![Page 1: ETHICS & INFORMATION SECURITY ISSUES Part 2. LEARNING OBJECTIVES Ethics Information Ethics Developing Information Management Policies Ethics in the Workplace](https://reader036.vdocuments.us/reader036/viewer/2022062407/56649e755503460f94b766d5/html5/thumbnails/1.jpg)
ETHICS & INFORMATION SECURITY ISSUES
Part 2
![Page 2: ETHICS & INFORMATION SECURITY ISSUES Part 2. LEARNING OBJECTIVES Ethics Information Ethics Developing Information Management Policies Ethics in the Workplace](https://reader036.vdocuments.us/reader036/viewer/2022062407/56649e755503460f94b766d5/html5/thumbnails/2.jpg)
LEARNING OBJECTIVES• Ethics• Information Ethics• Developing Information Management Policies• Ethics in the Workplace
• Information Security • Protecting Intellectual Assets• The First Line of Defense - People• The Second Line of Defense - Technology
![Page 3: ETHICS & INFORMATION SECURITY ISSUES Part 2. LEARNING OBJECTIVES Ethics Information Ethics Developing Information Management Policies Ethics in the Workplace](https://reader036.vdocuments.us/reader036/viewer/2022062407/56649e755503460f94b766d5/html5/thumbnails/3.jpg)
Introduction• Information technology is critical to business and society
• Computer security is evolving into information security
• Information security is the responsibility of every member of an organization, but managers play a critical role
![Page 4: ETHICS & INFORMATION SECURITY ISSUES Part 2. LEARNING OBJECTIVES Ethics Information Ethics Developing Information Management Policies Ethics in the Workplace](https://reader036.vdocuments.us/reader036/viewer/2022062407/56649e755503460f94b766d5/html5/thumbnails/4.jpg)
Introduction• Information security involves three distinct communities of
interest:
• Information security managers and professionals
• Information technology managers and professionals
• Non-technical business managers and professionals
![Page 5: ETHICS & INFORMATION SECURITY ISSUES Part 2. LEARNING OBJECTIVES Ethics Information Ethics Developing Information Management Policies Ethics in the Workplace](https://reader036.vdocuments.us/reader036/viewer/2022062407/56649e755503460f94b766d5/html5/thumbnails/5.jpg)
Communities of Interest• InfoSec community: protect information assets from threats• IT community: support business objectives by supplying
appropriate information technology• Business community: policy and resources
![Page 6: ETHICS & INFORMATION SECURITY ISSUES Part 2. LEARNING OBJECTIVES Ethics Information Ethics Developing Information Management Policies Ethics in the Workplace](https://reader036.vdocuments.us/reader036/viewer/2022062407/56649e755503460f94b766d5/html5/thumbnails/6.jpg)
What Is Security?• “The quality or state of being secure—to be free from danger”
• Security is achieved using several strategies simultaneously
![Page 7: ETHICS & INFORMATION SECURITY ISSUES Part 2. LEARNING OBJECTIVES Ethics Information Ethics Developing Information Management Policies Ethics in the Workplace](https://reader036.vdocuments.us/reader036/viewer/2022062407/56649e755503460f94b766d5/html5/thumbnails/7.jpg)
Specialized Areas of Security• Physical security
• Personal security
• Operations security
• Communications security
• Network security
• Information Security (InfoSec)
• Computer Security
![Page 8: ETHICS & INFORMATION SECURITY ISSUES Part 2. LEARNING OBJECTIVES Ethics Information Ethics Developing Information Management Policies Ethics in the Workplace](https://reader036.vdocuments.us/reader036/viewer/2022062407/56649e755503460f94b766d5/html5/thumbnails/8.jpg)
Information Security• InfoSec includes information security management, computer
security, data security, and network security
• Policy is central to all information security efforts
![Page 9: ETHICS & INFORMATION SECURITY ISSUES Part 2. LEARNING OBJECTIVES Ethics Information Ethics Developing Information Management Policies Ethics in the Workplace](https://reader036.vdocuments.us/reader036/viewer/2022062407/56649e755503460f94b766d5/html5/thumbnails/9.jpg)
VIDEO
![Page 10: ETHICS & INFORMATION SECURITY ISSUES Part 2. LEARNING OBJECTIVES Ethics Information Ethics Developing Information Management Policies Ethics in the Workplace](https://reader036.vdocuments.us/reader036/viewer/2022062407/56649e755503460f94b766d5/html5/thumbnails/10.jpg)
Components of Information Security
![Page 11: ETHICS & INFORMATION SECURITY ISSUES Part 2. LEARNING OBJECTIVES Ethics Information Ethics Developing Information Management Policies Ethics in the Workplace](https://reader036.vdocuments.us/reader036/viewer/2022062407/56649e755503460f94b766d5/html5/thumbnails/11.jpg)
CIA Triangle• The C.I.A. triangle is made up of:
• Confidentiality
• Integrity
