Section 2: Security Management Concepts Flashcards
Code of Ethics Canons
Protect society, the common good, necessary public trust and confidence, and the infrastructure
Act honorably, honestly, justly, responsibly, and legally
Provide diligent and competent service to principals
Advance and protect the profession
Who must define the security policies for the business?
Senior management
Strategic Plan
Outlines the long-term business goals and objectives over a 3-5 year period, but updated annually
Tactical Plan
Outlines the mid-range goals and objectives to meet the strategic plan over a 1 year period
Operational Plan
Outlines the short-range goals and objectives to meet the tactical and strategic plan objectives over the next 1-3 months
Security Manager
Responsible for developing and managing a security program and personnel involved
Security Officer
Responsible to implement and maintain the information security strategy or program
Security Analyst
Detect, analyze, and respond to security threats and attacks
Security Engineer
Design, test, and implement security solutions
Data Owner
Responsible for the classification and protection of their data
Data Custodian
Responsible for implementing data protection
Data Steward
Provide subject matter expertise for specific data
Administrator
Responsible for implementing and maintaining the information system - privileged
Auditor
Responsible for auditing the compliance with security policy
User
A subject with access to the information system