Security Management Flashcards
Security Management
Security management is primarily concerned with strategic-level activities that influence the operation of systems and the behaviour of employees.
Security management involves several key activities, including:
- Executive oversight
- Governance
- Policy, guidelines, standards, and procedures
- Roles and responsibilities
- Service level agreements
- Secure Outsourcing
- Certification and accreditation
- Internal Audit
Security Executive Oversight
The support and oversight by executives of security-related activities is vital to the viability of a security program in an organisation.
Several activities are related to this oversight:
- support of policies
- Allocation of resources
- support of risk management
Security Governance
The set of responsibilities and practices exercised by the board and executive management with the goal of providing strategic direction, ensuring that objectives are achieved, ascertaining that risks are managed appropriately and verifying that the enterprise’s resources are used responsibility.
Policies
Security Policies describe constraints of behaviour for an organisation’s personnel as well as the acceptable use of its information systems, data and other mechanism.
They specify the activities that are required, limited or forbidden in an organisation.
ISO 27002:2013
Information technology Security techniques Code of Practice for Information Security Management is a well known framework on which an organisation can build its security policy.
Requirements
Refers to characteristics of an information system or business process. Requirements should reflect security policy.
Guidelines
Guidelines provide information on how policy can be implemented.
Standards
Statements that specify what shall be used to support security policies and guidelines.
Typically standards will comprise:
- Product standards
- Process standards
- Technology standards
- Reference configurations
- Reference Architectures
It is expected that standards will change way more frequently than policies and guidelines.
Procedures
The instructions that specify how tasks are to be performed.
The purpose of a procedure is to ensure the consistent and methodical completion of repetitive tasks.