Foundations of Organizational Information Assurance Fall 2007 Dr. Barbara Endicott-Popovsky IMT551

Implementing IA and Cybersecurity Secure System

Implementing IA and Cybersecurity Secure System

Policies Policies drive security solutions Range from standards to guidelines; general to procedural Controls derive from policies Consequences tied to policies

Role for Procedures: When We Trust Controls…. Assumes: Design implements policies Sum total of controls implement all policies Implementation is correct Installation/administration are correct

CISO Procedure Dashboard Employee termination checklist Employee provisioning checklist Data backup Emergency contacts Change management procedure Instant messaging procedures PCI data security standard PCI self-assessment checklist Credit card handling procedure Data breach response procedure Procedure for request/access to personnel files Procedure for outside request for information Data classification procedure Media disposal procedure Privacy procedure

CISO Procedure Dashboard (cont’d.) Cyber incident response procedure Procedure on disposal of media/memory PKI management Appropriate use procedure Top 10 list Security manual Metrics ISO17799, ISO27001 VPN procedure Outsourcing security requirements/contract terms Contractor security requirements /contract terms

Context Evolution Agricultural Age Industrial Age Information Age

Labor Force Composition Source: K. Lauden & Lauden

Attribute Agricultural Age Industrial AgeInformation Age Wealth LandCapitalKnowledge Advancement ConquestInventionParadigm Shifts Time Sun/SeasonsFactory WhistleTime Zones Workplace FarmCapital equipment Networks Organization Structure FamilyCorporationCollaborations Tools PlowMachinesComputers Problem-solving SelfDelegationIntegration Knowledge GeneralizedSpecializedInterdisciplinary Learning Self-taughtClassroomOnline

Technology Individual Community State Economics Politics & Law Culture Education At the heart… IMPACTS

Questions?