Scribd Logo
Upload

Welcome to Scribd!

  • Security ND Ethics

    Uploaded by

    amulrocks
    14 views15 pages

    Original Title

    Security Nd Ethics

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    14 views15 pages

    Security ND Ethics

    Uploaded by

    amulrocks

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 15

    Information Security

    Management and Ethics

    BY
    Pavan. K (09-215)
    Ganesh (09-247)
    Pradeep (09-231)
    SECURITY….
    • An information security management system (ISMS) is, as the name
    implies, a set of policies concerned with information security
    management.
    • The key concept of ISMS is for an organization to design, implement
    and maintain a coherent suite of processes and systems for effectively
    managing information accessibility, thus ensuring the confidentiality,
    integrity and availability of information assets and minimizing
    information security risks.
    • As with all management processes, an ISMS must remain effective
    and efficient in the long term, adapting to changes in the internal
    organization and external environment.
    "Plan-Do-Check-Act“ approach will provide continuous improvement.

    Plan- This phase is about designing the ISMS, assessing information


    security risks and selecting appropriate controls.

    Do- This phase involves implementing and operating the controls.

    Check-This phase objective is to review and evaluate the performance


    (efficiency and effectiveness) of the ISMS.

    Act- In this phase, changes are made where necessary to bring the
    ISMS back to peak performance.
    The total control areas it include…
    • Security Policy
    • Organizational of Information Security
    • Asset management
    • Human Resources Security
    • Physical and Environmental Security
    • Communications and Operations Management
    • Access Control
    • Information Systems Acquisition, Development and Maintenance
    • Information Security Incident Management
    • Business Continuity Management
    • Compliance
    Benefits…
    • By using an ISMS an organization can be sure that they are
    measuring and managing their information security
    processes in a structured manner and that they can control
    and hone their system to meet their business needs.
    • It is applicable to both large and small organizations.
    • A process-based approach is followed, allowing the
    organization the flexibility of operating the processes that
    are appropriate to it.
    Pitfalls…
    • Awareness of employees: Many organizations face the challenge of
    ensuring that ALL employees are aware of the applicable policies such
    as activating screensavers, firewalls, and virus detection systems, just
    to name a few.
    • Expertise of employees: The problem exists not only on the expert
    level, but also on management and user levels. Technology changes
    with an ever increasing speed, which is partially the reason, but there
    is also a lack of training on ALL levels. Organizations are just simply
    not providing sufficient training to their employees.
    • No risk assessment: Could result in spending resources in areas that
    are important, but ignoring those areas that are MORE important.
    • Insufficient resources: organizations are constantly in the process of
    allocating resources; the challenge for many organizations is the
    proper/correct allocation of resources – many ISMS systems suffer in
    this area because management fails to conduct an adequate risk
    assessment.
    • Inadequate, insufficient asset classification: Many organizations are
    lacking the clear, concise classification of information (e.g. public,
    internal use only, confidential, secret, top secret). This leads to
    inconsistency in the implementation
    Ethics…
    • Every Fellow and Member of the Institute (including both Professional
    and Affiliate Membership grades) shall employ all his or her
    intelligence, skills, power and position to ensure that the contribution
    made by the profession to society is both beneficial and respected. In
    accordance with this commitment, he or she shall at all times uphold
    the following six fundamental principles:
    1.Society
    2.Organizations
    3.Peers
    4.Staff
    5.Profession
    6.Self
    Society…
    • We will strive to ensure that those professional activities for which we
    have responsibility, or over which we have influence, will not be a
    cause of avoidable harm to any section of the wider community,
    present or future, or to the environment.
    • We will use our knowledge, understanding and position to oppose
    false claims made by others regarding the capabilities, potential or
    safety of any aspect of Information Systems and Information or
    Communication Technology.
    • We will strive to protect the legitimate privacy and property of
    individuals and organizations in wider society, where there is a risk
    that these may be compromised by professional activities for which
    we are responsible, or over which we have influence.
    Organizations…
    • we will Endeavour to avoid, identify and resolve conflicts of interest.
    • we will preserve the legitimate confidentiality of the affairs of our
    employers and clients.
    • we will ensure, within the extent of our influence, compliance with
    relevant and well-founded technical standards and methods.
    • we will ensure that we do not cause our employers or clients to breach
    applicable legislation or well-founded rules, unless there is a greater
    ethical priority of sufficient magnitude.
    Peers…
    • We will protect the legitimate privacy and property of our colleagues
    and peers.
    • We will refrain from all conduct that inappropriately undermines our
    colleagues or peers.
    • We will give an honest opinion regarding the competence and
    potential of our colleagues and peers, when it is appropriate to do so.
    • We will act in support of colleagues and peers who uphold what is
    right above their personal benefit and convenience.
    • We will promote teamwork among our colleagues and peers, taking
    our fair share of the burdens and no more than our fair share of the
    credit.
    Staff…
    • We will adopt and promote an ethical approach to management.
    • We will be fair in our dealings with those we supervise.
    • We will be open towards those we supervise, unless constrained by a
    greater ethical priority.
    • We will promote adherence to relevant and well-founded specialist
    codes of conduct.
    • We will promote teamwork among those we supervise, taking our fair
    share of the burdens and no more than our fair share of the credit.
    • We will not require those we supervise to breach applicable legislation
    or well founded rules.
    Profession…
    • We will act with integrity at all times.
    • We will be honest unless constrained by a greater ethical
    priority.
    • We will strive to abide by this Code of Ethics and thereby
    enhance the public image and standing of the profession.
    • We will be willing to perform voluntary work on behalf of
    the profession, provided that we have the necessary time,
    resources and capability for the task.
    Self…
    • We will maintain our personal integrity.
    • We will not allow personal interests to influence the advice
    we give on technical and professional matters.
    • We will maintain the continuing development of our
    technical, professional and ethical understanding and
    competence.

    You might also like