Upload File

lecture 30 information security (cont’d). overview organizational structures roles and...

  • Home
  • Documents
  • Lecture 30 Information Security (Cont’d). Overview Organizational Structures Roles and Responsibilities Information Classification Risk Management 2
15
Lecture 30 Information Security (Cont’d)

Upload: alice-gaines

Post on 25-Dec-2015

218 views

Category:

Documents


0 download

Report

Tags:

TRANSCRIPT

Page 1: Lecture 30 Information Security (Cont’d). Overview Organizational Structures Roles and Responsibilities Information Classification Risk Management 2

Lecture 30Information Security (Cont’d)

Page 2: Lecture 30 Information Security (Cont’d). Overview Organizational Structures Roles and Responsibilities Information Classification Risk Management 2

Overview

• Organizational Structures

• Roles and Responsibilities

• Information Classification

• Risk Management

2

Page 3: Lecture 30 Information Security (Cont’d). Overview Organizational Structures Roles and Responsibilities Information Classification Risk Management 2

Organizational Structure

• Organization of and official responsibilities for security vary– BoD, CEO, BoD Committee– Director, Manager

• IT/IS Security• Audit

3

Page 4: Lecture 30 Information Security (Cont’d). Overview Organizational Structures Roles and Responsibilities Information Classification Risk Management 2

Typical Org Chart

4

Board of Directors/Trustees President

CIO

Security Director

ProjectSecurity Architect

EnterpriseSecurity Architect

Security Analyst System Auditor

Page 5: Lecture 30 Information Security (Cont’d). Overview Organizational Structures Roles and Responsibilities Information Classification Risk Management 2

Security-Oriented Org Chart

5

Board of Directors/Trustees President

CIO

Security Director

ProjectSecurity Architect

EnterpriseSecurity Architect

Security AnalystSystem Auditor

IT Audit Manager

Page 6: Lecture 30 Information Security (Cont’d). Overview Organizational Structures Roles and Responsibilities Information Classification Risk Management 2

Further Separation

6

Audit Committee

Board of Directors/Trustees President

CIO

Security Director

ProjectSecurity Architect

EnterpriseSecurity Architect

Security AnalystSystem Auditor

IT Audit Manager

Internal Audit

Page 7: Lecture 30 Information Security (Cont’d). Overview Organizational Structures Roles and Responsibilities Information Classification Risk Management 2

Organizational Structure

• Audit should be separate from implementation and operations– Independence is not compromised

• Responsibilities for security should be defined in job descriptions

• Senior management has ultimate responsibility for security

• Security officers/managers have functional responsibility

7

Page 8: Lecture 30 Information Security (Cont’d). Overview Organizational Structures Roles and Responsibilities Information Classification Risk Management 2

Roles and Responsibilities

• Best Practices:– Least Privilege– Mandatory Vacations– Job Rotation– Separation of Duties

8

Page 9: Lecture 30 Information Security (Cont’d). Overview Organizational Structures Roles and Responsibilities Information Classification Risk Management 2

Roles and Responsibilities

• Owners– Determine security requirements

• Custodians– Manage security based on requirements

• Users– Access as allowed by security requirements

9

Page 10: Lecture 30 Information Security (Cont’d). Overview Organizational Structures Roles and Responsibilities Information Classification Risk Management 2

Information Classification

• Not all information has the same value

• Need to evaluate value based on CIA• Value determines protection level• Protection levels determine procedures• Labeling informs users on handling

10

Page 11: Lecture 30 Information Security (Cont’d). Overview Organizational Structures Roles and Responsibilities Information Classification Risk Management 2

Information Classification

• Government classifications:– Top Secret– Secret– Confidential– Sensitive but Unclassified– Unclassified

11

Page 12: Lecture 30 Information Security (Cont’d). Overview Organizational Structures Roles and Responsibilities Information Classification Risk Management 2

Information Classification

• Private Sector classifications:– Confidential– Private– Sensitive– Public

12

Page 13: Lecture 30 Information Security (Cont’d). Overview Organizational Structures Roles and Responsibilities Information Classification Risk Management 2

Information Classification

• Criteria:– Value– Age– Useful Life– Personal Association

13

Page 14: Lecture 30 Information Security (Cont’d). Overview Organizational Structures Roles and Responsibilities Information Classification Risk Management 2

Risk Management

• Risk Management is identifying, evaluating, and mitigating risk to an organization– It’s a cyclical, continuous process– Need to know what you have– Need to know what threats are likely– Need to know how and how well it is protected– Need to know where the gaps are

14

Page 15: Lecture 30 Information Security (Cont’d). Overview Organizational Structures Roles and Responsibilities Information Classification Risk Management 2

