Information Security Management (Security Analyst - I)

Unit1: Information Security Management & OverView

With the pervasive growth and use of digital information, much of which is confidential, there has also been growth in incidents of information theft, including cyber-attacks by hackers. This has happened both in governments and in private companies. This has necessitated the need for the position of information security analyst. Those who work as information security analysts are responsible for keeping information safe from data breaches using a variety of tools and techniques. Information security analysts protect information stored on computer networks, in applications etc. They do this with special software that allows them to keep track of those who can access and who have accessed data. The core function of this occupation is to ensure the confidentiality, integrity and availability of data to the ‘right’ users within/outside of the organization. These conduct assessments for security threats and vulnerabilities, determine deviations from acceptable pre-defined configurations, enterprise or local policy, assess the level of risk, develop and/or recommend appropriate mitigation countermeasures in operational and non-operational situations.

In this Unit we learn Information Security Overview, Threats and Attack Vectors, Types of Attacks, Common Vulnerabilities and Exposures (CVE), Network Security Attacks, Fundamentals of Information Security,  Computer Security Concerns, Information Security Measures etc…


Unit2: Fundamentals of Information Security

Fundamentals of Information Security mainly consists of the components like Key Elements of Networks, Logical Elements of Network, Critical Information Characteristics, Information States,  which mainly discusses about Network Security. Network security refers to any activity designed to protect your network. Specifically, these activities protect the usability, reliability, integrity and safety of your network and data. Effective network security targets a variety of threats and stops them from entering or spreading on your network. In fact     No single solution protects you from a variety of threats. You need multiple layers of security. If one fails, others still stand. Network security is accomplished through hardware and software. The software must be constantly updated and managed to protect you from emerging threats.     A network security system usually consists of many components. Ideally, all components work together, which minimizes maintenance and improves security.


Unit 3: Data Leakage

In this unit, we learn an import concept “Data Leakage”. Data leakage is defined as the accidental or unintentional distribution of private or sensitive data to an unauthorized entity. Sensitive data in companies and organizations include intellectual property (IP), financial information, patient information, personal credit card data, and other information depending on the business and the industry. Data leakage poses a serious issue for companies as the number of incidents and the cost to those experiencing them continue to increase. In this unit we learn about What is Data Leakage and statistics? Also about the topics like Data Leakage Threats, Reducing the Risk of Data Loss, Key Performance Indicators (KPI), Database Security etc.

            In this Unit we learnInformation Security Policies-necessity-key elements & characteristics, Security Policy Implementation, Configuration, Security Standards-Guidelines & Frameworks etc.


Unit4: Information Security Policies, Procedures and Audits

In this unit Information Security Policies, Procedures and Audits, We learn about Information Security Policies, Necessity, Key Elements, Characteristics, Security Policy Implementation, Configuration, Security Standards, Security Guidelines & Frameworks etc. “A security policy is a document or set of documents that describes, at a high level, the security controls that will be implemented by the company.” Policies are not technology specific and do three things for an organization. Organizations are giving more priority to development of information security policies, protecting their assets are one of the prominent things that needs to be considered. Lack of clarity in InfoSec policies can lead to catastrophic damages which cannot be recovered. So an organisation makes different strategies in implementing a security policy successfully. An information security policy provides management direction and support for information security across the organizations. There are two types of basic security policies: Technical security policies: these include how technology should be configured and used. These include how people (both end users and management) should behave/ respond to security.


Unit 5: Information Security Management – Roles and Responsibilities

This unit describes about the Roles & Responsibilities in Information Security Management, Accountability, Roles and Responsibility of Information Security Management, Team responding to emergency situation, Risk Analysis Process, with the growing importance and scope of information and data security, numerous organizational structures and configurations have been implemented to get a handle on the complexities associated with managing and protecting data. Information security governance begins at the top with the Board of Directors and CEO enforcing accountability for adherence to standards and commissioning the development of security architectures that address the security requirements of the business as a whole. The auditing function might be its own group (or outsourced to a third party) and might report to the CEO or directly to the Board of Directors to maintain its independence.

The Board of Directors is responsible for protecting the interests of the shareholders of the corporation. This duty of care (fiduciary responsibility) requires that it understand the risk to the business and its data. The Board of Directors is responsible for approving the appropriate resources necessary to safeguard data. It also needs to be kept aware of how the security program is performing.


Text Books & References

Reference Material: (Security Analyst)

TEXT BOOKS:

T1. Information Security Management – A student’s Hand Book – NASCOMM

T2: Management of Information Security by Michael E. Whitman and Herbert J. Mattord

Downloads: 
 
  Facilitator Guide :  ClickHere to Download or use the below link to donwload                                 
                                   https://drive.google.com/open?id=0B_ySwMoI8wFWMjEyWVYxS1lQaWM

  
 Student's Hand Book: Click Here to Download or use the below link to donwload                                                                                                  https://drive.google.com/open?id=0B_ySwMoI8wFWMjBmY21hYm1CUHc
 
REFERENCE BOOKS:

R1. Information Security Management – Facilitator’s Guide

R2:Information Security Management Handbook, Fourth Edition, Volume I - TIPTON HAROLD F

WEB REFERENCES:

  http://www.iso.org/iso/home/standards/management-standards/iso27001.htm

 http://csrc.nist.gov/publications/nistpubs/800-55-Rev1/SP800-55-rev1.pdf

 https://en.wikipedia.org/wiki/Information_security_management_system

 https://en.wikipedia.org/wiki/Information_security_management_system  http://www.cert.org/historical/governance/references.cfm?

 

* * *