• Availability
• Over time the list of characteristics has expanded, but these three remain central
![Page 12: ETHICS & INFORMATION SECURITY ISSUES Part 2. LEARNING OBJECTIVES Ethics Information Ethics Developing Information Management Policies Ethics in the Workplace](https://reader036.vdocuments.us/reader036/viewer/2022062407/56649e755503460f94b766d5/html5/thumbnails/12.jpg)
Figure 1-2 NSTISSC Security Model
![Page 13: ETHICS & INFORMATION SECURITY ISSUES Part 2. LEARNING OBJECTIVES Ethics Information Ethics Developing Information Management Policies Ethics in the Workplace](https://reader036.vdocuments.us/reader036/viewer/2022062407/56649e755503460f94b766d5/html5/thumbnails/13.jpg)
Key Concepts of Information Security• Confidentiality• Confidentiality of information ensures that only those with sufficient
privileges may access certain information• To protect confidentiality of information, a number of measures may
be used including:• Information classification• Secure document storage• Application of general security policies• Education of information custodians and end users
![Page 14: ETHICS & INFORMATION SECURITY ISSUES Part 2. LEARNING OBJECTIVES Ethics Information Ethics Developing Information Management Policies Ethics in the Workplace](https://reader036.vdocuments.us/reader036/viewer/2022062407/56649e755503460f94b766d5/html5/thumbnails/14.jpg)
Key Concepts of Information Security• Integrity
• Integrity is the quality or state of being whole, complete, and uncorrupted
• The integrity of information is threatened when it is exposed to corruption, damage, destruction, or other disruption of its authentic state
• Corruption can occur while information is being compiled, stored, or transmitted
![Page 15: ETHICS & INFORMATION SECURITY ISSUES Part 2. LEARNING OBJECTIVES Ethics Information Ethics Developing Information Management Policies Ethics in the Workplace](https://reader036.vdocuments.us/reader036/viewer/2022062407/56649e755503460f94b766d5/html5/thumbnails/15.jpg)
Key Concepts of Information Security• Availability
• Availability is making information accessible to user access without interference or obstruction in the required format
• A user in this definition may be either a person or another computer system
• Availability means availability to authorized users
![Page 16: ETHICS & INFORMATION SECURITY ISSUES Part 2. LEARNING OBJECTIVES Ethics Information Ethics Developing Information Management Policies Ethics in the Workplace](https://reader036.vdocuments.us/reader036/viewer/2022062407/56649e755503460f94b766d5/html5/thumbnails/16.jpg)
Key Concepts of Information Security• Privacy
• Information is to be used only for purposes known to the data owner
• This does not focus on freedom from observation, but rather that information will be used only in ways known to the owner
![Page 17: ETHICS & INFORMATION SECURITY ISSUES Part 2. LEARNING OBJECTIVES Ethics Information Ethics Developing Information Management Policies Ethics in the Workplace](https://reader036.vdocuments.us/reader036/viewer/2022062407/56649e755503460f94b766d5/html5/thumbnails/17.jpg)
Key Concepts of Information Security• Identification
• Information systems possess the characteristic of identification when they are able to recognize individual users
• Identification and authentication are essential to establishing the level of access or authorization that an individual is granted
![Page 18: ETHICS & INFORMATION SECURITY ISSUES Part 2. LEARNING OBJECTIVES Ethics Information Ethics Developing Information Management Policies Ethics in the Workplace](https://reader036.vdocuments.us/reader036/viewer/2022062407/56649e755503460f94b766d5/html5/thumbnails/18.jpg)
Key Concepts of Information Security• Authentication
• Authentication occurs when a control provides proof that a user possesses the identity that he or she claims
![Page 19: ETHICS & INFORMATION SECURITY ISSUES Part 2. LEARNING OBJECTIVES Ethics Information Ethics Developing Information Management Policies Ethics in the Workplace](https://reader036.vdocuments.us/reader036/viewer/2022062407/56649e755503460f94b766d5/html5/thumbnails/19.jpg)
Key Concepts of Information Security• Authorization
• After the identity of a user is authenticated, a process called authorization provides assurance that the user (whether a person or a computer) has been specifically and explicitly authorized by the proper authority to access, update, or delete the contents of an information asset
![Page 20: ETHICS & INFORMATION SECURITY ISSUES Part 2. LEARNING OBJECTIVES Ethics Information Ethics Developing Information Management Policies Ethics in the Workplace](https://reader036.vdocuments.us/reader036/viewer/2022062407/56649e755503460f94b766d5/html5/thumbnails/20.jpg)
