV01 College 3 Paul J. Cornelisse.
-
Upload
byron-rolf-stanley -
Category
Documents
-
view
215 -
download
0
Transcript of Information Security IBK3IBV01 College 3 Paul J. Cornelisse.
![Page 1: Information Security IBK3IBV01 College 3 Paul J. Cornelisse.](https://reader033.fdocuments.us/reader033/viewer/2022051622/5697bfe41a28abf838cb576b/html5/thumbnails/1.jpg)
Information SecurityIBK3IBV01 College 3
Paul J. Cornelisse
![Page 2: Information Security IBK3IBV01 College 3 Paul J. Cornelisse.](https://reader033.fdocuments.us/reader033/viewer/2022051622/5697bfe41a28abf838cb576b/html5/thumbnails/2.jpg)
Organization of Information Security
The Internal Information Security Organization
![Page 3: Information Security IBK3IBV01 College 3 Paul J. Cornelisse.](https://reader033.fdocuments.us/reader033/viewer/2022051622/5697bfe41a28abf838cb576b/html5/thumbnails/3.jpg)
Organization of Information Security
• To protect their information assets, public and private organizations need to consider how best to manage their information security efforts
![Page 4: Information Security IBK3IBV01 College 3 Paul J. Cornelisse.](https://reader033.fdocuments.us/reader033/viewer/2022051622/5697bfe41a28abf838cb576b/html5/thumbnails/4.jpg)
Organization of Information Security
To ensure comprehensive protection for all the organization’s information, the approach should address information security comprehensively, organization-wide
![Page 5: Information Security IBK3IBV01 College 3 Paul J. Cornelisse.](https://reader033.fdocuments.us/reader033/viewer/2022051622/5697bfe41a28abf838cb576b/html5/thumbnails/5.jpg)
Organization of Information Security
• An enterprise-wide approach also facilitates management oversight and coordination of information security efforts
![Page 6: Information Security IBK3IBV01 College 3 Paul J. Cornelisse.](https://reader033.fdocuments.us/reader033/viewer/2022051622/5697bfe41a28abf838cb576b/html5/thumbnails/6.jpg)
Organization of Information Security
• The design of the information security management framework should ensure it is properly tuned to the operational needs of the organization, which should primarily focus on the management of risks to its information assets
![Page 7: Information Security IBK3IBV01 College 3 Paul J. Cornelisse.](https://reader033.fdocuments.us/reader033/viewer/2022051622/5697bfe41a28abf838cb576b/html5/thumbnails/7.jpg)
Organization of Information Security
• The design of the information security function must provide a management framework
• The framework permits• effective initiation• Implementation• and control
• of information security activities within the organization
![Page 8: Information Security IBK3IBV01 College 3 Paul J. Cornelisse.](https://reader033.fdocuments.us/reader033/viewer/2022051622/5697bfe41a28abf838cb576b/html5/thumbnails/8.jpg)
Organization of Information Security
This includes• Planning• Coordination• management
of major information security projectsas well as
• Monitoring• Measuring• Tracking
![Page 9: Information Security IBK3IBV01 College 3 Paul J. Cornelisse.](https://reader033.fdocuments.us/reader033/viewer/2022051622/5697bfe41a28abf838cb576b/html5/thumbnails/9.jpg)
Organization of Information Security
• As well as overseeing the implementation of all aspects of the organization information security program
![Page 10: Information Security IBK3IBV01 College 3 Paul J. Cornelisse.](https://reader033.fdocuments.us/reader033/viewer/2022051622/5697bfe41a28abf838cb576b/html5/thumbnails/10.jpg)
Organization of Information Security
To have the requisite level of authority, the information security function must• be led by a member of the organization’s
management staff• be positioned in the organizational
management structure where the visibility of information security can be ensured
![Page 11: Information Security IBK3IBV01 College 3 Paul J. Cornelisse.](https://reader033.fdocuments.us/reader033/viewer/2022051622/5697bfe41a28abf838cb576b/html5/thumbnails/11.jpg)
Organization of Information Security
• Today, leadership of the information security organization resides at the executive level with most large organizations.
• The position is that of the Chief Information Security Officer (CISO)
![Page 12: Information Security IBK3IBV01 College 3 Paul J. Cornelisse.](https://reader033.fdocuments.us/reader033/viewer/2022051622/5697bfe41a28abf838cb576b/html5/thumbnails/12.jpg)
Organization of Information Security
• The process of organizing information security must address factors such as • its mission• its composition• its placement within the organizational
structure• its authority towards other elements of the
organization• its responsibilities• the functions it must perform• its lines of communication and coordination
![Page 13: Information Security IBK3IBV01 College 3 Paul J. Cornelisse.](https://reader033.fdocuments.us/reader033/viewer/2022051622/5697bfe41a28abf838cb576b/html5/thumbnails/13.jpg)
Organization of Information Security
• Based on knowledge of the current state of the organization’s information security posture, as well as the future state, organizations must then perform a
• gap analysis • to identify unmet requirements, and a
path forward for meeting them
![Page 14: Information Security IBK3IBV01 College 3 Paul J. Cornelisse.](https://reader033.fdocuments.us/reader033/viewer/2022051622/5697bfe41a28abf838cb576b/html5/thumbnails/14.jpg)
Organization of Information Security
• The organization should clearly define the boundaries of the information security function to address interfaces with other internal elements that perform security-related functions
![Page 15: Information Security IBK3IBV01 College 3 Paul J. Cornelisse.](https://reader033.fdocuments.us/reader033/viewer/2022051622/5697bfe41a28abf838cb576b/html5/thumbnails/15.jpg)
Organization of Information Security
These may include:• information technology operations • personnel security function• privacy staff• the physical security office
![Page 16: Information Security IBK3IBV01 College 3 Paul J. Cornelisse.](https://reader033.fdocuments.us/reader033/viewer/2022051622/5697bfe41a28abf838cb576b/html5/thumbnails/16.jpg)
Organization of Information Security
Relationships should be documented in coordinated operational agreements • charters• concepts of operations or CONOPs• procedures, etc.
