There are different schools of thought about the number of phases during a project. Projects are big and small, with constraints like cost, time and resources.
Reekash Thapar Risk Management Principles of Information Security In general, a successful organization depends on Chapter 2 proper organizational planning. Planning for Security In a setting where there are continual constraints on resources, both human and financial, good Chapter Overview planning enables an organization to make the most out of the resources at hand.
In this chapter, the reader will come to recognize the importance of planning and learn the Planning usually involves groups and principal components of organizational planning organizational processes internal or external to the as well as gaining an understanding of the organization.
They can include employees, principal components of information security management, stockholders, other outside system implementation planning as it functions stakeholders, the physical environment, the within the organizational planning scheme.
Chapter Objectives When you complete this chapter, you will be able to: The major components of a strategic plan include Introduction the vision statement, mission statement, strategy, and a series of hierarchical and departmental plans. Developing the organizational plan for information security depends upon the same planning process.
Since the information security community of interest seeks to influence the broader community in which it operates, the effective information security planner should know how the organizational planning process works so that participation in the process can yield meaningful results.
The dominant means of managing resources in modern organizations, planning is the enumeration of a sequence of action steps intended to achieve specific goals, and then controlling the implementation of these steps.
This is accomplished that apply to the entire organization as with a process that begins with the general end well as external information systems in ends with the specific. The focal point for all matters related to information security, Mission this Department is ultimately responsible The mission statement explicitly declares the for all endeavors within Company X that business of the organization, as well as its seek to avoid, prevent, detect, correct, or intended areas of operations.
The mission statement must explain what the Vision organization does and for whom. In contrast to the mission statement, which Random Widget Works, Inc.
Vision statements therefore should be ambitious; after all, they are meant to express the aspirations of the organization and to serve as a means for visualizing its future. Values By establishing a formal set of organizational principles, standards, and qualities in a values statement, as well as benchmarks for measuring behavior against these published values, an organization makes its conduct and performance standards clear to its employees and the public.
Risk Management Principles of Information Security Microsoft has a formal employee values statement published on their Web site. RWW values commitment, honesty, integrity and social responsibility among its employees, and is committed to providing its services in harmony with its corporate, social, legal and natural environments.
The mission, vision, and values statements together provide the philosophical foundation for planning, and also guide the creation of the strategic plan. Risk Management Principles of Information Security Strategy Strategy, or strategic planning, is the basis for long-term direction for the organization.
Strategic planning in general guides organizational efforts, and focuses resources toward specific, clearly defined goals, in the midst of an ever-changing environment.
Each level of each division translates those objectives into more specific objectives for the level below. However, in order to execute this broad strategy and turn statement into action, the executive team must first define individual responsibilities.
Strategic planning then begins a transformation from general, sweeping statements toward more specific and applied objectives. Tactical planning has a shorter focus than strategic planning, usually one to three years. Tactical planning breaks down each applicable strategic goal into a series of incremental objectives.Information security, therefore, is the protection of information and its critical elements, including the systems and hardware that use, store, and transmit that information.
But to protect the information and its related systems from danger, tools, such as policy, awareness, . All communications must pass through the firewall.
The effectiveness of the firewall is greatly reduced if an alternative network routing path is available; unauthorized traffic can be sent through a different network path, bypassing the control of the firewall.
What is the primary objective of the SecSDLC? What are its major steps, and what are the major objectives of each step? Answer: SecSDLC is a methodology used to create a comprehensive security posture. Unit –II THE NEED FOR SECURITY Dealing with technology designed to operate at high levels of performance Specific conditions Learning objective Upon completion of this chapter you should be able to: – Understand the business need for information security.
benjaminpohle.com is a platform for academics to share research papers.
What is the primary objective of the SecSDLC? What are its major steps, and what are the major objectives of each step?
Answer: SecSDLC is a methodology used to create a comprehensive security posture. 1) Investigation - Often begins as directive from management specifying the process, outcomes, and goals of the project and its budget.