1. Foundations of Organizational Information Assurance Fall 2007 Dr. Barbara Endicott-Popovsky IMT551

2. Implementing IA and Cybersecurity Secure System

3. Implementing IA and Cybersecurity Secure System

4. Policies Policies drive security solutions Range from standards to guidelines; general to procedural Controls derive from policies Consequences tied to policies

5. Role for Procedures: When We Trust Controls…. Assumes: Design implements policies Sum total of controls implement all policies Implementation is correct Installation/administration are correct

6. CISO Procedure Dashboard Employee termination checklist Employee provisioning checklist Data backup Emergency contacts Change management procedure Instant messaging procedures PCI data security standard PCI self-assessment checklist Credit card handling procedure Data breach response procedure Procedure for request/access to personnel files Procedure for outside request for information Data classification procedure Media disposal procedure Privacy procedure

7. CISO Procedure Dashboard (cont’d.) Cyber incident response procedure Procedure on disposal of media/memory PKI management Appropriate use procedure Top 10 list Security manual Metrics ISO17799, ISO27001 VPN procedure Outsourcing security requirements/contract terms Contractor security requirements /contract terms

9. Context Evolution Agricultural Age Industrial Age Information Age

10. Labor Force Composition Source: K. Lauden & Lauden

11. Attribute Agricultural Age Industrial AgeInformation Age Wealth LandCapitalKnowledge Advancement ConquestInventionParadigm Shifts Time Sun/SeasonsFactory WhistleTime Zones Workplace FarmCapital equipment Networks Organization Structure FamilyCorporationCollaborations Tools PlowMachinesComputers Problem-solving SelfDelegationIntegration Knowledge GeneralizedSpecializedInterdisciplinary Learning Self-taughtClassroomOnline

12. Technology Individual Community State Economics Politics & Law Culture Education At the heart… IMPACTS

13. Questions?