Key Concepts of Information Security• Accountability
• The characteristic of accountability exists when a control provides assurance that every activity undertaken can be attributed to a named person or automated process
![Page 21: ETHICS & INFORMATION SECURITY ISSUES Part 2. LEARNING OBJECTIVES Ethics Information Ethics Developing Information Management Policies Ethics in the Workplace](https://reader036.vdocuments.us/reader036/viewer/2022062407/56649e755503460f94b766d5/html5/thumbnails/21.jpg)
What Is Management?• A process of achieving objectives using a given set of resources
• To manage the information security process, first understand core principles of management
• A manager is “someone who works with and through other people by coordinating their work activities in order to accomplish organizational goals”
![Page 22: ETHICS & INFORMATION SECURITY ISSUES Part 2. LEARNING OBJECTIVES Ethics Information Ethics Developing Information Management Policies Ethics in the Workplace](https://reader036.vdocuments.us/reader036/viewer/2022062407/56649e755503460f94b766d5/html5/thumbnails/22.jpg)
Managerial Roles• Informational role: Collecting, processing, and using information to
achieve the objective
• Interpersonal role: Interacting with superiors, subordinates, outside stakeholders, and other
• Decisional role: Selecting from alternative approaches and resolving conflicts, dilemmas, or challenges
![Page 23: ETHICS & INFORMATION SECURITY ISSUES Part 2. LEARNING OBJECTIVES Ethics Information Ethics Developing Information Management Policies Ethics in the Workplace](https://reader036.vdocuments.us/reader036/viewer/2022062407/56649e755503460f94b766d5/html5/thumbnails/23.jpg)
Differences Between Leadership and Management• The leader influences employees so that they are
willing to accomplish objectives
• He or she is expected to lead by example and demonstrate personal traits that instill a desire in others to follow
• Leadership provides purpose, direction, and motivation to those that follow
![Page 24: ETHICS & INFORMATION SECURITY ISSUES Part 2. LEARNING OBJECTIVES Ethics Information Ethics Developing Information Management Policies Ethics in the Workplace](https://reader036.vdocuments.us/reader036/viewer/2022062407/56649e755503460f94b766d5/html5/thumbnails/24.jpg)
• A Manager administer the resources of the organization by• Creating budgets• Authorizes expenditures• Hires employees
• A Manager can also be a leader.
![Page 25: ETHICS & INFORMATION SECURITY ISSUES Part 2. LEARNING OBJECTIVES Ethics Information Ethics Developing Information Management Policies Ethics in the Workplace](https://reader036.vdocuments.us/reader036/viewer/2022062407/56649e755503460f94b766d5/html5/thumbnails/25.jpg)
Characteristics of a Leader1. Bearing2. Courage 3. Decisiveness 4. Dependability 5. Endurance 6. Enthusiasm 7. Initiative
8. Integrity 9. Judgment 10.Justice 11.Knowledge 12.Loyalty13.Tact 14.Unselfishness
![Page 26: ETHICS & INFORMATION SECURITY ISSUES Part 2. LEARNING OBJECTIVES Ethics Information Ethics Developing Information Management Policies Ethics in the Workplace](https://reader036.vdocuments.us/reader036/viewer/2022062407/56649e755503460f94b766d5/html5/thumbnails/26.jpg)
What Makes a Good Leader?
• Action plan for improvement of leadership abilities 1. Knows and seeks self-improvement2. Be technically and tactically proficient3. Seek responsibility and take responsibility for your actions4. Make sound and timely decisions5. Set the example6. Knows [subordinates] and looks out for their well-being
![Page 27: ETHICS & INFORMATION SECURITY ISSUES Part 2. LEARNING OBJECTIVES Ethics Information Ethics Developing Information Management Policies Ethics in the Workplace](https://reader036.vdocuments.us/reader036/viewer/2022062407/56649e755503460f94b766d5/html5/thumbnails/27.jpg)
What Makes a Good Leader? (Continued)• Action plan for improvement of leadership abilities
7. Keeps subordinates informed8. Develops a sense of responsibility in subordinates9. Ensures the task is understood, supervised, and accomplished10. Builds the team11. Employs a team in accordance with its capabilities
![Page 28: ETHICS & INFORMATION SECURITY ISSUES Part 2. LEARNING OBJECTIVES Ethics Information Ethics Developing Information Management Policies Ethics in the Workplace](https://reader036.vdocuments.us/reader036/viewer/2022062407/56649e755503460f94b766d5/html5/thumbnails/28.jpg)
Behavioral Types of Leaders• Three basic behavioral types of leaders:
• Autocratic- action-oriented, “Do as I say”
• Democratic – action-oriented and likely to be less efficient
• Laissez-faire – laid-back.
