05 Developing the Security Program
Objectives
2
•
Upon completion of this material you should be able to:
– – –
Explain the organizational approaches to information security List and describe the functional components of an information security program Determine how to plan and staff an organization’s information security program based on its size
IS4231 – 05 Developing the Security Program
Objectives (cont’d.)
3
•
Upon completion of this material you should be able to: (cont’d.)
–
–
Evaluate the internal and external factors that influence the activities and organization of an information security program List and describe the typical job titles and functions performed …show more content…
An InfoSec program is sometimes at odds with the goals and objectives of the IT department as a whole
IS4231 – 05 Developing the Security Program
Placing Information Security Within An Organization (cont’d.)
25
•
Because the goals and objectives of the CIO and the CISO may come in conflict
– –
It is not difficult to understand the current movement to separate information security from the IT division The challenge is to design a reporting structure for the InfoSec program that balances the needs of each of the communities of interest
IS4231 – 05 Developing the Security Program
Placing Information Security Within an Organization (cont’d.)
26
IS4231 – 05 Developing the Security Program
Placing Information Security Within an Organization (cont’d.)
27
IS4231 – 05 Developing the Security Program
Placing Information Security Within an Organization (cont’d.)
28
IS4231 – 05 Developing the Security Program
Placing Information Security Within an Organization (cont’d.)
29
IS4231 – 05 Developing the Security Program
Placing Information Security Within an Organization (cont’d.)
30
IS4231 – 05 Developing the Security Program
Placing Information Security Within an Organization (cont’d.)
31
•
Other options
– – – – – –