ITET3 ITS governance

397 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
397
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

ITET3 ITS governance

  1. 1. Governance
  2. 2. Governance <ul><li>Merriam-webster link
  3. 3. How does the upper management handle IT and IT security?
  4. 4. ISMS (Information Security Management System) </li><ul><li>Read this </li></ul></ul>
  5. 5. Plan-do-check-act
  6. 6. Standards <ul><li>NIST 800-53
  7. 7. Cobit 4.0 (or the newer 4.1)
  8. 8. ITIL (maybe not security specific)
  9. 9. ISO 27001 and 27002 </li><ul><li>DS484 </li></ul></ul>
  10. 10. NIST 800 series <ul><li>NIST publish their standards. Link to 800 </li><ul><li>800-30 Risk
  11. 11. 800-53 “Recommended Security Controls for Federal Information Systems and Organizations” </li></ul><li>Strongly tied to FISMA </li></ul>
  12. 12. NIST methodology <ul><li>Risk assesment: Integrity, confidentiality and availability
  13. 13. Start with a baseline </li><ul><li>see appendix B+F
  14. 14. Security control (maps to ISO standard also) </li></ul></ul>
  15. 15. Homework <ul><li>Compare RFC2196 with NIST 800-53 </li><ul><li>Topics covered
  16. 16. Historical context
  17. 17. Intended audience
  18. 18. Other? </li></ul></ul>

×