Please enable JavaScript.
Coggle requires JavaScript to display documents.
Introduction to the Management of Information Security, Traditional…
Introduction to the Management of Information Security
SPECIALIZED AREAS OF SECURITY
Network
Communication
InfoSec
Physical
Operations
Cyber (Computer)
COMMUNITIES OF INTEREST
InfoSec Community
IT Community
Business Community
12 CATEGORIES OF THREAT
Technological obsolescence -
outdated tech
Technical hardware failures or errors -
equipment failure
Sabotage or vandalism -
Info destruction
Human error or failure -
staff mistake
Espionage or trespass -
unauthorized access
Compromises to intellectual property -
piracy
Deviations in quality of service -
WAN service problems
Forces of nature -
flood
Information extortion -
blackmail
Software attacks -
viruses, denial of service
Technical software failures or errors -
bugs, code problems
Theft -
illegal confiscation of equipment or information
key characteristics of information that make it valuable to an organization
CIA Triangle
Integrity -
when it is exposed
Availability -
format, authorized users
Confidentiality -
limiting access, steps{5}
-Updated:
Privacy -
purpose of usage, information aggregation
Identification -
characteristic of identification
Authentication -
control, process, establishes
Authorization -
process, define user, authorized, authority
Accountability -
control, provide assurance, attributed
Principles Of InfoSec Management
Planning -
IR, BC, DR, Policy, Personnel, Tech rollout, Risk Management, Sec Program
Policy -
general (Enterprise Sec Policy), issue-specific sec policy (ISSP), system-specific policies (SSSPs)
Program -
SETA, risk management program, contingency program
Protection
People
Project Management -
identify & control resource
Management & Leadership
process of achieving objectives by appropriately applying a given set of resource
Manager Role
Decisional Role -
collect, process, use info
Interpersonal Role -
interaction
Decisional Role -
decide final alternative approach, resolve conflict
Behavioral Types of Leaders
Autocratic
Democratic
Laissez-Faire
Management Characteristics
Popular management theory (POLC)
use principle of
Planning -
goals, obj, strategies, plans || 3 level - strategic, tactical, operational
Organizing -
structure, human resources, human management
Leading -
motivation, leadership, communication, individual and group behavior
Controlling -
standard, measurement, comparison, action
Traditional management theory (POSDC)
use principle of
Planning
Organizing
Staffing
Directing
Controlling