List of Figures

Previous page
Table of content
Next page


Chapter 1: Understanding the Information World Environment

Figure 1.1: The OODA Loop Concept

Chapter 2: Understanding the Business and Management Environment

Figure 2.1: Business competition based on Ohmae's strategic three C's.

Chapter 3: Understanding Today's Threats to Information Assets

Figure 3.1: The components of the natural threat agents.
Figure 3.2: The threat components and their relationships.
Figure 3.3: The components of the malicious threat agent.
Figure 3.4: The components of capability.
Figure 3.5: The components of inhibitors.
Figure 3.6: The components of amplifiers.
Figure 3.7: The components of catalysts.
Figure 3.8: The components of motivation.

Chapter 4: The International Widget Corporation (IWC)

Figure 4.1: The high-level organizational structure of IWC.
Figure 4.2: The structure of the IWC business plans.

Chapter 5: The ISSO's Position, Duties, and Responsibilities

Figure 5.1: The integrated structure of IWC's vision, mission, and quality statements, indicating how they are to support each other.

Chapter 6: The Infosec Strategic, Tactical, and Annual Plans

Figure 6.1: The logical process flow of plans and InfoSec plans' integration into the IWC flow.
Figure 6.2: A sample mapping of an IWC strategic goal to the ISSSP goals.
Figure 6.3: An example of mapping from the IWC Strategic Business Plan through the ITP in support of the IWC Tactical Business Plan.
Figure 6.4: Mapping of IAP projects to the IWC Annual Business Plan.
Figure 6.5: Matrix mapping, which can also be used to show the relationship—or lack of a relationship—between items.

Chapter 7: Establishing a CIAPP and Infosec Organization

Figure 7.1: The flow of some of the requirements as drivers through to the CIAPP processes.
Figure 7.2: The primary structure of the CIAPP organization.
Figure 7.3: A CIAPP Access Control and Compliance subordinate organization and its primary functions.
Figure 7.4: A CIAPP Policy and Risk Management subordinate organization and its primary functions.

Chapter 8: Determining and Establishing InfoSec Functions

Figure 8.1: How the process flow from drivers to action items to functions can be viewed.
Figure 8.2: The flow process of IWC's CIAPP-EATP.
Figure 8.3: A baseline approach to information systems access control at IWC.
Figure 8.4: A baseline approach to information systems access control at IWC.
Figure 8.5: An overview of InfoSec input to a System Development Life Cycle (SDLC) process.
Figure 8.6: One view of the process of InfoSec technical evaluation and testing of a product for InfoSec vulnerabilities.
Figure 8.7: Another view of an InfoSec technical evaluation process.
Figure 8.8: An overall risk management process.
Figure 8.9: An overview of the NCI function.
Figure 8.10: The NCI process where revocation of user access is a major consideration.
Figure 8.11: The IWC organization structure relating to CEP-DR.
Figure 8.12: The basic process flow of the ISSO's integration into the overall IWC CEP-DR.

Chapter 9: Establishing a Metrics Management System

Figure 9.1: An example of tracing a requirement to a specific function.
Figure 9.2: Use of a metrics chart to show how the ISSO and staff are performing their jobs in an efficient manner without a loss of quality service and support.
Figure 9.3: The number of IWC systems, a main InfoSec budget driver.
Figure 9.4: The flow of metrics charts related to the system users chart (Figure 9.2). Each box identifies a potential additional metric chart.
Figure 9.5: The total number of noncompliance inquiries conducted by month for the year 2002.
Figure 9.6: The total number of noncompliance inquiries conducted by type for the year 2002.
Figure 9.7: The total number of noncompliance inquiries conducted by each IWC department for the month of February, and the total of all departments for the period January and February 2002.
Figure 9.8: The total number of noncompliance inquiries opened per month, closed per month, and pending per month.
Figure 9.9: The average time spent in hours per noncompliance inquiry.
Figure 9.10: The total number of ST&Es conducted over the past 3 years.
Figure 9.11: The number of ST&Es conducted per location in 2002.
Figure 9.12: The ratings (Outstanding, Satisfactory, Marginal, Unsatisfactory) of ST&Es conducted within the corporate office in the year 2002.
Figure 9.13: The number of briefings given and the number of personnel per briefing.
Figure 9.14: The average number of attendees per SEATP briefing measured against the goal of at least 15 personnel per briefing.
Figure 9.15: The number of personnel briefed by IWC departments and the costs of the briefings in each department, such as lost productivity equated to dollars of time.
Figure 9.16: The costs and cost avoidance of InfoSec staff travel.
Figure 9.17: A 5-year period tracking the level of effort in hours of work of the InfoSec staff per year, per individual, compared to the hours of work that must be accomplished to support the IWC departments.
Figure 9.18: The LOE versus the hours available to do the work.
Figure 9.19: Comparison of IWC executive management requested layoff versus a counterproposal by the ISSO.
Figure 9.20: A basic project management chart that can be used to track CIAPP and InfoSec functional projects.

Chapter 10: Annual Reevaluation and Future Plans

Figure 10.1: A and B are examples of linking the InfoSec LOE and projects support to the CIAPP and IWC's goals.
Figure 10.2: An example of a matrix chart to be used to evaluate metrics charts, based on the charts' purposes.
Figure 10.3: An example of how corporate goals' InfoSec support can be visually linked to provide a simple view of InfoSec service and support functions.
Figure 10.4: An example of how vulnerabilities identified throughout the year by risk management methods, such as risk analyses and risk assessments, can be visually linked to provide a simple view of work accomplished or needed to provide a more secure IWC information environment.

Chapter 13: The Related World of Information Warfare, Information Operations, and Information Assurance

Figure 13.1: Many information warfare areas.
Figure 13.2: The major components of an information environment (IE).
Figure 13.3: An enterprise IE.
Figure 13.4: An extended IE.
Figure 13.5: How to use IW to achieve goals and objectives.

Chapter 15: ISSO Career Development

Figure 15.1: The four parallel lines approach to career development from the beginning including Individual Retirement Account (IRA) funds and Social Security funds (SS).
Figure 15.2: Example of a table to be used to determine current ISSO management strengths and weaknesses, and to identify training needs.
Figure 15.3: Example of a table to be used to determine current ISSO technical strengths and weaknesses, and to identify training needs.
Figure 15.4: What helps makes an InfoSec specialist a professional.

Chapter 17: So, Are You Ready to Become an InfoSec Consultant?

Figure 17.1: An example of InfoSec consulting components.


Previous page
Table of content
Next page
The Information Systems Security Officer's Guide. Establishing and Managing an Information Protection Program
The Information Systems Security Officers Guide: Establishing and Managing an Information Protection Program
ISBN: 0750698969
EAN: 2147483647
Year: 2002
Pages: 204
Authors: Gerald L. Kovacich CFE CPP CISSP
BUY ON AMAZON
The Complete Cisco VPN Configuration Guide
Mastering Delphi 7
Information Dashboard Design: The Effective Visual Communication of Data
PMP Practice Questions Exam Cram 2
Microsoft Office Visio 2007 Step by Step (Step By Step (Microsoft))
Quartz Job Scheduling Framework: Building Open Source Enterprise Applications
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy