bcs-ismp-bk-en-GB March 30, 2010 - 08:51 116
Information Security Management Principles
None of these products are of much use unless they are kept up to date.
Many new items of malware are identified every day. The application and
product providers issue regular updates to the signature files and sometimes
to the scanning engines themselves. The same approach as for patching is
required: download the updates and install them promptly to benefit from
the protection they offer against new threats. Good products are capable of
automatically distributing updates across the network to all clients, saving
time and resources.
The officers of GANT have decided that they need to establish a better means
of communicating among themselves and with the members of the society.
Some members report that they have been the targeted by persons sending
them malware in emails or attempting to extract data about toad populations.
The officers have no knowledge of this area of computing and need advice
on how to protect their systems, at home and in the GANT office, against
malware.
The loss or unauthorised disclosure of sensitive membership or toad pop-
ulation data would be embarrassing and potentially harmful to human and
amphibian alike.
Activity 4.1
What advice would you give to the society with regard to the counter-
measures they need in order to provide an adequate level of protection
from malware?
PEOPLE
LEARNING OUTCOMES
Information Assurance is a lot more than just a series of technical counter-
measures. It is as much about the people as it is anything else. They have to
be educated, motivated and appropriately regulated. The intention of this
section is to provide the reader with the basic knowledge to understand how
people and organisations should be managed within a culture of assurance.
Security culture within organisations
The most sophisticated Information Assurance system on the planet is worth-
less if the people, whose data it is designed to protect, are not security con-
scious. They need to be made aware of the dangers, how relevant they are
to them and their data, and how to use the systems to make sure that the
96

Get Information Security Management Principles now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.