Unlock the full potential of your projects.
Show full map
Copy and edit map Copy

introduction to security management

Other
aisyah maktar
Get Started. It's Free
or sign up with your email address
Similar Mind Maps Mind Map Outline
introduction to security management by Mind Map: introduction to security management

1. 1.1 SECURITY MANAGEMENT IN AN ORGANIZATION

1.1. Security management in an organization

1.1.1. is the identification of an organization's assets (including information assets),

1.1.1.1. development, documentation, and implementation of policies and procedures for protecting these assets.

1.2. Information security management

1.2.1. Confidentiality

1.2.1.1. a set of rules or a promise usually executed through confidentiality agreements that limits access or places restrictions on certain types of information.

1.2.2. asset

1.2.2.1. is any resource owned or controlled by a business or an economic entity

1.2.3. threat

1.2.3.1. is a potential negative action or event facilitated by a vulnerability that results in an unwanted impact to a computer system or application

1.2.4. vulnerability

1.2.4.1. is a weakness which can be exploited by a threat actor, such as an attacker, to cross privilege boundaries (i.e. perform unauthorized actions) within a computer system.

1.3. Best practice information security

1.3.1. Security Policy

1.3.1.1. organizations are encouraged to have their own policies, procedures and structures, and internal training and certification schemes can be created or adopted for individuals to support these internal standards

1.3.2. End User Acceptable Use Guidelines

1.3.2.1. Your policy should contain specific language detailing what employees can do with “your” workstations

1.3.2.2. While we hope that all company property is used for company purposes, this just isn’t the case in real life.

1.3.3. Vendor Management

1.3.3.1. You’re only as strong as your weakest link, and when you work with third-party providers their information security downfall can become your issue

1.3.3.2. Make sure you document which vendors receive confidential information and how this information is treated when in the custody of the vendor

1.3.4. Physical Security

1.3.4.1. the protection of personnel, hardware, programs, networks, and data from physical circumstances and events that could cause serious losses or damage to an enterprise, agency, or institution.

1.3.4.2. This includes protection from fire, natural disasters, burglary, theft, vandalism, and terrorism

1.3.4.3. ensure that your policy documents how physical information is stored and destroyed

1.3.5. Password Requirements and Guidelines

1.3.5.1. employees dread having another password to remember.

1.3.5.2. The more complicated the requirements you make to ensure security, the more they decide to write them down and expose them to others

1.3.6. Wireless Networking

1.3.6.1. a method by which homes, telecommunications networks and enterprise (business) installations avoid the costly process of introducing cables into a building, or as a connection between various equipment locations

1.3.6.2. decide what type of network connectivity to adopt, understand that with increased flexibility allowed by wireless, a stronger encryption standard is required to ensure there is no abuse

1.3.7. Employee Awareness Training

1.3.7.1. Each and every one of your employees can act as a member of your own security army with some simple training

1.3.7.2. The first step in recruiting them for the cause is to set the expectations appropriately and communicate those expectations in your policy

2. 1.2 ORGANIZATION PRINCIPLE

2.1. Logical division work

2.2. Clear lines of authority & responsibility

2.3. Span of control

2.4. Unity of command

2.5. . Responsibility, authority & accountability

3. 1.3 EDUCATION & AWARENESS IN THE ORGANIZATION

3.1. The Risk of Poor Information Security Management

3.1.1. That opens the organization to a host of risks, both internal and external

3.1.2. Examples of internal threats include leakage of sensitive data, theft, legal liability, and corruption of data

3.1.3. External threats include natural disasters, spyware, viruses, worms, and Trojan programs.

3.2. OBJECTIVE EDUCATION AWARENESS

3.2.1. provide appropriate awareness and training on information security to help protect organization IT resources, including data, network and services

3.2.2. Educates employees about the risk and benefits of security policies

3.2.3. Give information about risk, techniques of prevention

3.2.4. Deals with problems like viruses, threats, spyware, intruders and hacking attempts

3.3. HOW TO IMPROVE YOUR INFORMATION SECURITY

3.3.1. Support cyber security staff

3.3.2. Conduct annual staff awareness training

3.3.3. Prioritize risk assessments

3.3.4. Regularly review policies and procedures

3.3.5. Assess and improve

3.4. EDUCATION AWARENESS

3.4.1. Management awareness

3.4.2. Technology trap

3.4.3. Awareness of end users