SlideShare uma empresa Scribd logo

Information security policy_2011

Transferir como PPT, PDF
C
codka

Management of information security

1 de 40
MCM2613/MCS1433 IT Security Management Policy, Standards, and Practice
Introduction ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Why Policy? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Figure 4-1 The Bulls-eye Model
Policy Centric Decision Making ,[object Object],[object Object],[object Object],[object Object],[object Object]
Policies, Standards, & Practices
Policy, Standards, and Practices ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Policy, Standards, and Practices (Continued) ,[object Object],[object Object],[object Object],[object Object],[object Object]
Enterprise Information Security Policy (EISP) ,[object Object],[object Object],[object Object]
EISP Elements ,[object Object],[object Object],[object Object],[object Object],[object Object]
Components of the EISP ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Example EISP ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Example EISP (Continued) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Issue-Specific Security Policy (ISSP) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Typical ISSP Components ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Components of the ISSP (Continued) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Implementing ISSP ,[object Object],[object Object],[object Object],[object Object],[object Object]
 
Systems-Specific Policy (SysSP) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Management Guidance SysSPs ,[object Object],[object Object],[object Object],[object Object]
Technical Specifications SysSPs ,[object Object],[object Object],[object Object],[object Object],[object Object]
Access Control Lists ,[object Object],[object Object],[object Object],[object Object],[object Object]
Configuration Rules ,[object Object],[object Object],[object Object]
Combination SysSPs ,[object Object],[object Object],[object Object]
Guidelines for Policy Development ,[object Object],[object Object],[object Object],[object Object]
The Policy Project ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Investigation Phase ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Analysis Phase ,[object Object],[object Object],[object Object]
Design Phase ,[object Object],[object Object],[object Object],[object Object],[object Object]
Implementation Phase ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Readability Statistics Example
Maintenance Phase ,[object Object],[object Object],[object Object]
The Information Security Policy Made Easy Approach (ISPME) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Figure 4-11 Coverage Matrix
ISPME Checklist ,[object Object],[object Object],[object Object],[object Object]
ISPME Next Steps ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
ISPME Next Steps (Continued) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
SP 800-18: Guide for Developing Security Plans ,[object Object],[object Object],[object Object],[object Object]
SP 800-18: Guide for Developing Security Plans (Continued) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
A Final Note on Policy ,[object Object],[object Object],[object Object],[object Object],[object Object]

Recomendados

Security policy
Security policySecurity policy
Security policy
Dhani Ahmad
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standards
primeteacher32
 
Security risk management
Security risk managementSecurity risk management
Security risk management
G Prachi
 
information security management
information security managementinformation security management
information security management
Gurpreetkaur838
 
Information security management system
Information security management systemInformation security management system
Information security management system
Arani Srinivasan
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3
Dam Frank
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & process
Information Technology Society Nepal
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessment
CAS
 

Recomendados

Security policy
Security policySecurity policy
Security policy
Dhani Ahmad
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standards
primeteacher32
 
Security risk management
Security risk managementSecurity risk management
Security risk management
G Prachi
 
information security management
information security managementinformation security management
information security management
Gurpreetkaur838
 
Information security management system
Information security management systemInformation security management system
Information security management system
Arani Srinivasan
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3
Dam Frank
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & process
Information Technology Society Nepal
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessment
CAS
 
Security policies
Security policiesSecurity policies
Security policies
Nishant Pahad
 
Information security governance
Information security governanceInformation security governance
Information security governance
Koen Maris
 
Information Security Blueprint
Information Security BlueprintInformation Security Blueprint
Information Security Blueprint
Zefren Edior
 
Information security management
Information security managementInformation security management
Information security management
UMaine
 
Information security
Information securityInformation security
Information security
avinashbalakrishnan2
 
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementDomain 1 - Security and Risk Management
Domain 1 - Security and Risk Management
Maganathin Veeraragaloo
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security
Shreedevi Tharanidharan
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management
Ersoy AKSOY
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
Dr. Loganathan R
 
Secure by Design - Security Design Principles for the Rest of Us
Secure by Design - Security Design Principles for the Rest of UsSecure by Design - Security Design Principles for the Rest of Us
Secure by Design - Security Design Principles for the Rest of Us
Eoin Woods
 
Design of security architecture in Information Technology
Design of security architecture in Information TechnologyDesign of security architecture in Information Technology
Design of security architecture in Information Technology
trainersenthil14
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecurity
learnt
 
