CIS 377 Mid Term (Towson)

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Security Awareness

Security Awareness -- One of the least frequently implemented, but most beneficial programs is the security awareness program. A security awareness program is designed to keep information security at the forefront of the users'

Security Education

Security Education -- Everyone in an organization needs to be trained and aware of information security, but not every member of the organization needs a formal degree or certificate in information security.

Security as ...

Security as Art Security as Science Security as a Social Science

Security Training

Security training -- involves providing members of the organization with detailed information and hands-on instruction designed to prepare them to perform their duties securely.

Standards

Standards - are more detailed statements of what must be done to comply with policy. They have the same requirement for compliance as policy. The level of acceptance of standards may be informal, as in de facto standards. Or standards may be published, scrutinized, and ratified by a group, as in formal or de jure standards.

Team members:

Team members: Managers or their representatives from the various communities of interest: business, IT, and information security.

in some systems, capability tables are called user profiles or user policies.

Who can use the system • What authorized users can access • When authorized users can access the system • Where authorized users can access the system from

National Institute of Standards and Technology's Special Publication 800-14, management must define three types of security policy:

• Enterprise information security policies • Issue-specific security policies • Systems-specific security policies

Components of IS

•Hardware • Software • Data • Procedures • Telecommunication • People

International Information Systems Security Certification Consortium, Inc. (ISC)2

(ISC)2 (www.isc2.org) is a nonprofit organization that focuses on the development and implementation of information security certifications and credentials.

Policy versus Law

...

Access control lists (ACLs)

ACLS ... consist of the user access lists, matrices, and capability tables that govern the rights and privileges of users. A capability table specifies which subjects and objects users or groups can access

Association of Computing Machinery (ACM)

ACM (www.acm.org) is a respected professional society, originally established in 1947, as "the world's first educational and scientific computing society."

Contingency planning (CP) is conducted by the organization to

CP is to prepare for, react to, and recover from events that threaten the security of information and information assets in the organization. Contingency planning team members:

Champion:

Champion: A high-level manager who supports, promotes, and endorses the findings of the project

Civil law

Civil law represents a wide variety of laws that govern a nation or state and deal with the relationships and conflicts between organizational entities and people.

Communications

Communications: security to protect an organization's communications media, technology, and content

Criminal law

Criminal Law addresses violations harmful to society and is actively enforced by the state.

Ethics,

Ethics in turn, are based on cultural mores, which are the fixed moral attitudes or customs of a particular group. Some ethics are recognized as universal among cultures.

ISACA (www.isaca.org) is a professional association with a focus on auditing, control, and security. Although it does not focus exclusively on information security, the Certified Information Systems Auditor (CISA) certification does contain many information security components.

ISACA is a professional association with a focus on auditing, control, and security. Although it does not focus exclusively on information security, the Certified Information Systems Auditor (CISA) certification does contain many information security components.

ISSA (www.issa.org)

ISSA is a nonprofit society of information security professionals. As a professional association, its primary mission is to bring together qualified practitioners of information security for information exchange and educational development.

Plans for events of this type include: (a bad event)

Incident response plans (IRPs) • Disaster recovery plans (DRPs) • Business continuity plans (BCPs)

Laws

Laws are rules that mandate or prohibit certain behavior in society. They are drawn from ethics, which define socially acceptable behaviors.

Managers in the IT ...

Managers IT -- and information security communities are called on to provide strategic planning to assure the continuous availability of information systems.

Mission (of an organization)

Mission (of an organization) - is a written statement of an organization's purpose. The vision of an organization is a written statement about the organization's goals. Strategic planning is the process of moving the organization towards its vision.

Network security

Network security: to protect networking components, connections, and contents Information security to protect information assets

Operations security

Operations security: to protect the details of a particular operation or series of activities

Personal security

Personal security: to protect the individual or group of individuals who are authorized to access the organization and its operations

Physical security

Physical security: to protect the physical items, objects, or areas of an organization from unauthorized access and misuse

For a policy to be effective and legally enforceable, it must be ...

Policy ... properly disseminated, read, understood, agreed to, and enforced equally upon all members of the organization.

Private law

Private law regulates the relationship between the individual and the organization, and encompasses family law, commercial law, and labor law. Principles of Information Security, 3rd Edition 3-5

Project manager:

Project manager: Leads the project and makes sure a sound project planning process is used, a complete and useful project plan is developed, and project resources are prudently managed

Public law

Public law regulates the structure and administration of government agencies and their relationships with citizens, employees, and other governments, providing careful checks and balances. Examples of public law include criminal, administrative, and constitutional law.

SANS (www.sans.org)

SANS is a professional organization with a large membership dedicated to the protection of information and systems. SANS offers a set of certifications called the Global Information Assurance Certification or GIAC. Information Systems Audit and Control Association (ISACA)

Policy

A plan or course of action used to convey instructions from an organization's senior-most management to those who make decisions, take actions, and perform other duties. Policies are organizational laws in that they dictate acceptable and unacceptable behavior within the context of the organization's culture. Like laws, policies must contain information on what is right and wrong, what the penalties are for violating policy, and what the appeal process is.


Ensembles d'études connexes

Audio and Video: IMDb Scavenger Hunt

View Set

Ch.28: Disorders of Cardiac Conduction and Rhythm

View Set

Art Chapter 4, Art Exam 1-5, chapter 13 art, Quiz Chapters 3-4, Quiz Chapters 5-7, Chapters 12-14, Chapters 15-17, Chapters 18-20, Chapters 21-22, Chapters 23-24, Chapters 25-27, Chapter 5, Chapter 6, Chapter 7, Chapter 8, Chapter 9, Chapter 10

View Set

Pharm - Chapter 23 - Antianginal Drugs

View Set

Abundant Metal Chemistry and Properties

View Set

Case 11: Organophosphate Poisoning

View Set

N5 History - The Atlantic Slave Trade 1770-1807

View Set