1 / 11

Chapter 7

Chapter 7. Security Management Controls. Introduction.

carnig
Télécharger la présentation

Chapter 7

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 7 Security Management Controls

  2. Introduction Information systems security administrators are responsible for ensuring that information systems assets are secure. Assets are secure when the expected losses that will occur that threats eventuating over some time period at an acceptable level.

  3. The information systems assets we must protect via security measures can be classified in two ways (figure 7-1 p. 244): • The physical assets comprise personnel, hardware (including storage media & peripherals), facilities, supplies and documentation • The logical assets comprise data/information & software

  4. In this chapter, however, we focus on the work usually performed by information systems security administrators. Although their specific functions vary across organizations, they tend to be responsible for controls over: • Both malicious & nonmalicious threats to physical assets • Malicious threats to logical assets

  5. Conducting A Security Program A security program is a series of ongoing, regular, periodic reviews conducted to ensure that assets associated with the information systems function are safeguarded adequately.

  6. Eight major steps to be undertaken when conducting a security review (figure 7-3 p. 246): • Preparation of a project plan • Identification of assets • Valuation of assets • Threats identification • Threats likelihood assessment • Exposures analysis • Controls adjustment • Report preparation

  7. Major Security Threats & Remedial Measures Nine major threats to the security of information systems assets are: • Fire • Water • Energy variations • Structural damage

  8. Pollution • Unauthorized intrusion • Viruses & worms • Misuse of software, data & services • Hackers

  9. Controls of Last Resort In spite of safeguards that might be implemented, the information systems function still could suffer a disaster. Two controls of last resort must take effect: • A disaster recovery plan • Insurance

  10. Some Organizational Issues Depending on the size of an organization and its reliance on its information systems function, the security – administration role can occupy four possible positions within the organizational hierarchy (figure 7-11 p. 272).

  11. Security policies and procedures must be adapted to take into account the dispersal of sometimes critical information systems resouces and the different circumstances in which micro – computers might be used. Whatever the particular organizational circumstances in which security administrators must function, however, top management must define its authority and allocate its responsibilities carefully.

More Related