Professional Documents
Culture Documents
Session 3 - Information Security BW PDF
Session 3 - Information Security BW PDF
Security
Policies, Standards, and/or
Guidelines
Rikki S. Dewangga, MSi. AK., CISA., PMP.
InfoSecPol
IT Audit Methodologies
CobiT
www.isaca.org
BS 7799 - Code of Practice (CoP)
www.bsi.org.uk/disc/
BSI -IT baseline protection manual
www.bsi.bund.de/gshb/english/menue.htm
ITSEC
www.itsec.gov.uk
Common Criteria (CC)
csrc.nist.gov/cc/
ITIL overview
T
H
E
ServiceManagement
The
U
S
Business
Perspective
N
E
S
S
Service
Support
Service
Delivery
T
H
E
ICT
Infrastructure
E
C
Management
H
N
Security
Management
ApplicationsManagement
O
L
O
G
Y
Ease of use
CobiT
Certifyability
Update frequency
BS 7799
BSI
ITSEC
Applicability in
practice
Efficiency
Presentation of
results
Adaptability
Extent of scope
5.1. Importance of
Information Security
Management
5.1. Importance of
Information Security
Management
5.1. Importance of
Information Security
Management
5.1.1. Key Elements of Information Security
Management
Organization
5.1. Importance of
Information Security
Management
5.1.2. Information Security Management
Roles and Responsibilities
5.1. Importance of
Information Security
Management
5.1.3. Information Asset Inventories
5.1. Importance of
Information Security
Management
5.1.4. Classification of Information Assets
5.1. Importance of
Information Security
Management
5.1.5. System Access Permissions
Logically or physically based
Need-to-know basis
Four IT layers of security provided for
networks
Access to information resources
Access Capabilities
Reviews of access authorization
5.1. Importance of
Information Security
Management
5.1.6. Mandatory and Discretionary Access
Controls
- Mandatory
Discretionary
- Enforces data-owner-defined sharing of information
resources.
5.1. Importance of
Information Security
Management
5.1.8. Critical success factors to
information security management
10
5.1. Importance of
Information Security
Management
5.1.9. Information security and
External Parties
5.1. Importance of
Information Security
Management
5.1.10. HUMAN RESOURCES
SECURITY AND THIRD PARTIES
Screening
Terms and Conditions of Employment
During Employment
Termination or Change of Employment
Removal of Access Rights
11
5.1. Importance of
Information Security
Management
5.1.11. Computer crime issues and exposures
5.1. Importance of
Information Security
Management
5.1.11. Computer crime issues and exposures
(Cont.)
Computer crime vs. computer abuse
Crime depending on statistics of the
jurisdiction
Civil offense vs. criminal offence
12
5.1. Importance of
Information Security
Management
5.1.11. Computer crime issues and exposures (Cont.)
Thank You
Q&A
13