Research paper on data breach

srk007

Chapter7v21.pptx

Home >Information Systems homework help >Research paper on data breach

Security Policies and Implementation Issues

Lecture 5

How to Design, Organize, Implement, and Maintain IT Security Policies

www.jblearning.com

Page ‹#›

Security Policies and Implementation Issues

www.jblearning.com

Learning Objective

Describe how to design, organize, implement, and maintain IT security policies.

Page ‹#›

Security Policies and Implementation Issues

www.jblearning.com

9/24/2017

Key Concepts

Core principles of policy and standards design

Implementing policy and libraries

Policy change control board purpose and roles

Business drivers for policy and standards changes

Best practices for policy management and maintenance

Page ‹#›

Security Policies and Implementation Issues

www.jblearning.com

9/24/2017

Who, what, when, where, why and How?

Youtube : The Electric Company, The Good Charlotte

Page ‹#›

Security Policies and Implementation Issues

www.jblearning.com

9/24/2017

Architectural Operating Model: Four Business Model Concepts

Page ‹#›

Security Policies and Implementation Issues

www.jblearning.com

Diversified

Technology solution has a low level of integration and standardization with the enterprise.

Exchange of data and use of services outside the business unit itself is minimal.

Coordinated

Technology solution shares data across the enterprise.

Level of shared services and standardization are minimal.

Replicated

Technology solution shares services across the enterprise.

Level of data sharing is minimal.

Unified

Technology solution both shares data and has standardized services across the enterprise.

9/24/2017

Diversified

Coordinated

Replicated

Unified

This book explains ways to analyze and categorize the primary operating model of he business based on 4 key concepts that we will be reviewing to understand how IT Policies and Standards align.

Why? By focusing on the business model and processes in which the company must execute well, this model provides a baseline approach to understand IT systems needed to digitize or level of automation for those processes.

Examples in the book include companies around he world that are profiled by the authors to illustrates how constructing the right enterprise architecture can enhance profitability and time to market, facilitate competitive positioning and improves strategy execution, and includes how it may impact IT costs.

Enterprise Architecture As A Strategy: Creating a Foundation for Business Execution

Page ‹#›

Security Policies and Implementation Issues

www.jblearning.com

Aligning Operating Model Concepts

Page ‹#›

Security Policies and Implementation Issues

www.jblearning.com

Policy and Standards Development Core Principals

Page ‹#›

Security Policies and Implementation Issues

www.jblearning.com

9/24/2017

Accountability

Awareness

Ethics

Multidisciplinary

Proportionality

Integration

Policy and Standards Development Core Principals (Continued)

Page ‹#›

Security Policies and Implementation Issues

www.jblearning.com

9/24/2017

Defense in Depth

Timeliness

Reassessment

Democracy

Internal Control

Adversary

Policy and Standards Development Core Principals (Continued)

Page ‹#›

Security Policies and Implementation Issues

www.jblearning.com

9/24/2017

Least Privilege

Separation of Duties

Continuity

Simplicity

Policy-Centered Security

Transparency with Customer Data

Page ‹#›

Security Policies and Implementation Issues

www.jblearning.com

Transparency

Individual

Participation

Purpose

Specification

Use Limitation

Data Minimization

Security Controls Categorization Schemes

Page ‹#›

Security Policies and Implementation Issues

www.jblearning.com

What is the control?

What does the control do?

Administrative controls

Technical controls

Physical controls

Preventive security controls

Detective or response controls

Corrective controls

Recovery controls

IS0/IEC 27002

IS0IEC 27002 Notice Board

http://www.iso27001security.com/html/27002.html

Page ‹#›

Security Policies and Implementation Issues

www.jblearning.com

Understanding Taxonomy

Introduction to ISO 15926, April 14, 2014, http://infowebml.ws/intro/index.htm

Page ‹#›

Security Policies and Implementation Issues

www.jblearning.com

A Policy and Standards Library Taxonomy

Page ‹#›

Security Policies and Implementation Issues

www.jblearning.com

9/24/2017

A Policy and Standards Library Taxonomy (Continued)

Page ‹#›

Security Policies and Implementation Issues

www.jblearning.com

Control standards branch out from the Access Control (IS-POL-800) framework policy.

9/24/2017

A Policy and Standards Library Taxonomy (Continued)

Page ‹#›

Security Policies and Implementation Issues

www.jblearning.com

Baseline standards and procedures provide additional branches of the library tree.

9/24/2017

A Policy and Standards Library Taxonomy (Continued)

Page ‹#›

Security Policies and Implementation Issues

www.jblearning.com

Guidelines provide additional branches of the library tree.

9/24/2017

Implementing Policies and Libraries

Page ‹#›

Security Policies and Implementation Issues

www.jblearning.com

Implementing your policies and libraries entails three major steps:

• Reviews and approvals for your documents

• Publication of the documents

• Awareness and training

9/24/2017

Build Consensus

Publication

Awareness Training

Reviews/ Approvals

Members of the Policy Change Control Board

Information Security

Compliance Management

Auditing

Human Resources (HR)

Leadership from the key information business units

Project Managers (PMs)

Page ‹#›

Security Policies and Implementation Issues

www.jblearning.com

Members come from functional areas of the organization.

The roles for each member would be to approve changes to the policies, reflecting alignment to business objectives.

Each functional area oversee policies pertaining to their perspective area of responsibility, while they also play a role in the approval of policy changes that effect the organization as a whole.

9/24/2017

Policy Change Control Board

Page ‹#›

Security Policies and Implementation Issues

www.jblearning.com

9/24/2017

Assess policies/ standards and recommend changes

Coordinate requests for change (RFCs)

Ensure that changes support organization’s mission and goals

Review requested changes

Establish change management process

Best Practices for Policy Maintenance

Page ‹#›

Security Policies and Implementation Issues

www.jblearning.com

9/24/2017

Updates and revisions

Exceptions and waivers

Request from users and management

Changes to the organization

Business Drivers for Policy and Standards Changes

Page ‹#›

Security Policies and Implementation Issues

www.jblearning.com

Business-as-usual developments

Business exceptions

Business innovations

Business technology innovations

Strategic changes

Summary

Core principles of policy and standards design

Implementing policy and libraries

Policy change control board purpose and roles

Business drivers for policy and standards changes

Best practices for policy management and maintenance

Page ‹#›

Security Policies and Implementation Issues

www.jblearning.com

9/24/2017