Premium Essay

Information Security for Managers

In: Computers and Technology

Submitted By nichuaana
Words 2401
Pages 10
Assignment 2 Information Security for Managers

Submitted By:
Student Number:

Submitted Date: January 22, 2009 Table of Contents
1. Information Security Policy (Word Count = approx. 1000) 3
1.1 Security: 3
1.2 Policy: 3
1.3 Information Security Policy and its importance: 4
1.4 Policies, Procedures, Practices, Guidelines 5
1.5 Example of good policy statement 6
1.6 Possible structure of information security policy documents 7
1.7 Strategies and techniques to implement information security policies 8
2. Developing the Security Program(Word Count = approx. 500) 9
3. Security Management Models and Practices (Word Count = approx. 500) 11
A. ISO/IEC Model 11
B. NIST Security Model 11
C. RFC 2196 11
D. COBIT 11
E. COSO 12
4. List of References: 13

1. Information Security Policy
1.1 Security:
Security has been a real issue for this century. Due to the new emerging technology like RFID and wireless devices there have been various issues regarding privacy and security of person and an enterprise. Security can be understood as a condition to protect against unauthorized access. In terms of IT, security can be categorized into application security, computing security, data security, information security, and network security.
Source: (Whitman & Mattord 2007, p.5)
Even though all of these security fields need to be monitored in an enterprise, for instance in this document we are concerned only with information security. Information security is responsible for ensuring intrigrity, availability and confidentiality of the enterprise’s valuable assets. For protecting valuable assets one of the preventive measures is develop and implement policy within an enterprise. The figure above shows the policy is essential in all the security aspects.
1.2 Policy:
“A policy is a deliberate plan of action to guide decisions...

Similar Documents

Premium Essay

Security Manager Roles

...Security Manager Roles A security manager is one of the most important jobs of any organization. Although the position of security manager may differ from business to business, the main component of the job is to oversee the security operations for that business. Security managers develop and enforce security policies to ensure a safe environment for both employees and visitors. With the different organizations, security managers have key responsibilities that are vital to the daily operations of that organization. To identify the different responsibilities that security manager’s have in different organizations, we can define the key roles of a security manager for the Transportation Security Administration (TSA) and a security manager for an Information Technology (IT) company. Each of these individuals’ roles is crucial to protecting the security needs of their particular organization in their respective fields. A security manager for the Transportation Security Administration is the individual in charge of security operations at an airport terminal. They are in charge of supervisors, leads, and transportation security officers. They also oversee the daily operations schedule and training schedule to assure optimal security coverage on the screening checkpoints....

Words: 1013 - Pages: 5

Premium Essay

Kayworth and Whitten 2010 Misqe

...Effective Information Security Requires a Balance of Social and Technology Factors EffEctivE information SEcurity rEquirES MIS Uarterly a BalancE of Social and tEchnology xecutive factorS1,2 Q E Tim Kayworth Baylor University (U.S.) Dwayne Whitten Texas A&M University (U.S.) Executive Summary 2 Industry experts have called for organizations to be more strategic in their approach to information security, yet it has not been clear what such an approach looks like in practice or how firms actually achieve this. To address this issue, we interviewed 21 information security executives from 11 organizations. Our results suggest that a strategically focused information security strategy encompasses not only IT products and solutions but also organizational integration and social alignment mechanisms. Together, these form a framework for a socio-technical approach to information security that achieves three objectives: balancing the need to secure information assets against the need to enable the business, maintaining compliance, and ensuring cultural fit. The article describes these objectives and the security alignment mechanisms needed to achieve them and concludes with guidelines that can be applied to ensure effective information security management in different organizational settings. INFORMATION SECURITY HAS BECOME A STRATEGIC ISSUE Information security continues to be a major concern among corporate executives....

Words: 7959 - Pages: 32

Premium Essay

Jjjjjj

...Because this new concept covers a broader range of issues, from the protection of data to the protection of human resources, information security is no longer the sole responsibility of a discrete group of people in the company; rather, it is the responsibility of every employee, and especially managers. Organizations must realize that information security funding and planning decisions involve more than...