Identification

• Assets• Threats

– Threat-sources: man-made, natural

• Vulnerabilities– Weakness

• Controls– Safeguard

15


GAO-04-823 Federal Chief Information Officers: Responsibilities

ESTIMATES - barbadosparliament.com · CONTENTS – Cont’d iii Head 22 – Ministry of Information, Broadcasting and Public Affairs Cont’d. 0046 – Government Information Services

Right to Information Act 2005 Obligations & Responsibilities

CORPORATE GOVERNANCE STATEMENT - lattree.com Statement.pdf · corporate governance statement (cont’d) 12 establish clear roles and responsibilities of the board and management (cont’d)

Career in Pharmacy Information - Roles and Responsibilities

Homeland Security: Information Sharing Responsibilities

SQL (cont’d)

Information Article Typical Roles & Responsibilities ...€¦ · Information Article Typical Roles & Responsibilities during (Aircraft Related) Emergency Response Operations ... Cabin

Principles of Information Security, Fourth Edition · 2017. 9. 28. · Principles of Information Security, Fourth Edition 4. The 1970s and 80s (cont’d.) •Information security

Safety & Instruction Manual Triumph Muzzleloading Rifle · 6 your safety responsibilities cont’d • always use the correct combination of load components for your particular muzzleload-ing

The Auditor’s Responsibilities Relating to Other ......Other Information Included in Annual Reports 1205 AU-CSection720 The Auditor’s Responsibilities Relating to Other Information

Information Management Responsibilities and …...NSW Information Management Responsibilities and Accountability - Guidance Page 6 of 19 3. This document provides guidance, which will

Distributed Information Processing - SNUdcslab.snu.ac.kr/courses/dip2016f/Lecture/Lecture24.pdf · Distributed Information Processing 23rd Lecture ... Map Reduce Overview Cont’d

Immigration Information & Your Responsibilities

Information and Communication Technologies (ICT)Sustaining ...juliascapstonepreservingthenextgeneration.yolasite.com/... · Professional Development Cont’d. In addition, I will

Roles and Responsibilities Intent Information€¦ · Flight Deck simulation evaluations. Roles and Responsibilities Intent Information The DAG En Route Free Maneuvering concept placed

City of San Diego City Council · 2017-07-26 · Disclosure Responsibilities under the Federal Securities Laws Brief Chronology (cont’d.) • General Disclosure Counsel has conducted

Cost Transfers - Research Administration · 2017-09-25 · Be cognizant of basic policy, regulatory and other requirements. 7 Preparers’ Responsibilities cont’d ... High volume/low

Year 5 Information Session and Professional Responsibilities

Statement on Corporate GovernanCe...Statement on Corporate GovernanCe (Cont’D)for the Financial Year ended 31 December 2015 recommendation 1.2 Clear roles and responsibilities the

Evaluation, cont’d

Information Management Responsibilities and Accountability ... · PDF fileNSW Information Management Responsibilities and Accountability - Guidance Page 2 of 19 Document Control Document

Abstraction (Cont’d)

Freedom of Information (Cont’d)

Corporate InformatIon Cont’d - MalaysiaStock.Biz AnnuAl REpoRT 2016 3 Corporate InformatIon Cont’d ... System), an r&D agency for ... equity & property Investments and Hajj management

CHIEF INFORMATION OFFICERS EVOLVING ROLES AND RESPONSIBILITIES

24200 - New Jersey · 24200 RANCOCAS VALLEY REGIONAL HIGH SCHOOL DISTRICT Table of Contents (Cont’d) Page Other Supplementary Information (Cont’d) H. Fiduciary Funds: H-1 Combining

Vendor Call Process for Qualified Vendor Services · Qualified Vendor Roles and Responsibilities Service Notifications cont’d Selecting this option will bring up additional Information:

Chapter 2 Nursing Process - WordPress.com€¦ · Steps of the Nursing Process (cont’d) •Assessment (cont’d) –Types of data (cont’d) oSubjective data: information only client

Support Coordination and Provider Responsibilities for ... · Support Coordination Responsibilities (cont’d) Monitor weather warnings, watches, and evacuation orders. All agency

The Auditor's Responsibilities Relating to Other Information in

Chapter 18 The Chief Information Officer’s Role and Responsibilities

Audit Reports. PA’s Professional Responsibilities When associated with information, responsibilities include the following: Applicable standards in the

SPECIAL EDUCATION RIGHTS AND RESPONSIBILITIES Information on Evaluations/Assessments 2 - i SPECIAL EDUCATION RIGHTS AND RESPONSIBILITIES Chapter 2 Information on Evaluations/Assessments

ESSAYS CONT’D