IS4550 Security Policies and Implementation

Slides:



Advertisements
Similar presentations
Module N° 3 – ICAO SARPs related to safety management
Advertisements

IT Governance and Management
MGT-555 PERFORMANCE AND CAREER MANAGEMENT
Session No. 3 ICAO Safety Management Standards ICAO SMS Framework
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.
Information Security Governance 25 th June 2007 Gordon Micallef Vice President – ISACA MALTA CHAPTER.
Chapter 3 Internal Controls.
Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Chapter 4 of the Executive Guide manual
Module 2: Creating a Plan for Network Security. Overview Introduction to Security Policies Designing Security by Using a Framework Creating a Security.
Nuclear Security Culture William Tobey Workshop on Strengthening the Culture of Nuclear Safety and Security, Sao Paulo, Brazil August 25-26, 2014.
Data Governance 101. Agenda  Purpose  Presentation (Elijah J. Bell) Data Governance Data Policy Security Privacy Contracts  FERPA—The Law  Q & A.
Configuring Electronic Health Records Privacy and Security in the US Lecture a This material (Comp11_Unit7a) was developed by Oregon Health & Science University.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.
Chapter 3: Business Continuity Planning. Planning for Business Continuity Assess risks to business processes Minimize impact from disruptions Maintain.
Alex Ezrakhovich Process Approach for an Integrated Management System Change driven.
Governance, risk and ethics. 2 Section A: Governance and responsibility Section B: Internal control and review Section C: Identifying and assessing risk.
© ITT Educational Services, Inc. All rights reserved. IS4680 Security Auditing for Compliance Unit 1 Information Security Compliance.
SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.
Briefing for Heads of units
IS4680 Security Auditing for Compliance
CHAPTER 4 THE EVOLVING/ STRATEGIC ROLE OF HUMAN RESOURCE MANAGEMENT
Kentico CMS Intranet Solution
BIL 424 NETWORK ARCHITECTURE AND SERVICE PROVIDING.
IS4550 Security Policies and Implementation
MGMT 452 Corporate Social Responsibility
Welcome and Namaste Human Resource Information System (HRIS or HRMS) for Managing Human Capital More Intelligently.
Health and Safety Policy
IIASA Governance Review
MANAGING HUMAN RESOURCES
IS4550 Security Policies and Implementation Unit 7 Risk Management
IT Professional Perspective IT Strategy, Policy and Governance
VP, Institutional Services
IS4680 Security Auditing for Compliance
Recognization and management of RISK in educational projects
Chapter 9 Control, security and audit
Internal control objectives
Entrepreneurship and business-culture 3
IS4550 Security Policies and Implementation
IS4680 Security Auditing for Compliance
IS4550 Security Policies and Implementation
Chapter 6 Project Management and Project Cycle Management.
2016 Procurement Framework Contract Management
IS4550 Security Policies and Implementation Unit 5 User Policies
IS4550 Security Policies and Implementation
HIPAA Implementation Strategies for Compliance Professionals
Communication and Consultation with Interested Parties by the RB
IS4680 Security Auditing for Compliance
IS4550 Security Policies and Implementation
IS4680 Security Auditing for Compliance
IS4550 Security Policies and Implementation
UNDERSTANDING….. THE GRC FRAMEWORK.
ITP Maturity Model Survey 2018
HIPAA Implementation Strategies for Compliance Professionals
IS4550 Security Policies and Implementation
IS4680 Security Auditing for Compliance
As we reflect on policies and practices for expanding and improving early identification and early intervention for youth, I would like to tie together.
2017 Administration and Finance Conference
Project Management Process Groups
Building a Culture of Accountability
Health Care Management
Chapter 8 Developing an Effective Ethics Program
Safety Management System Implementation
Patient Safety Friendly Hospital Intiative
Building and Sustaining Total Quality Organizations
IS4680 Security Auditing for Compliance
IS4680 Security Auditing for Compliance
Security Policies and Implementation Issues
Presentation transcript:

IS4550 Security Policies and Implementation Unit 9 Implementing and Maintaining an IT Security Policy Framework

Class Agenda 8/11/16 Lesson Covers Chapter 13 and 14 11/24/2018 Class Agenda 8/11/16 Lesson Covers Chapter 13 and 14 Learning Objectives Lesson Presentation and Discussions. Discussion on Assignments. Discussion on Lab Activities. Break Times as per School Regulations. Try to read the text book before class. (c) ITT Educational Services, Inc.