Words: 2580 - Pages: 11

Premium Essay

Staffing the It Department

...Staffing the Information Technology Department Gayle Yarbrough, PHR Webster University ITM 5600/45 - Information and Communications Security Dr. Etido Akpan February 15, 2011 Abstract Staffing the Information Technology (IT) department today is about proper workforce planning and strategic alignment. In today’s labor market, it is essential that staffing be aligned with the strategic plan of the organization. The goal of the staffing expert is to achieve the perfect balance between improving technology and finding success in all areas related to staffing for that technology (Cryton, 2010). Strategic recruiting becomes more important as labor markets shift and become more competitive. Human Resource planning helps to align Human Resource strategies with organizational goals and plans. This research will examine different strategies and staffing approaches as companies strive to attract the Information Technology talent needed while at the same time companies are facing a major human energy crisis in the Information Technology department. This study will examine the different methods and sources of staffing and considerations to examine in selecting a recruitment strategy. The research will examine what is needed to staff the IT department along with credentials and training needed to support the requirements....

Words: 3035 - Pages: 13

Premium Essay

Internal and External Security

...Internal and External Security BIS/303 September 16, 2013 Internal and External Security Most hotels offer exceptional service and a quality stay, but the hotels have to look at the internal and external security issues that are a major concern. Internal security issues, such as spiteful users of the business using one of the information technology applications within the company. Beside the physical security, hotels have external security issues for an example a person sending e-mails with viruses or a hacker trying to hack into the database for personal information about the customers staying at the hotel. Hotels have to guarantee security and safety of the hotel guests. After previous events that includes the attacks on September 11 and other famous hotels around the world attacks, many hotels are looking to develop ways to keep guests and hotel employees safe. Many hotels are applying a new system of security that will help keep guests safer during his or her stay at the hotel. Information security is a vital key role in today’s fast moving technology world and the fragile business environment. The significance of this reality needs to be clear; not only to improve the business’ daily transactions and procedures but also to make certain that the much needed security concerns are put into operation with an adequate level of security....

Words: 1578 - Pages: 7

Premium Essay

Forensics

...I then notated all the pertinent information that I would use for my report and highlighted the details. I...

Words: 1629 - Pages: 7

Premium Essay

Mountainview Itil V3 Process Poster

...Activities 1 Define what you should measure 2 Define what you can measure 3 Gathering the data 4 Processing the data 5 Analyzing the data 6 Presenting and using the information 7 Implementing corrective action Repeat the Process Inputs Each activity has inputs Outputs Each activity has outputs Roles Process Owner, Service Manager, CSI Manager, Service Owner Knowledge Management Process Owner Reporting Analyst Service Measurement and Reporting Goal To monitor services and report on improvement opportunities Activities Service Measurement •Objective (Availability, Reliability, Performance of the Service) •Developing a Service Measurement Framework •Different levels of measurement and reporting •Defining what to measure •Setting targets •Service management process measurement •Creating a measurement framework grid •Interpreting and using metrics •Interpreting metrics •Using measurement and metrics •Creating scorecards and reports •CSI policies Service Reporting •Reporting policy and rules Inputs SLA Targets, SLRs, OLAs, Contracts Outputs Service Improvement Program, SLAM Reports Roles Process Owner, Service Manager, CSI Manager, Service Owner Knowledge Management Process Owner Reporting Analyst Service Strategy Deming Cycle – Plan Do Check Act Goal The goal in using the Deming Cycle is steady, ongoing improvement. It is a fundamental tenet of Continual Service Improvement....