![Page 29: ETHICS & INFORMATION SECURITY ISSUES Part 2. LEARNING OBJECTIVES Ethics Information Ethics Developing Information Management Policies Ethics in the Workplace](https://reader036.vdocuments.us/reader036/viewer/2022062407/56649e755503460f94b766d5/html5/thumbnails/29.jpg)
Characteristics of Management• Two well-known approaches to management:
• Traditional management theory using principles of planning, organizing, staffing, directing, and controlling (POSDC)
• Popular management theory categorizes principles of management into planning, organizing, leading, and controlling (POLC)
![Page 30: ETHICS & INFORMATION SECURITY ISSUES Part 2. LEARNING OBJECTIVES Ethics Information Ethics Developing Information Management Policies Ethics in the Workplace](https://reader036.vdocuments.us/reader036/viewer/2022062407/56649e755503460f94b766d5/html5/thumbnails/30.jpg)
Planning• Planning: process that develops, creates, and implements strategies
for the accomplishment of objectives
• Three levels of planning:
• Strategic – occurs at highest level of organization
• Tactical – focuses on production planning and integrates organizational resources
• Operational – focuses on day-to-day operations of local resources
![Page 31: ETHICS & INFORMATION SECURITY ISSUES Part 2. LEARNING OBJECTIVES Ethics Information Ethics Developing Information Management Policies Ethics in the Workplace](https://reader036.vdocuments.us/reader036/viewer/2022062407/56649e755503460f94b766d5/html5/thumbnails/31.jpg)
Planning (Continued)• In general, planning begins with the strategic plan for the
whole organization
• To do this successfully, organization must thoroughly define its goals and objectives
![Page 32: ETHICS & INFORMATION SECURITY ISSUES Part 2. LEARNING OBJECTIVES Ethics Information Ethics Developing Information Management Policies Ethics in the Workplace](https://reader036.vdocuments.us/reader036/viewer/2022062407/56649e755503460f94b766d5/html5/thumbnails/32.jpg)
Organization• Organization: is a principle of management dedicated to
structuring of resources to support the accomplishment of objectives
• Organizing tasks requires determining:
• What is to be done
• In what order
• By whom
• By which methods
• When
![Page 33: ETHICS & INFORMATION SECURITY ISSUES Part 2. LEARNING OBJECTIVES Ethics Information Ethics Developing Information Management Policies Ethics in the Workplace](https://reader036.vdocuments.us/reader036/viewer/2022062407/56649e755503460f94b766d5/html5/thumbnails/33.jpg)
Leadership• Encourages the implementation of the planning and
organizing functions, including supervising employee behavior, performance, attendance, and attitude
• Leadership generally addresses the direction and motivation of the human resource
![Page 34: ETHICS & INFORMATION SECURITY ISSUES Part 2. LEARNING OBJECTIVES Ethics Information Ethics Developing Information Management Policies Ethics in the Workplace](https://reader036.vdocuments.us/reader036/viewer/2022062407/56649e755503460f94b766d5/html5/thumbnails/34.jpg)
Control • Control:
• Monitoring progress toward completion
• Making necessary adjustments to achieve the desired objectives
• Controlling function determines what must be monitored as well using specific control tools to gather and evaluate information
![Page 35: ETHICS & INFORMATION SECURITY ISSUES Part 2. LEARNING OBJECTIVES Ethics Information Ethics Developing Information Management Policies Ethics in the Workplace](https://reader036.vdocuments.us/reader036/viewer/2022062407/56649e755503460f94b766d5/html5/thumbnails/35.jpg)
Solving Problems• All managers face problems that must be solved.
• Step 1: Recognize and Define the Problem
• Step 2: Gather Facts and Make Assumptions
• Step 3: Develop Possible Solutions
• Step 4: Analyze and Compare the Possible Solutions
• Step 5: Select, Implement, and Evaluate a Solution
![Page 36: ETHICS & INFORMATION SECURITY ISSUES Part 2. LEARNING OBJECTIVES Ethics Information Ethics Developing Information Management Policies Ethics in the Workplace](https://reader036.vdocuments.us/reader036/viewer/2022062407/56649e755503460f94b766d5/html5/thumbnails/36.jpg)
Principles Of Information Security Management• Information security management is part of the
organizational management team.
