Csds

Introduction

Information security means protecting information and information system from unauthorized access, use, disclosure, disruption, modification, or destruction.

Security Program

The first action of a management program to implement information security is to have a security program in place. Though some argue the first act would be to gain some real “proof of concept” and “explainable thru display on the monitor screen” security knowledge. Start with maybe understanding where OS passwords are stored within the code inside a file within a directory. If you don’t understand Operating Systems at the root directory level maybe you should seek out advice from somebody who does before even beginning to implement security program management and objectives.

Security Program objectives

* Protect the company and its assets

* Manage Risks by Identifying assets, discovering threats and estimating the risk

* Provide direction for security activities by framing of information security policies, procedures, standards, guidelines and baselines

* Information Classification

* Security Organization and

* Security Education

Security Management Responsibilities

* Determining objectives, scope, policies, priorities, standards, and strategies

* Determine actual goals that are expected to be accomplished from a security program

* Evaluate business objectives, security risks, user productivity, and functionality requirements.

* Define steps to ensure that all of the above are accounted for and property addressed

Approaches to Build a Security Program

* Top-Down Approach

* The initiation, support, and direction comes from the top management and work their way through middle management and then to staff members.

* Treated as the best approach but seems to based on the I get paid more therefore I must know more about everything type of mentality.

* Ensure that he senior management who are ultimately responsible for...