Words: 4361 - Pages: 18

Premium Essay

Human Resources Security Information

...Human Resources Information Security Standards Human Resources Information Security Standards Standards August 2009 Project Name Product Title Version Number Human Resources Information Security Standards Standards 1.2 Final V1.2 Final Page 1 of 10 Human Resources Information Security Standards Document Control Organisation Title Author Filename Owner Subject Protective Marking Review date Wokingham Borough Council Human Resources Information Security Standards Steve Adamek, Head of Business Systems G\Government Connect\WBC Policies Head of Business Systems IT Policy Internal Public April 2010 Revision History Revision Date Revisor Previous Version Description of Revision V2.1 V2.2 V2.3 V2.4 V1.0 V1.1 V1.2 Laura Howse Laura Howse Steve Adamek Laura Howse Laura Howse Laura Howse Laura Howse 2.0 2.1 2.2 2.3 2.4 1 1.1 Updated to include WBC references Updated to incorporate WBC changes Updated to incorporate Unison changes Updated to incorporate Unison changes Final Version Updated to include feedback from Human Resources Updated to include feedback from Human Resources Document Approvals This document requires the following approvals: Sponsor Approval Name Date Director of Transformation General Manager for Business Services & Section 151 Officer Head of Business Systems Deputy Head of Human Resources Computacenter Service Manager (Outsourced IT Provider) Document Distribution Andrew Moulton Graham Ebers Steve Adamek Maureen......

Words: 2757 - Pages: 12

Premium Essay

Vulnerability Mangement

.... 1600 Bridge Parkway Redwood Shores, CA 94065 1 (650) 801 6100 Preface Chapter 1 Introduction Operationalizing Security and Policy Compliance..................................................... 10 QualysGuard Best Practices ........................................................................................... 11 Chapter 2 Rollout First Steps First Login......................................................................................................................... Complete the User Registration.......................................................................... Your Home Page................................................................................................... View Host Assets .................................................................................................. Add Hosts .............................................................................................................. Remove IPs from the Subscription..................................................................... Add Virtual Hosts ................................................................................................ Check Network Access to Scanners ................................................................... Review Password Security Settings ................................................................... Adding User Accounts ......................................................................................................

Words: 38236 - Pages: 153

Premium Essay

Final Project

...The second important decision that financial managers make is finances. Companies get their finances from many sources such as issues of shares and by taking out loans, deciding on how much to raise from different sources is a concern of the financial decisions that financial managers make (Pujari, S 2015). The main sources of finance are divided into two different categories, owner funds and borrowed funds. Financial manager’s...

Words: 2548 - Pages: 11

Premium Essay

Security Risk Management Plan

...Every business these days has a SRMP in case of any events which may occur, this is essential for every business to provide a base of guidelines and security risk controls. Project purpose The purpose of this Security Risk Management Plan is to provide a guideline of risk management in CBS and its operation. It also analyses risks and provides information on implementation of risk controls to ensure security. Scope of Risk management The project aim of CBS...

Words: 2028 - Pages: 9

Premium Essay

Csec 610

...Today managers face more and more vulnerabilities in an...

Words: 2316 - Pages: 10

Premium Essay

Cis568

...Benefits of Information Systems Although The Elias Group has experienced organizational growth from its beginnings in 1997, the organization can benefit from new and improved information systems. The new or improved information systems will allow the organization to identify solutions to current or future problems by combining data from various sources. Consequently, The Elias Group can stay abreast with the overall performance of the organization and identify outside opportunities or threats to the...

Words: 2975 - Pages: 12

Premium Essay

Ism Information Systems

...INFORMATION SECURITY MANAGER Summary: The position of Information Security Manager is a high-level security positions which reports to and performs tasks under the direction of the Chief Information Security Officer (CISO). This is a hands-on management position which requires advanced technical skills, as well as management abilities. The Information Security manager will coordinate the efforts of the Information Security Group, including all staff, technology, projects, and incident response. In addition, this position will provide support across the city, including information technology, personnel, communications, law, and other departments and will identify security initiatives and standards. Direct reports may include technical and support personnel such as Security Analysts, Security Business Analysts, Security Engineers, and Security Administrators. Responsibilities: • Oversee a team of security personnel who safeguard the City’s assets, intellectual property, information systems and the physical security of Information Technology processing facilities. • Coordinate hiring, training, and evaluation of security personnel and the development of education/training programs to ensure appropriate awareness of security policies, procedures, and standards. • Identify protection goals, objectives and metrics consistent with the City’s strategic plan....

Words: 283 - Pages: 2

Premium Essay

Contingency Plan

...Site Managers * Implement, enforce and access company’s security protocols. * Communicate policies to employees and implement security training. IT Technician * Maintain, support, and protect all company networks, software and hardware. * Identify and report any threats to network(systems). Site Security Officer...

Words: 4878 - Pages: 20