• The extended characteristics of information security are known as the six Ps:
• Planning
• Policy
• Programs
• Protection
• People
• Project Management
![Page 37: ETHICS & INFORMATION SECURITY ISSUES Part 2. LEARNING OBJECTIVES Ethics Information Ethics Developing Information Management Policies Ethics in the Workplace](https://reader036.vdocuments.us/reader036/viewer/2022062407/56649e755503460f94b766d5/html5/thumbnails/37.jpg)
InfoSec Planning• Planning as part of InfoSec management is an extension of the basic
planning model.
• Included in the InfoSec planning model are activities necessary to support the design, creation, and implementation of information security strategies as they exist within the IT planning environment
![Page 38: ETHICS & INFORMATION SECURITY ISSUES Part 2. LEARNING OBJECTIVES Ethics Information Ethics Developing Information Management Policies Ethics in the Workplace](https://reader036.vdocuments.us/reader036/viewer/2022062407/56649e755503460f94b766d5/html5/thumbnails/38.jpg)
InfoSec Planning Types• Several types of InfoSec plans exist:• Incident response• Business continuity• Disaster recovery• Policy• Personnel• Technology rollout • Risk management and • Security program including education, training and awareness
![Page 39: ETHICS & INFORMATION SECURITY ISSUES Part 2. LEARNING OBJECTIVES Ethics Information Ethics Developing Information Management Policies Ethics in the Workplace](https://reader036.vdocuments.us/reader036/viewer/2022062407/56649e755503460f94b766d5/html5/thumbnails/39.jpg)
Policy• Policy: set of organizational guidelines that dictates certain
behavior within the organization
• In InfoSec, there are three general categories of policy:
• General program policy (Enterprise Security Policy)
• An issue-specific security policy (ISSP)
• System-specific policies (SSSPs)
![Page 40: ETHICS & INFORMATION SECURITY ISSUES Part 2. LEARNING OBJECTIVES Ethics Information Ethics Developing Information Management Policies Ethics in the Workplace](https://reader036.vdocuments.us/reader036/viewer/2022062407/56649e755503460f94b766d5/html5/thumbnails/40.jpg)
Programs• Programs: specific entities managed in the information security
domain
• A security education training and awareness (SETA) program is one such entity
• Other programs that may emerge include a physical security program, complete with fire, physical access, gates, guards, and so on
![Page 41: ETHICS & INFORMATION SECURITY ISSUES Part 2. LEARNING OBJECTIVES Ethics Information Ethics Developing Information Management Policies Ethics in the Workplace](https://reader036.vdocuments.us/reader036/viewer/2022062407/56649e755503460f94b766d5/html5/thumbnails/41.jpg)
Protection
• Risk management activities, including risk assessment and control, as well as protection mechanisms, technologies, and tools
• Each of these mechanisms represents some aspect of the management of specific controls in the overall information security plan
![Page 42: ETHICS & INFORMATION SECURITY ISSUES Part 2. LEARNING OBJECTIVES Ethics Information Ethics Developing Information Management Policies Ethics in the Workplace](https://reader036.vdocuments.us/reader036/viewer/2022062407/56649e755503460f94b766d5/html5/thumbnails/42.jpg)
People
• People are the most critical link in the information security program
• It is imperative that managers continuously recognize the crucial role that people play
• Including information security personnel and the security of personnel, as well as aspects of the SETA program
![Page 43: ETHICS & INFORMATION SECURITY ISSUES Part 2. LEARNING OBJECTIVES Ethics Information Ethics Developing Information Management Policies Ethics in the Workplace](https://reader036.vdocuments.us/reader036/viewer/2022062407/56649e755503460f94b766d5/html5/thumbnails/43.jpg)
Project Management
• Project management discipline should be present throughout all elements of the information security program
• Involves
• Identifying and controlling the resources applied to the project
• Measuring progress and adjusting the process as progress is made toward the goal
![Page 44: ETHICS & INFORMATION SECURITY ISSUES Part 2. LEARNING OBJECTIVES Ethics Information Ethics Developing Information Management Policies Ethics in the Workplace](https://reader036.vdocuments.us/reader036/viewer/2022062407/56649e755503460f94b766d5/html5/thumbnails/44.jpg)
THANKYOU