What are the 3 groups/communities of interest involved in information security decisions?
- InfoSec: protect the organizations assets from threats.
- IT: supplying and supporting IT appropriate to the business’ needs.
- General business: Communicating organizational policies and allocating resources to the other groups.
What’s the role of management
to ensure that security strategies are properly planned and controlled.
What’s Management?
It’s achieving objectives using the available resources.
What’s a manager?
A manager is assigned to administrate resources and coordinate tasks, to achieve objectives.
What are the 3 managerial roles?
- Informational role: Collecting, and processing information.
- Interpersonal role: Interacting with parties that affect the completion of the task.
- Decisional role: decision making and resolving conflicts.
What’s the difference between leadership and management?
A leader leads by example to influence employees to accomplish objectives.
A manager is assigned to administrate resources and coordinate tasks, to achieve objectives.
3 behavioral types of leaders:
– The Autocratic: taking no account of other people’s wishes or opinions.
– The Democratic: taking into consideration other’s wishes or opinions.
– The Laissez-faire: let others operate according to their own laws.
2 basic approaches to management are:
– Traditional management theory (POSDC): Staffing/Directing.
– Popular management theory (POLC): more emphasis on leading than directing.
3 Categories of Planning:
– Strategic planning: 5+ Years.
– Tactical planning: 1 - 5 Years.
– Operational planning: day-to-day operations.
What’s “Governance”?
The practices of the management to achieve goals and manage risks.
5 steps to solving problems:
- Step 1: Define problem.
- Step 2: Gather information.
- Step 3: Develop Possible Solutions
- Step 4: Compare Possible Solutions.
- Step 5: Choose and evaluate a solution.
Unique functions of information security
management are known as the six P’s:
– Planning
– Policy
– Programs
– Protection
– People
– Project Management
“Policy” is:
guidelines for behavior in an organization.
3 general categories of policy:
– Enterprise information security policy (EISP)
– Issue-specific security policy (ISSP).
– System-specific policies (SysSPs)
3 examples of the many InfoSec plans are:
– incident response planning.
– disaster recovery planning.
– risk management planning.
