Professional Documents
Culture Documents
to
Information
Security
TOPIC:
1. Approaches to Information Security
a. The Systems Development Life Cycle
b. The Security Systems Development Life Cycle
c. Security Professionals and Organizations
d. Information Security as an Art and Science
ASSESSMENT METHOD/S:
1. Discussion Questions
2. Multiple Choice Questions
3. Student Project Plan
REFERENCE/S:
Communities of Interest
Each organization develops and maintains its own unique culture and values.
Within each organizational culture, there are communities of interest that
develop and evolve. As defined here, a community of interest is a group of
individuals who are united by similar interests or values within an organization
and who share a common goal of helping the organization to meet its objectives.
While there can be many different communities of interest in an organization,
this book identifies the three that are most common and that have roles and
responsibilities in information security. In theory, each role must complement
the other; in practice, this is often not the case.
Summary
Upper management drives the top-down approach to security
implementation, in contrast with the bottom-up approach or grassroots
effort, whereby individuals choose security implementation strategies.
The traditional systems development life cycle (SDLC) is an approach to
implementing a system in an organization and has been adapted to provide
the outline of a security systems development life cycle (SecSDLC).
The control and use of data in the organization is accomplished by
Data owners—responsible for the security and use of a particular set of
information
Data custodians—responsible for the storage, maintenance, and
protection of the information
Data users—work with the information to perform their daily jobs
supporting the mission of the organization