Professional Documents
Culture Documents
Chapter 5
Importance of Information Security Management
The advent of electronic trading, the loss of organizational barriers the high-profile security barriers, exposures such as viruses & denial-of-service attacks, intrusions, unauthorized access, , , , disclosures and theft of credit card numbers over the internet, have raised the profile of information and privacy risk and the need for effective information security management
4
11
14
15
16
18
20
21
22
23
24
25
27
30
31
32
33
35
36
Security incident handling & response : To minimize damage from security incidents a incidents, formal incident response capability should be established It should include the following :
Planning & p p g preparation Detection Initiation Evaluation
39
The organization and management of incident response capability should be coordinated or centralized with the establishment of key roles and responsibilities p This should include :
A coordinator who acts as the liaison to business process owners A director who oversees the incident response capability
41
An IS auditor should ensure that there is a formal documented plan which contains response procedures to common security related incidents such as :
Virus outbreak Web defacement Abuse notification Unauthorized access alert from audit trails Hardware/Software theft
43
End of Module