Chapter 5. Information System Security Management
IN THIS CHAPTER
Understanding security policies, standards, guidelines, and procedures
Conducting security awareness training
Managing the technical effort
Developing business continuity and disaster recovery plans
Implementing physical security
Understanding legal and liability issues
Information system security management comprises a variety of techniques that can significantly reduce the risk of compromise to confidentiality, integrity, and availability of information systems. Management tools and techniques, although not as glamorous as high-tech approaches, can be highly effective in implementing and maintaining information system security at a reasonable cost. Such tools include security policies, vacation scheduling, employee background checks, awareness training, and contingency planning. These controls focus on the "people" problem within an organization. When it comes to security, people (employees and contractors) are your greatest asset and your greatest liability.
One of the biggest people-problem threats is social engineering or human manipulation. Just as social engineering can easily help you acquire information that would require large expenditures of time and resources to obtain by technical means, information security management practices can produce significant reductions in risk at reasonable cost.
This chapter describes the tools and techniques of information system security management, including administrative procedures, ...
Get Network Security Bible, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.