Dated: 31-10-2024
Ch1: how is the Information Security Implemented?
Pillars of Information Security
- People
- Process
- Technology
Leadership Commitment
- "Tone at the top"
- Information security policy and objectives
- Assigning responsibility and authority
- Resource allocation
- Performance reviews
- Ensuring accountability
Information Security Manager or Ciso
- Head of department responsible for implementing information security program
- Directs planning, implementation, measurement, review and continual improvement of program.
It User
- Understand policies
- Conduct security/risk assessment
- Design effective security architecture
- Develop SOPs and checklists
- Implement controls
- Report incidents
- Conduct effective change management
Business User
- Security awareness and training
- Follow information security policy
- Develop and implement secure business processes
- Role-based access control and periodic reviews
- Reporting incidents
Information Security Program
- Assessing security risks and gaps
- Implementing security controls
- Monitoring, measurement, & analysis
- Management reviews and internal audit
- Accreditation/testing
_ is not the pillar of information security.
- Awareness
- Integrity
- Confidentiality
- Availability