Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
17 Cards in this Set
- Front
- Back
Information security program
|
used to describe the structure and organization of the effort that strives to contain the risks to the information assets of the organization.
|
|
Four separate approaches in functions |
1)Functions by nontechnology business units a.Legal b.Training
2)Functions performed by IT groups outside the InfoSec area of management
a.Systems security administration b.Network security administration c.Centralized authentication 3)Functions performed within the infosec department as customer service
a.Risk assessment b.Systems Testing c.Incident Response d.Planninge.Measurementf.Vulnerability assessment
4)Functions performed with infosec departments as a compliance enforcement a.Policy b.Compliance/auditc.Risk management |
|
Chief Information Security Officer (CSO or CISO)
|
responsible for the assessment, management, and implementation of the program that secures the organization’s information
|
|
Security Managers
|
accountable for the day-to-day operations
|
|
Security Administrators and Analysts
|
hybrid of a security technician and a security manager.
|
|
Security Technicians |
qualified individuals who configure firewalls and implement security software.
|
|
Security Staffers and Watchstanders |
perform routine watchstanding or administrative activities. Watch intrusion consoles, monitor e-mail accounts.
|
|
Security Consultants |
independent expert in InfoSec, used when the decision to outsource aspects of the security program.
|
|
Security Offices and Investigators-
|
physical security officers and investigators, guards |
|
Help Desk Personnel
|
helps identify potential problems and helps minor issues |
|
Security education, training, and awareness (SETA)
|
- responsibility of the CISO and is designed to reduce the incidence of accidental security breaches. -Can improve employee behavior -Can inform members of the org about where to report violations of policy
-Enable the org to hold employees accountable for their actions |
|
Security Training
|
seeks to train members of the org how they should react and respond when encountered with a threat. (Workshops, formal training)
|
|
Seven step for implementing training
|
1) Identify Program scope, goals, and objectives.2) Identify training staff 3) Identify target audiences 4) Motivate management and employees 5) Administer the program 6) Maintain the program 7) Evaluate the program |
|
Some training delivery methods
|
1-on-1- informal, personal training with a trainer On the job training- learn while working Web seminars- watch a presentation on their computer |
|
Due Care
|
the conduct a reasonable person would do in a particular situation
|
|
Due Diligence
|
the process where a person gathers facts to make an informed choice on a matter
|
|
Awareness Components-
|
-Videos -Posters -Lectures and conferences |