Information Security Management Practices

Previous page
Table of content
Next page

Several common information security management practices are introduced here and described in greater detail in other chapters (conveniently cross-referenced, of course!).

Outsourcing

Many IT functions (particularly call center support and application development) are commonly outsourced today. Information security policies and procedures must address outsourcing security and the use of vendors or consultants, when appropriate. Access control, maintenance hooks, and service level agreements are good examples of outsourcing security considerations.

Internal Service Level Agreements (SLAs)

Service Level Agreements (SLAs) establish minimum performance standards for a system, application, network, or service. An organization establishes internal SLAs to provide its end-users with a realistic expectation of its information systems and services. For example, a help desk SLA might prioritize incidents as 1, 2, 3, or 4, and establish SLA response times of 10 minutes, 1 hour, 4 hours, and 24 hours, respectively.

 Cross-Reference   See chapter 7 for more on Service Level Agreements.

Identity management

Identity management is accomplished through account provisioning and deprovisioning (creating and disabling user accounts), access control, and directory services. Its purpose is to identify a subject or object (see “Uncovering Concepts of Access Control” in Chapter 4) within an application, system, or network.

A Public Key Infrastructure (PKI) is an example of the part of an identity management system that is associated with digital certificates to facilitate authentication, non-repudiation, and access control.

 Cross-Reference   See Chapter 4 for more on identity management.

Certification and accreditation

Certification is the formal evaluation of a system that involves comprehensive testing and documentation of the system and its information security safeguards.

Accreditation is management’s official written acceptance and approval of a specific system certification in a specific operating environment.

 Cross-Reference   See Chapters 7 and 9 for more on certification and accreditation.



Previous page
Table of content
Next page
CISSP For Dummies
CISSP For Dummies
ISBN: 0470537914
EAN: 2147483647
Year: 2004
Pages: 242
Authors: Lawrence C. Miller, Peter H. Gregory CISA CISSP
BUY ON AMAZON
Java I/O
ERP and Data Warehousing in Organizations: Issues and Challenges
SQL Hacks
Postfix: The Definitive Guide
Mapping Hacks: Tips & Tools for Electronic Cartography
Information Dashboard Design: The Effective Visual Communication of Data
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy