Information Assurance Policy: Course Summary. 2 A Multifaceted Activity Policy needs, goals, construction, enforcement, evolution Governance, legislation,

Slides:



Advertisements
Similar presentations
Management of Engineers and Technology Strategic Planning Group Processes.
Advertisements

1 of 13 Organization and Management Information Management in Your Organization IMARK Investing in Information for Development Organization and Management.
Toward a Vision for a National System of Natural and Environmental Resource Indicators.
USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.
Database Administration
© QinetiQ North America, Inc QinetiQ North America, Inc. 1 Implementing an Enterprise Security Framework – Safeguarding Your Most.
Software Quality Assurance Plan
Audit Issues regarding Passwords on Elevated Privilege Accounts Gene Scheckel Global Internal Audit.
A centre of expertise in data curation and preservation MIS Seminar :: University of Edinburgh :: 2 October 2006 Funded by: This work is licensed under.
October 3, Partnerships for VoIP Security VoIP Protection Profiles David Smith Co-Chair, DoD VoIP Information Assurance Working Group NSA Information.
Developing Information Security Policy. Why is Developing Good Security Policy Difficult? Effective Security/IA Policy is more than locking doors and.
Information Security Policies and Standards
Information System Security Engineering and Management Risk Analysis and System Security Engineering Homework (#2, #3) Dr. William Hery
Safety and Health Programs
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Chapter 10 Information Systems Management. Agenda Information Systems Department Plan the Use of IT Manage Computing Infrastructure Manage Enterprise.
TRB CFS Session 414 January Freight Data for the Future Report From the TRB CFS Conference July 8-9, 2005 Joseph L. Schofer Northwestern University.
15 1 Chapter 15 Database Administration Database Systems: Design, Implementation, and Management, Seventh Edition, Rob and Coronel.
Why Managers Must Understand IT Managers play a key role –Frame opportunities and threats so others can understand them –Evaluate and prioritize problems.
Evaluating And Negotiating An IT Contract — The Buyer’s View Allan P. Weeks Attorney-At-Law Law Office of Allan Page Weeks Insert your logo in this area.
Network security policy: best practices
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
Website Hardening HUIT IT Security | Sep
IT Assurance and Reliability Why Should You Care? Richard Oppenheim, CPA, CITP President, SysTrust Services Corporation Presented to ISACA Regional Meeting.
1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.
Database Systems: Design, Implementation, and Management Ninth Edition
Teaching Security via Problem- based Learning Scenarios Chris Beaumont Senior Lecturer Learning Technology Research Group Liverpool Hope University College.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Evaluating and Purchasing Electronic Resources- The University of Pittsburgh Experience Sarah Aerni Special Projects Librarian University of Pittsburgh.
INFORMATION SECURITY THE NEXT GENERATION 13 th World Electronics Forum Israel Christopher Joscelyne Board Member & Membership Chairman AEEMA November 2007.
Financial Stewardship For Organizations: An Overview.
Auditoria. AGENDA Innovatec Services Chicoche Systems Chicoche Systems Services Critical Asset Worksheet for people Critical Asset Worksheet for Information.
Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style COPS Community Studies Presented by Sherley Codio Community-Oriented.
Postgraduate Educational Course in radiation protection and the Safety of Radiation sources PGEC Part IV The International System of Radiation Protection.
Use a plan review Keep Score Provide incentives for positive behavior Manage knowledge retention & transfer Follow up for Sustainable Results Cox Ch 7.
DBS201: DBA/DBMS Lecture 13.
AL-MAAREFA COLLEGE FOR SCIENCE AND TECHNOLOGY INFO 232: DATABASE SYSTEMS CHAPTER 1 DATABASE SYSTEMS (Cont’d) Instructor Ms. Arwa Binsaleh.
AUDITORÍA THE APPCO. VOLUME 8: CRITICAL ASSET FOR PEOPLE.
Information Systems Development. Outline  Information System  Systems Development Project  Systems Development Life Cycle.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
Security Architecture
OSHAX.org - The Unofficial Guide To the OSHA1. Benefits of Effective Safety and Health Programs Reduce work related injuries and illnesses Improve morale.
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
Project Administration Chapter-4. Project Administration Project Administration is the process which involves different kinds of activities of managing.
Information Assurance Policy Tim Shimeall
Network Security. Need for security  Connecting to the Internet is quickly becoming a necessity for companies/ individuals  Understand the security.
Appendix C: Designing an Operations Framework to Manage Security.
UWM CIO Office Institutional Data Privacy and Security Presenter: Steve Brukbacher, Information Security Architect Moderated by: Bruce Maas, CIO November.
The SSMP Process 1. The Servicing and Settlement Master Plan A plan to encompass the community’s visions and ideas, while approaching planning and servicing.
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
Juan Ortega 12/15/09 NTS355. Microsoft Security Advisory (977544) Vulnerability in SMB Could Allow Denial of Service Flaw on SMBv2 supposedly opened two.
Site Security Policy Case 01/19/ : Information Assurance Policy Douglas Hines, Jr.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
1 Chapter 13: RADIUS in Remote Access Designs Designs That Include RADIUS Essential RADIUS Design Concepts Data Protection in RADIUS Designs RADIUS Design.
Configuring, Managing and Maintaining Windows Server® 2008 Servers Course 6419A.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Report Performance Monitor & Control Risk Administer Procurement MONITORING & CONTROLLING PROCESS.
 IS A COLLECTION OF PROGRAMS THAT MANAGES THE DATABASES STRUCTURE AND CONTROL ACCESS TO THE DATA STORED IN THE DATABASE.
1 Malawi Public Expenditure Review: Road Sector 21 November 2007.
Principles of Information System Security: Text and Cases
McGraw-Hill/Irwin Chapter 1 The Nature and Purpose of Accounting Copyright © The McGraw-Hill Companies. All Rights Reserved.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
BYOD Security Risks Presentation by Ravi Namboori Visit
Importance of IT security ->protects data ->ensures authentication and confidentiality ->preevents data theft.
Information Security Management Goes Global
IS4680 Security Auditing for Compliance
Identifying Appropriate Process Detail
Database Administration
Presentation transcript:

Information Assurance Policy: Course Summary

2 A Multifaceted Activity Policy needs, goals, construction, enforcement, evolution Governance, legislation, vendors, providers, collaborators, technology Users, hosts, networks, sites Costs, management, effectiveness

3 A Good Policy Basis and motivation for decision making Detailed enough to enforce or forbid activity Open enough to support evolving activity Clearly stated, enforceable Applies to a clearly attributed set of assets or activities Maintainable, revisable

4 A Bad Policy Mixes goal with how to provide it Mixes direction with attribute Leaves open responsibility for implementation Gets lost in trivialities

5 You Decide The company badge subsystem shall be protected via timely backups of the badge database. All backups shall be retained until designated by the CIO. Backups shall be digitally encrypted and signed by the administrator making the backup using GPG 2.4 or similar hybrid-key cryptosystem.

6 Consequences of Bad IA Policy Lack of protection Lack of consistency Increased effort Increased cost Increased uncertainty Misplaced investments

7 Good Policy? Protection of the company badge subsystem shall be enforced by the operations manager. This protection shall include both generation of appropriate backups of the badge database and protection of these backups, as well as other activities.

8 Consequences of Good Policy positioned for activity prepared to meet evolving threats meet responsibilities for asset protection in cost-effective manner

9 In Summary “You’ve all done very well” This is all just a start: doing policy well is a balancing act that improves with knowledge and hard-won experience

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.