![Page 17: Information Security IBK3IBV01 College 3 Paul J. Cornelisse.](https://reader033.fdocuments.us/reader033/viewer/2022051622/5697bfe41a28abf838cb576b/html5/thumbnails/17.jpg)
Organization of Information Security
Management Support• Management must also recognize • its own responsibility for information
security by communicating this fact both in written and oral means
![Page 18: Information Security IBK3IBV01 College 3 Paul J. Cornelisse.](https://reader033.fdocuments.us/reader033/viewer/2022051622/5697bfe41a28abf838cb576b/html5/thumbnails/18.jpg)
Organization of Information Security
It is within management’s purview to ensure that the goals for the security of organization information are established through • strategic and tactical planning • maintained, emphasized, and measured
![Page 19: Information Security IBK3IBV01 College 3 Paul J. Cornelisse.](https://reader033.fdocuments.us/reader033/viewer/2022051622/5697bfe41a28abf838cb576b/html5/thumbnails/19.jpg)
Organization of Information Security
• Management must act to ensure the organization has a mechanism for creating an information security policy that facilitates goal achievement
![Page 20: Information Security IBK3IBV01 College 3 Paul J. Cornelisse.](https://reader033.fdocuments.us/reader033/viewer/2022051622/5697bfe41a28abf838cb576b/html5/thumbnails/20.jpg)
Organization of Information Security
Management must ensure:• the approved information security policy
is properly implemented
and consequently must take action to• ensure that it has a mechanism for
monitoring implementation activities for effectiveness
![Page 21: Information Security IBK3IBV01 College 3 Paul J. Cornelisse.](https://reader033.fdocuments.us/reader033/viewer/2022051622/5697bfe41a28abf838cb576b/html5/thumbnails/21.jpg)
Organization of Information Security
Organizational management must • render appropriate direction and support
for initiatives relating to its information security program
![Page 22: Information Security IBK3IBV01 College 3 Paul J. Cornelisse.](https://reader033.fdocuments.us/reader033/viewer/2022051622/5697bfe41a28abf838cb576b/html5/thumbnails/22.jpg)
Organization of Information Security
• awareness campaign• rollout of a new security strategy• introduction of a new security process or
solutionThrough such efforts, management can promote and foster a culture of security
![Page 23: Information Security IBK3IBV01 College 3 Paul J. Cornelisse.](https://reader033.fdocuments.us/reader033/viewer/2022051622/5697bfe41a28abf838cb576b/html5/thumbnails/23.jpg)
Organization of Information Security
The security of organization information requires a multidisciplinary approach involving:• all organizational elements• personnel
![Page 24: Information Security IBK3IBV01 College 3 Paul J. Cornelisse.](https://reader033.fdocuments.us/reader033/viewer/2022051622/5697bfe41a28abf838cb576b/html5/thumbnails/24.jpg)
• engage expertise available within the organization to include:• the general counsel• public affairs• facility security and
engineering• personnel security• union management• human resources• Training• Contracting
• Finance• internal audit• information technology
operations• system development• capital planning• Insurance• enterprise architecture• Privacy• and records
management
Organization of Information Security
![Page 25: Information Security IBK3IBV01 College 3 Paul J. Cornelisse.](https://reader033.fdocuments.us/reader033/viewer/2022051622/5697bfe41a28abf838cb576b/html5/thumbnails/25.jpg)
The objective of cross-organization coordination should be collaboration and cooperation.
Organization of Information Security
![Page 26: Information Security IBK3IBV01 College 3 Paul J. Cornelisse.](https://reader033.fdocuments.us/reader033/viewer/2022051622/5697bfe41a28abf838cb576b/html5/thumbnails/26.jpg)
Organization of Information Security
Contact with AuthoritiesContact with Special Interest GroupsManagement AuthorizationConfidentiality AgreementsExternal PartiesAssessment of External Risks
![Page 27: Information Security IBK3IBV01 College 3 Paul J. Cornelisse.](https://reader033.fdocuments.us/reader033/viewer/2022051622/5697bfe41a28abf838cb576b/html5/thumbnails/27.jpg)
Volgende week: Cryptology
Sleep de afbeelding naar de tijdelijke aanduiding of klik op het pictogram als u een afbeelding wilt toevoegen
![Page 28: Information Security IBK3IBV01 College 3 Paul J. Cornelisse.](https://reader033.fdocuments.us/reader033/viewer/2022051622/5697bfe41a28abf838cb576b/html5/thumbnails/28.jpg)