information security management role of management
TRANSCRIPT
-
8/3/2019 Information Security Management Role of Management
1/9
Barriers to Security
Organizational characteristics
Lack of structure
Business environment
Culture
Lack of Standard Operating Procedures
Lack of Education, Training, and Awareness
Lack of understanding/appreciation oftechnology
Lack of leadership from senior management
-
8/3/2019 Information Security Management Role of Management
2/9
Managements Role in
Information Security Total/Perfect security is a myth
Critical Asset Identification
Initial Risk Assessment
Risk Assessment as a continuous process
Creating a security team
Initiate and actively participate in planning/design/documentation/testing of security policy
Initiate and actively participate in planning/design/documentation/testing ofrecovery/response policy
-
8/3/2019 Information Security Management Role of Management
3/9
Managements Role in
Information Security Actively involved in establishing standard
operating procedures
Developing and maintaining an appropriate
organizational culture
Ensure employees are educated and trained
regarding importance of following security policy
Have an understanding of what each securitytool proposed by IT team can do or cannot do
-
8/3/2019 Information Security Management Role of Management
4/9
Managements Role in
Information Security Have a good control environment
Physical controls
Data/Content control Implementation control (outsourcing)
Operations/Administrative Control
Application Controls specific to individual
system components/applications
(e.g., Limiting e-mail attachments)
-
8/3/2019 Information Security Management Role of Management
5/9
Managements Role in
Information Security Recognize that security is a socio-
technical issue
Recognize that security requires an end-to-end view of business processes
Achieve a balanced approach to security one that does not solely focus on
technological solutions Recognize that security rests on three
cornerstones
-
8/3/2019 Information Security Management Role of Management
6/9
Three Cornerstones: Technology
Have an understanding/appreciation oftechnology Firewalls
IDS/IPS systems
Antivirus/Security Patches
Symmetric and Public Key Cryptography towardsconfidentiality, authentication, integrity and non-repudiation
Secure servers
VPNs
Evaluation of potential technology acquisitions basedon their impact on security
-
8/3/2019 Information Security Management Role of Management
7/9
Three Cornerstones: Organization
Organizational characteristics typically
under the control of organization
Structure Business environment
Culture
Policies and Responses
Standard Operating Procedures
Education, Training, and Awareness
-
8/3/2019 Information Security Management Role of Management
8/9
Three Cornerstones: Critical Infrastructure
Infrastructure that are so vital that their
damage or destruction would have a
debilitating impact on the physical or
economic security of the country
Telecommunications
Banking
Energy
-
8/3/2019 Information Security Management Role of Management
9/9
What is Managements role?
Management ties everything together
Responsibility
Ownership
TechnologyInfrastructure
Organization
Management
Security is a Mindset, not a service. It must be a part of
all decisions and implementations.