Professional Documents
Culture Documents
RSK4801 B0 LS05 017 Mo PDF
RSK4801 B0 LS05 017 Mo PDF
17.1 PURPOSE
Chapters 1-8 of the online book: Gelbstein, E. 2013. Information security for non-technical managers. Available at:
https://sunsreynat.files.wordpress.com/2014/07/information-security-for-non-technical-managers.pdf.
Information security involves the use of computer systems and networks in a connected world in which many people have
computers and cellphones with access to the internet. Many users also have sufficient knowledge of computers and software
technology to be able to disrupt and cause harm in cyberspace. This chapter of the textbook covers
a short history of information technologies, its side effects and unintended consequences
the importance of information security and information technology security
the pervasiveness and dependencies of information technologies
Read sections 1.1 to 1.3 in chapter 1 – Information security in context.
One of the many challenges of managing information security in the corporate world is scale. Small organisations may not
have access to the skills and experience to implement many of the recommended practices. Very large organisations that
have various locations may lack a coordinated and customised approach and have to rely on bureaucratic procedures and
rules. Each approach should incorporate the circumstances at a specific organisation and be part of information security
governance. This chapter covers
the semantics of information security – how ambiguity in the language of information security leads to
misunderstandings and confusion
the primary information security target areas – crime, critical infrastructures, government, the military and individuals
how so many organisations are unprepared despite the availability of standards, guidelines and good practices
organisational, professional and international certifications
asymmetries and consequences - the asymmetric nature of what has become a war of attrition
how maintaining security is everybody's responsibility
Read sections 2.1 to 2.6 in chapter 2 – Lessons identified in the last ten years.
The terminology regarding cyberspace is ambiguous and can lead to misunderstandings and confusion. Many basic terms have
disputed definitions and spelling. The same is true for the concepts of information security and information technology
security. This chapter covers
Society operates on the basis of trust, which represents a belief in the honesty, fairness and goodwill of all parties concerned.
The loss of trust in cyberspace led to the development of standards, good practices, guidelines, information security policies,
legislation and other measures considered necessary for the protection of information assets. Achieving a satisfactory level
of information security requires leadership and proper management. This chapter covers
Read sections 4.1 to 4.5 in chapter 4 – Managing information security in the enterprise.
Security professionals and senior management have different perceptions of the importance of information security and this
results in limited dialogue and weak governance. Many organisations, therefore, are not well prepared to respond to a security
incident. Complete information security is unachievable, as it would require the four components (i.e. governance, people,
processes and technology) on which it relies to be perfect. This chapter covers
Information security has become a stable and recognised profession, but it is not regulated and anyone can be a practitioner.
This chapter covers
The speed of technical innovation and enthusiasm for new products work against security by design, which is largely absent
in the products on which cyberspace relies. This is in contrast to the safety industry, where an accident is thoroughly
investigated to discover its root cause, which is then removed by design. This chapter covers
Understanding and quantifying the impact of security events on an organisation are fundamentally important to ensure that
preventive and protective measures are applied where it matters most. Information security deals with uncertainty rather
than risk by targeting specific incidents and not random events. This chapter covers
17.5 ACTIVITY
17.6 REFLECTION
a. Where, in your professional life, do you think you will be able to use the skills you have learnt in this lesson?
b. What did you find difficult? Why do you think you found it difficult? Do you understand it now, or do you need more
help? What are you going to do about it?
c. What did you find interesting in this lesson? Why?
d. How long did it take you to work through chapter for this lesson? Are you still on schedule, or do you need to adjust
your study programme?
e. How do you feel now?
https://sunsreynat.files.wordpress.com/2014/07/information-security-for-non-technical-managers.pdf