Implementing Information Technology

0.0(0)
studied byStudied by 0 people
0.0(0)
full-widthCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/34

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

35 Terms

1
New cards

implementation phase

The ? of information security involves putting plans into action to protect an organization’s information assets.

2
New cards

Project Plan

To successfully implement information security, organizations must create a comprehensive __________ that outlines the required security controls and how to implement them.

3
New cards

  • procedures

  • people

  • hardware

  • software

  • data

The project plan should address

4
New cards

  • Identifying Objectives

  • Resource Allocation

  • Task Breakdown

  • Scheduling

  • Risk Management

Key steps in project plan include:

5
New cards

Identifying Objectives

Clearly define the goals of the security project.

6
New cards

Resource Allocation:

Determine the resources (human, technical, and financial) needed.

7
New cards

Task Breakdown

Divide the project into smaller, manageable tasks.

8
New cards

Scheduling

Set timelines for each task to ensure timely implementation.

9
New cards

Risk Management

Identify potential risks and prepare mitigation strategies.

10
New cards

Project Planning Considerations

Organizations must address various considerations when developing a project plan, including scope, time, cost, and quality. It’s essential to ensure that the security project aligns with business goals and does not hinder operations.

11
New cards

Scope Considerations

Scope defines the boundaries of the security project. A well-defined scope helps avoid scope creep, which can derail the project by introducing unforeseen tasks.

12
New cards

  • Set clear deliverables.

  • Identify dependencies and constraints.

  • Engage stakeholders to clarify expectations.

Project managers must:

13
New cards

  • Overseeing project execution.

  • Coordinating between teams.

  • Managing resources and timelines.

  • Resolving issues as they arise.

A dedicated project manager plays a crucial role in:

14
New cards

Project management

ensures that the information security project remains on track and achieves its objectives.

15
New cards

  • Phased Implementation

  • Pilot Implementation

  • Parallel Operations

Conversion Strategies

Organizations can use different strategies to implement security systems:

16
New cards

Phased Implementation

Roll out the new system gradually across departments.

17
New cards

Pilot Implementation

Test the system in a single department before a full rollout.

18
New cards

Parallel Operations

Run the new system alongside the old one to ensure stability.

19
New cards
20
New cards

Bull’s-Eye Model

The ?? prioritizes security efforts by focusing on four layers

21
New cards

  • Policies

  • Networks

  • Systems

  • Applications:

Bull’s-Eye Model layers:

22
New cards

Policies

Establishing rules and guidelines.

23
New cards

Networks

Securing communication channels.

24
New cards

Systems

Protecting individual devices and servers.

25
New cards

Applications

Safeguarding software used by the organization.

26
New cards

Outsourcing

Organizations must decide whether to handle security internally or outsource it to

third-party providers. ?? can bring expertise but also risks, such as loss of control

over sensitive data.

27
New cards

Technology governance

?? ensures that the organization’s technology use aligns with business goals. Change control processes help manage modifications to systems, ensuring that changes do not introduce vulnerabilities.

28
New cards

Non Technical Aspects of Implementation

● Communicate: Clearly explain the benefits of the changes.

● Involve: Engage employees in the implementation process.

● Train: Provide training to ensure employees understand new policies and technologies.

29
New cards

  • Establishing a security-aware culture.

  • Ensuring compliance with new policies.

  • Managing resistance to change.

Organizations must address the human factor in information security. This includes:

30
New cards

Certification

The process of evaluating a system’s security controls to ensure they meet predefined standards.

31
New cards

Accreditation

The formal approval for the system to operate, granted by a senior official.

32
New cards

National Institute of Standards and Technology (NIST)

The ??? provides a framework for applying the Risk Management Framework (RMF) to federal information systems.

33
New cards

1. Categorize the information system.

2. Select security controls.

3. Implement security controls.

4. Assess security controls.

5. Authorize information system operation.

6. Monitor security controls continuously.

The Risk Management Framework (RMF) includes six steps:

34
New cards

NSTISSI-1000: National Information Assurance Certification and Accreditation Process (NIACAP)

outlines the processes required to certify and accredit information systems within

the U.S. Department of Defense (DoD).

35
New cards

ISO 27001/27002 Systems Certification and Accreditation

are international standards for managing information security. The certification process includes:

1. Developing and implementing an Information Security Management System

(ISMS).

2. Undergoing audits by accredited certification bodies.

3. Maintaining the certification through regular surveillance audits.