Information security
Information securityInformation security
Information security
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
Enterprise Security Architecture Design
Enterprise Security Architecture DesignEnterprise Security Architecture Design
Enterprise Security Architecture Design
Priyanka Aash
 
Security architecture
Security architectureSecurity architecture
Security architecture
Duncan Unwin
 
SABSA Implementation(Part VI)_ver1-0
SABSA Implementation(Part VI)_ver1-0SABSA Implementation(Part VI)_ver1-0
SABSA Implementation(Part VI)_ver1-0
Maganathin Veeraragaloo
 
A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy
Allen Baranov
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays world
Sibghatullah Khattak
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practices
amiable_indian
 
Information Security It's All About Compliance
Information Security It's All About ComplianceInformation Security It's All About Compliance
Information Security It's All About Compliance
Dinesh O Bareja
 
Policy formation and enforcement.ppt
Policy formation and enforcement.pptPolicy formation and enforcement.ppt
Policy formation and enforcement.ppt
ImXaib
 
Developing an Information Security Program
Developing an Information Security ProgramDeveloping an Information Security Program
Developing an Information Security Program
Shauna_Cox
 

Mais conteúdo relacionado

Mais procurados

Information security management
Information security managementInformation security management
Information security management
UMaine
 
Secure by Design - Security Design Principles for the Rest of Us
Secure by Design - Security Design Principles for the Rest of UsSecure by Design - Security Design Principles for the Rest of Us
Secure by Design - Security Design Principles for the Rest of Us
Eoin Woods
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecurity
learnt
 

Mais procurados (20)

Security policies
Security policiesSecurity policies
Security policies
 
Information security governance
Information security governanceInformation security governance
Information security governance
 
Information Security Blueprint
Information Security BlueprintInformation Security Blueprint
Information Security Blueprint
 
Information security management
Information security managementInformation security management
Information security management
 
Information security
Information securityInformation security
Information security
 
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementDomain 1 - Security and Risk Management
Domain 1 - Security and Risk Management
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
 
Secure by Design - Security Design Principles for the Rest of Us
Secure by Design - Security Design Principles for the Rest of UsSecure by Design - Security Design Principles for the Rest of Us
Secure by Design - Security Design Principles for the Rest of Us
 
Design of security architecture in Information Technology
Design of security architecture in Information TechnologyDesign of security architecture in Information Technology
Design of security architecture in Information Technology
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecurity
 
Information security
Information securityInformation security
Information security
 
Enterprise Security Architecture Design
Enterprise Security Architecture DesignEnterprise Security Architecture Design
Enterprise Security Architecture Design
 
Security architecture
Security architectureSecurity architecture
Security architecture
 
SABSA Implementation(Part VI)_ver1-0
SABSA Implementation(Part VI)_ver1-0SABSA Implementation(Part VI)_ver1-0
SABSA Implementation(Part VI)_ver1-0
 
A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays world
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practices
 
Information Security It's All About Compliance
Information Security It's All About ComplianceInformation Security It's All About Compliance
Information Security It's All About Compliance
 

Semelhante a Information security policy_2011

Policy formation and enforcement.ppt
Policy formation and enforcement.pptPolicy formation and enforcement.ppt
Policy formation and enforcement.ppt
ImXaib
 
is_1_Introduction to Information Security
is_1_Introduction to Information Securityis_1_Introduction to Information Security
is_1_Introduction to Information Security
SARJERAO Sarju
 
For our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdfFor our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdf
alokkesh
 
1chapter42BaseTech Principles of Computer Securit.docx
1chapter42BaseTech Principles of Computer Securit.docx1chapter42BaseTech Principles of Computer Securit.docx
1chapter42BaseTech Principles of Computer Securit.docx
durantheseldine
 
Ch09 Information Security Best Practices
Ch09 Information Security Best PracticesCh09 Information Security Best Practices
Ch09 Information Security Best Practices
phanleson
 
There are two general types of data dictionaries a database manag
There are two general types of data dictionaries a database managThere are two general types of data dictionaries a database manag
There are two general types of data dictionaries a database manag
GrazynaBroyles24
 
Importanceofasecuritypolicy 13281642117262-phpapp01-120202003227-phpapp01 (1)
Importanceofasecuritypolicy 13281642117262-phpapp01-120202003227-phpapp01 (1)Importanceofasecuritypolicy 13281642117262-phpapp01-120202003227-phpapp01 (1)
Importanceofasecuritypolicy 13281642117262-phpapp01-120202003227-phpapp01 (1)
Bonagiri Rajitha
 
