tailieunhanh - Lecture Note Professional practices in information technology - Lecture No. 30: Information Security (Cont’d)

Lecture Note Professional practices in information technology - Lecture No. 30: Information Security (Cont’d). After studying this chapter you will be able to understand: Organizational structures, roles and responsibilities, information classification, risk management. | Professional Practices in Information Technology HandBook COMSATS Institute of Information Technology (Virtual Campus) Islamabad, Pakistan Lecture 30 Information Security (Cont’d) Overview Organizational Structures Roles and Responsibilities Information Classification Risk Management Organizational Structure Organization of and official responsibilities for security vary – BoD, CEO, BoD Committee – Director, Manager IT/IS Security Audit Typical Organizational Chart Figure : Typical Organizational Chart Security-Oriented Org Chart Figure : Security-Oriented Org Chart Further Separation Figure : Further Separation Organizational Structure Audit should be separate from implementation and operations – Independence is not compromised Responsibilities for security should be defined in job descriptions Senior management has ultimate responsibility for security Security officers/managers have functional responsibility Roles and Responsibilities Best Practices: – Least Privilege – Mandatory Vacations – Job Rotation – Separation of Duties Owners – Determine security requirements Custodians – Manage security based on requirements Users – Access as allowed by security requirements Information Classification – Not all information has thesame value – Need to evaluate value based on CIA – Value determines protection level – Protection levels determine procedures – Labeling informs users on handling Government classifications: – Top Secret – Secret – Confidential – Sensitive but Unclassified Private Sector classifications: – Confidential – Private – Sensitive – Public Criteria: – Value – Age – Useful Life – Personal Association Risk Management Risk Management is identifying, evaluating, and mitigating risk to an organization – It’s a cyclical, continuous process – Need to know what you have – Need to know what threats are likely – Need to know how and how well it is protected – Need to know where the gaps are Identification Assets Threats – Threat-sources: man-made, natural Vulnerabilities – Weakness Controls – Safeguard Professional Practices in Information Technology CSC 110

• Chứng chỉ quốc tế
• Information technology
• Professional practices in information technology
• Business data
• Computer technology
• Infomation Technology
• English for Infomation Technology
• Ebook Oxford English for Infomation Technology
• Computer users
• Computer architecture
• Computer applications
• Global journal of computer science
• Global journal of computer science and technology
• Information & technology
• GIS based fire emergency response system
• PhD thesis Computer science and technology
• Optical communication
• Computer science and electronic engineering
• Computer science and technology
• Detection optical OFDM system
• Optical OFDM
• World Wide Web
• Ethical Hacking
• Computer concepts
• Computer concepts in action
• Lecture Computer concepts in action
• Technology in your life
• Computer safely
• Windows desktop
• Computer security ethics
• computer assembly
• computer installation
• computer history
• computer manufacturing technology
• personal computer history
• NATURAL LANGUAGE
• COMPUTER INTEBFACE DESIGN MURRAY TUROFF DEPARTMENT OF COMPUTER
• IiVFORMATION SCIENCE IIEW JERSEY INSTITUTE OF TECHNOLOGY
• scientific reports
• model language
• process natural language
• Professional ethics
• Ebook Integrating technology into the curriculum
• Integrating technology
• Assessing project based learning
• Manage your classroom using technology
• Computer troubleshooting
• Obtain funding for technology integration
• Lectures Computer architecture
• Computer Abstractions and Technology
• Instructions Language of the Computer
• Arithmetic for Computers
• Lecture Using information technology
• Mobile world
• Personal devices
• Personal technology
• Oxford English for Information technology
• Operating systems
• Graphical user interfaces
• curriculum
• computer programming
• programming language
• Information communications technology
• human computer interaction
• computer use
• computer tips
• network management
• programming
• design
• computer information technology
• Microsoft Project 2003
• Representing data electronically
• Central processing unit
• Input hardware
• Output hardware
• Wireless data
• Privacy issues
• Big data
• Information systems
• Communications systems
• Protecting computers
• Software development
• Programming languages
• Business driven technology
• Lecture Business driven technology
• Technology plug in
• Business plug ins
• Information privacy policy
• Ethical computer use policy
• Cashless society
• Types of microcomputers
• Connecting to the internet
• Social networking