Presentation is loading. Please wait.

Presentation is loading. Please wait.

IS4550 Security Policies and Implementation

Published byUrsula Sparks Modified over 5 years ago

Similar presentations

Presentation on theme: "IS4550 Security Policies and Implementation"— Presentation transcript:

1 IS4550 Security Policies and Implementation
Unit 9 Implementing and Maintaining an IT Security Policy Framework

2 Class Agenda 8/11/16 Lesson Covers Chapter 13 and 14
11/24/2018 Class Agenda 8/11/16 Lesson Covers Chapter 13 and 14 Learning Objectives Lesson Presentation and Discussions. Discussion on Assignments. Discussion on Lab Activities. Break Times as per School Regulations. Try to read the text book before class. (c) ITT Educational Services, Inc.

3 Learning Objective Describe different issues related to implementing and enforcing information systems security (ISS) policies.

4 Key Concepts Organizational implementation issues for ISS policies
Hindrances to the dissemination of policies and policy monitoring and enforcement strategy Policy enforcement as it relates to compliance laws Differences between public and private information technology (IT) security policy implementations Legal implications of ISS policy enforcement

5 EXPLORE: CONCEPTS

6 Implementation Issues
The key point is to realize that implementation is as much about changing attitudes as it is about implementing controls. Overcoming perception and changing culture is one goal of security policies. In other words, it is about implementing in a way that wins hearts and minds.

7 Implementation Issues (Continued)
You achieve this by having a clear and concise plan. Three common messages to define the need for policies through: Personal accountability Directive and enforcement Being a valuable tool

8 Overcoming Hindrances to Policies
Many different learning levels within an organization People learn in different ways Organizational culture plays an important role

9 Overcoming Hindrances to Policies (Continued)
It’s important to remember that success depends on how well the policies are accepted. Executive management support is critical in overcoming hindrances. The lack of support makes implementing security policies impossible.

10 Public vs. Private Security Policy Implementation
Public organizations are often bound by legal requirements such as Health Insurance Portability and Accountability Act (HIPPA). Private organizations implement policies to counter risks affecting them. Public organizations are almost always larger than private.

11 Public vs. Private Security Policy Implementation (Continued)
Private organizations can quickly implement changes as they are more often smaller than larger public organizations

12 EXPLORE: PROCESS

13 Policy Implementation Strategies
Effective communication is one of the most important best practices to consider. It’s vital that executive support is obtained early, as without management support, the implementation of security policies is impossible. Keep expectations realistic, and credibility is built on delivering real solutions.

14 Policy Implementation Strategies (Continued)
Clearly communicate the expected results of the investment in security policies. Keep the security policies flexible, as security best practice today might be considered obsolete tomorrow.

15 Monitoring and Enforcement Strategies
The information security team should develop a close relationship with the legal team. Teams should communicate their roles and responsibilities to one another. The information security team should review the current legislation that governs their business.

16 Monitoring and Enforcement Strategies (Continued)
The legal department should review all new or major changes to policies. Enforcement of policies is based on a risk assessment, as all policies should be followed.

17 Monitoring and Enforcement Strategies (Continued)
It’s important to ensure that consequence and enforcement is properly socialized throughout organization. Wherever possible, use automated controls to enforce policies.

18 EXPLORE: ROLES

19 Roles and Responsibilities
Senior Management Responsible for policy support and funding, along with leadership and governance Human Resources (HR) Responsible for policy enforcement regarding employees IT Management Responsible for support and leadership for information security also act as change agents

20 Roles and Responsibilities (Continued)
Security Management Responsible for the overall information security policy creation, implementation, monitoring, and enforcement Users/Employees Responsible for following the information security policies, standards, guidelines, and procedures

21 Summary In this presentation, the following were covered:
Policy implementation issues and overcoming hindrances to implementing policies Policy implementation strategies Policy monitoring and enforcement strategies Difference between public and private security policy implementation Roles and responsibilities associated with implementation and maintenance of an IT security policy framework

22 Unit 9 Assignment Discussion 9.1 Information Dissemination—How to Educate Employees Assignment 9.3 Policy Monitoring and Enforcement Strategy

23 Unit 9 Lab Activities Lab is in the lab manual on line Lab 9.2 Assess and Audit an Existing IT Security Policy Framework Definition Reading assignment: Read chapter 13 and 14

Download ppt "IS4550 Security Policies and Implementation"

Similar presentations

Module N° 3 – ICAO SARPs related to safety management

Module N° 3 – ICAO SARPs related to safety management
IT Governance and Management

IT Governance and Management
MGT-555 PERFORMANCE AND CAREER MANAGEMENT

MGT-555 PERFORMANCE AND CAREER MANAGEMENT
Session No. 3 ICAO Safety Management Standards ICAO SMS Framework

Session No. 3 ICAO Safety Management Standards ICAO SMS Framework
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.

INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.
Information Security Governance 25 th June 2007 Gordon Micallef Vice President – ISACA MALTA CHAPTER.

Information Security Governance 25 th June 2007 Gordon Micallef Vice President – ISACA MALTA CHAPTER.
Chapter 3 Internal Controls.

Chapter 3 Internal Controls.
Chapter 8 8-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Chapter 4 of the Executive Guide manual

Chapter 4 of the Executive Guide manual
Module 2: Creating a Plan for Network Security. Overview Introduction to Security Policies Designing Security by Using a Framework Creating a Security.

Module 2: Creating a Plan for Network Security. Overview Introduction to Security Policies Designing Security by Using a Framework Creating a Security.
Nuclear Security Culture William Tobey Workshop on Strengthening the Culture of Nuclear Safety and Security, Sao Paulo, Brazil August 25-26, 2014.

Nuclear Security Culture William Tobey Workshop on Strengthening the Culture of Nuclear Safety and Security, Sao Paulo, Brazil August 25-26, 2014.
Data Governance 101. Agenda  Purpose  Presentation (Elijah J. Bell) Data Governance Data Policy Security Privacy Contracts  FERPA—The Law  Q & A.

Data Governance 101. Agenda  Purpose  Presentation (Elijah J. Bell) Data Governance Data Policy Security Privacy Contracts  FERPA—The Law  Q & A.
Configuring Electronic Health Records Privacy and Security in the US Lecture a This material (Comp11_Unit7a) was developed by Oregon Health & Science University.

Configuring Electronic Health Records Privacy and Security in the US Lecture a This material (Comp11_Unit7a) was developed by Oregon Health & Science University.
Chapter 8 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.

Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.
Chapter 3: Business Continuity Planning. Planning for Business Continuity Assess risks to business processes Minimize impact from disruptions Maintain.

Chapter 3: Business Continuity Planning. Planning for Business Continuity Assess risks to business processes Minimize impact from disruptions Maintain.
Alex Ezrakhovich Process Approach for an Integrated Management System Change driven.

Alex Ezrakhovich Process Approach for an Integrated Management System Change driven.
Governance, risk and ethics. 2 Section A: Governance and responsibility Section B: Internal control and review Section C: Identifying and assessing risk.

Governance, risk and ethics. 2 Section A: Governance and responsibility Section B: Internal control and review Section C: Identifying and assessing risk.
© ITT Educational Services, Inc. All rights reserved. IS4680 Security Auditing for Compliance Unit 1 Information Security Compliance.

© ITT Educational Services, Inc. All rights reserved. IS4680 Security Auditing for Compliance Unit 1 Information Security Compliance.

Similar presentations

Ads by Google