Solve the exercise in security management.pdf
Solve the exercise in security management.pdfSolve the exercise in security management.pdf
Solve the exercise in security management.pdf
sdfghj21
 
Ch14 Policies and Legislation
Ch14 Policies and LegislationCh14 Policies and Legislation
Ch14 Policies and Legislation
Information Technology
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policy
charlesgarrett
 
Protecting business interests with policies for it asset management it-tool...
Protecting business interests with policies for it asset management it-tool...Protecting business interests with policies for it asset management it-tool...
Protecting business interests with policies for it asset management it-tool...
IT-Toolkits.org
 
Chapter 7 Managing Secure System.pdf
Chapter 7 Managing Secure System.pdfChapter 7 Managing Secure System.pdf
Chapter 7 Managing Secure System.pdf
AbuHanifah59
 
Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Start With A Great Information Security Plan!
Start With A Great Information Security Plan!
Tammy Clark
 
Ch10 Conducting Audits
Ch10 Conducting AuditsCh10 Conducting Audits
Ch10 Conducting Audits
Information Technology
 

Semelhante a Information security policy_2011 (20)

Policy formation and enforcement.ppt
Policy formation and enforcement.pptPolicy formation and enforcement.ppt
Policy formation and enforcement.ppt
 
Developing an Information Security Program
Developing an Information Security ProgramDeveloping an Information Security Program
Developing an Information Security Program
 
is_1_Introduction to Information Security
is_1_Introduction to Information Securityis_1_Introduction to Information Security
is_1_Introduction to Information Security
 
For our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdfFor our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdf
 
1chapter42BaseTech Principles of Computer Securit.docx
1chapter42BaseTech Principles of Computer Securit.docx1chapter42BaseTech Principles of Computer Securit.docx
1chapter42BaseTech Principles of Computer Securit.docx
 
Ch09 Information Security Best Practices
Ch09 Information Security Best PracticesCh09 Information Security Best Practices
Ch09 Information Security Best Practices
 
There are two general types of data dictionaries a database manag
There are two general types of data dictionaries a database managThere are two general types of data dictionaries a database manag
There are two general types of data dictionaries a database manag
 
D1 security and risk management v1.62
D1 security and risk management v1.62D1 security and risk management v1.62
D1 security and risk management v1.62
 
File000169
File000169File000169
File000169
 
Importanceofasecuritypolicy 13281642117262-phpapp01-120202003227-phpapp01 (1)
Importanceofasecuritypolicy 13281642117262-phpapp01-120202003227-phpapp01 (1)Importanceofasecuritypolicy 13281642117262-phpapp01-120202003227-phpapp01 (1)
Importanceofasecuritypolicy 13281642117262-phpapp01-120202003227-phpapp01 (1)
 
Solve the exercise in security management.pdf
Solve the exercise in security management.pdfSolve the exercise in security management.pdf
Solve the exercise in security management.pdf
 
Ch14 Policies and Legislation
Ch14 Policies and LegislationCh14 Policies and Legislation
Ch14 Policies and Legislation
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policy
 
Protecting business interests with policies for it asset management it-tool...
Protecting business interests with policies for it asset management it-tool...Protecting business interests with policies for it asset management it-tool...
Protecting business interests with policies for it asset management it-tool...
 
Chapter 7 Managing Secure System.pdf
Chapter 7 Managing Secure System.pdfChapter 7 Managing Secure System.pdf
Chapter 7 Managing Secure System.pdf
 
unit 3 security plans and policies.pptx
unit 3 security plans and policies.pptxunit 3 security plans and policies.pptx
unit 3 security plans and policies.pptx
 
Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Start With A Great Information Security Plan!
Start With A Great Information Security Plan!
 
How to set up your security policy
How to set up your security policyHow to set up your security policy
How to set up your security policy
 
Ch06 Policy
Ch06 PolicyCh06 Policy
Ch06 Policy
 
Ch10 Conducting Audits
Ch10 Conducting AuditsCh10 Conducting Audits
Ch10 Conducting Audits
 

Information security policy_2011

Notas do Editor

  1. Differentiate ESSP and SysPS
  2. Charging is higher in this way
  3. The most important think is budget this is related to sySP because of development of the organization Strategy of the company needs to take ESPS and than developing of the system is required to use SySP only specific information system
  4. When you right use simple word
  5. You have to convince your management using EPS CICT published in the enternet
  6. Download SP800-28 inside 480 for
  7. Three type policies Industarial Education Government Please compare whether they have similar components EISP Elements