Learning Objective Describe different issues related to implementing and enforcing information systems security (ISS) policies.

Key Concepts Organizational implementation issues for ISS policies Hindrances to the dissemination of policies and policy monitoring and enforcement strategy Policy enforcement as it relates to compliance laws Differences between public and private information technology (IT) security policy implementations Legal implications of ISS policy enforcement

EXPLORE: CONCEPTS

Implementation Issues The key point is to realize that implementation is as much about changing attitudes as it is about implementing controls. Overcoming perception and changing culture is one goal of security policies. In other words, it is about implementing in a way that wins hearts and minds.

Implementation Issues (Continued) You achieve this by having a clear and concise plan. Three common messages to define the need for policies through: Personal accountability Directive and enforcement Being a valuable tool

Overcoming Hindrances to Policies Many different learning levels within an organization People learn in different ways Organizational culture plays an important role

Overcoming Hindrances to Policies (Continued) It’s important to remember that success depends on how well the policies are accepted. Executive management support is critical in overcoming hindrances. The lack of support makes implementing security policies impossible.

Public vs. Private Security Policy Implementation Public organizations are often bound by legal requirements such as Health Insurance Portability and Accountability Act (HIPPA). Private organizations implement policies to counter risks affecting them. Public organizations are almost always larger than private.

Public vs. Private Security Policy Implementation (Continued) Private organizations can quickly implement changes as they are more often smaller than larger public organizations

EXPLORE: PROCESS

Policy Implementation Strategies Effective communication is one of the most important best practices to consider. It’s vital that executive support is obtained early, as without management support, the implementation of security policies is impossible. Keep expectations realistic, and credibility is built on delivering real solutions.

Policy Implementation Strategies (Continued) Clearly communicate the expected results of the investment in security policies. Keep the security policies flexible, as security best practice today might be considered obsolete tomorrow.

Monitoring and Enforcement Strategies The information security team should develop a close relationship with the legal team. Teams should communicate their roles and responsibilities to one another. The information security team should review the current legislation that governs their business.

Monitoring and Enforcement Strategies (Continued) The legal department should review all new or major changes to policies. Enforcement of policies is based on a risk assessment, as all policies should be followed.

Monitoring and Enforcement Strategies (Continued) It’s important to ensure that consequence and enforcement is properly socialized throughout organization. Wherever possible, use automated controls to enforce policies.

EXPLORE: ROLES

Roles and Responsibilities Senior Management Responsible for policy support and funding, along with leadership and governance Human Resources (HR) Responsible for policy enforcement regarding employees IT Management Responsible for support and leadership for information security also act as change agents

Roles and Responsibilities (Continued) Security Management Responsible for the overall information security policy creation, implementation, monitoring, and enforcement Users/Employees Responsible for following the information security policies, standards, guidelines, and procedures

Summary In this presentation, the following were covered: Policy implementation issues and overcoming hindrances to implementing policies Policy implementation strategies Policy monitoring and enforcement strategies Difference between public and private security policy implementation Roles and responsibilities associated with implementation and maintenance of an IT security policy framework

Unit 9 Assignment Discussion 9.1 Information Dissemination—How to Educate Employees Assignment 9.3 Policy Monitoring and Enforcement Strategy

Unit 9 Lab Activities Lab is in the lab manual on line Lab 9.2 Assess and Audit an Existing IT Security Policy Framework Definition Reading assignment: Read chapter 13 and 14

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.