ITM 517 Module 1 Case
Module 1 - Home
INFORMATION SECURITY MANAGEMENT FRAMEWORKS
Modular Learning Outcomes
Upon successful completion of this module, the student will be able to satisfy the following outcomes:
· Case
· Describe the frameworks that help manage information security.
· Explain the importance of using frameworks to manage information security.
· SLP
· Apply the learned frameworks to your own organization and your personal life.
· Discussion
· Assess the importance of information security management and its challenges.
Module Overview
The importance of information security is so well recognized now at both the organizational and person levels that there is even no need to argue against it. The main question is how to manage information security.
In this module, we start answering the "how" question by looking into the big picture. What are the key components of information security management? Is it the technology that matters the most? What is the roadmap to help manage and analyze information security? What is the most important principle?
Information technology changes at such a fast pace that is even difficult to for the professionals to keep up with. Information security issues linked to the fast-changing technology give even bigger headaches. As a manager and policy maker, should you go after the detailed technological features and security issues? Or should you develop a mindset and a roadmap that helps you develop flexible yet resilient processes to handle the security management?
This module will introduce you frameworks and a major principle that serve as the roadmap to help you cruise through the information security maze.
Module 1 - Background
INFORMATION SECURITY MANAGEMENT FRAMEWORKS
Required Reading
PowerPoint Presentation on Information Security Management Framework.
NIST (2011). Managing Information Security Risk—Organization, Mission and Information System View. National Institute of Standards and Technology Special Publication 800–39.
NIST (2011). Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations. National Institute of Standards and Technology Special Publication 800–137. Retrieved from http://csrc.nist.gov/publications/nistpubs/800-137/SP800-137-Final.pdf
Ma, Q., Schmidt, M. B., & Pearson, J. M. (2009). An integrated framework for information security management. Review of Business, 30(1), 58–69. (TUI Online Library: ProQuest)
Johnson, E., & Goetz, E. (2007). Embedding Information Security into the Organization. IEEE Security & Privacy, May/June 2007.
Business Software Alliance. (2016). Seizing opportunity through license compliance. Retrieved from http://globalstudy.bsa.org/2016/downloads/studies/BSA_GSS_US.pdf
Comparison of OSI to TCP/IP
http://www.youtube.com/watch?v=SII38b0RJr8
http://www.youtube.com/watch?v=RbY8Hb6abbg
http://www.nbcnews.com/id/18095186/#.US6xslfuqLU