Blog is intended for writing about topics or information security risk management, information technology, as is customary nowadays to call for information security, risk management days. Lofty themes of security: strategies and tactics, as well as the world's daily security worldwide.
1.1.1. All the means designed and operated physical planes, computing (sometimes called "logical", as opposed L"fiziim "), procedural and human, to achieve and maintain confidentiality, integrity and reliability, availability and survivability saas of information systems, information technology systems and other technologies.
1.2.2. Including all the knowledge required to carry out all activities At"m / HS. You can refer to the knowledge base "security doctrine or" Bible of security. See details in Section 3 of this article.
1.3.6.2. If there is no such a role in the organization (and probably most of the organizations have no such role, at least not yet), then the document will be written by the Director of Information Security (CISO). Dual role in this respect:
1. The actual writing part of his area of operations. What is? Should examine the job description, and then derive the content. State of Israel in many sectors, for example in the financial sector, its responsibility is limited primarily to protection and preservation of the confidentiality component (C), the triangle (confidentiality, integrity and reliability, availability and survivability CIA).
1.4.3. Directed toward a particular population group. To clarify what I mean unequivocally, the procedure is not a complete saas description of organizational task performed by different organizational units, (it is called in the professional jargon: Document Session - Workflow Document) and Procedure.
1.4.4.2. There are organizations where there is a dedicated organizational unit charged with writing procedures, then the organizational unit in which the owner of the process responsible for the content of the procedure to transfer the unit responsible for writing them. The unit is responsible for the writing saas carries out the technical task of writing, but preserves the fact that the organizational unit passed her the contents, a process.
1.6.2. Normally, saas steering committee members represent their corporate responsibility departments in different parts of At"m / HS, for example: Department of Information Technology, Physical Security, Procurement, Human Resources, Legal Office, and other business departments.
1.6.4. Secretary of the Executive Committee should be responsible for the activities At"m saas / HS organization. In the absence of such a role in the organization, (this is usually the situation), Manager of Information Security (CISO) shall be appointed to this position.
2.2.1. Human Resources organization responsible for life cycle management in your organization. One issue may be the responsibility of candidates for acceptance filtering performance work. One of the filtration saas process parameters must be reliable / credible candidate. Therefore, the Human Resources Department may be supposed to receive input data security administrator or security officer or both what is required to make on the subject of testing reliability / dependability. Example: When the candidate in the hiring supervisor should work as information systems (System Administrator) and will be controlled by any organization's information systems. It is not inconceivable saas that hiring a person with no background testing and reliability testing of a variety of different tests. The same applies when we talk about sensitive positions in various corporate departments. An example would be the role of the treasurer or director saas of procurement and so on. What about a temporary freeze of access privileges to employees leaving on a long vacation (unpaid leave / maternity leave) and cancellation of access privileges to employees who complete their work the organization? All of these activities originate saas from the Human Resources Department, at the organizational unit is responsible employee life cycle in the organization. In addition, they are responsible for the set (with the assistance of the business units in the organization), which functions in the organization. These roles are the foundation upon which was built in permissions system. What about disciplinary punishment that design, publish and activate employees if an employee violates the policy At"m / SS or is not functioning as per procedure / instruction related work At"m / HS? All the issues mentioned above are the responsibility of the organization's human resources department.
2.2.2. Purchasing handles all procurement carried out in the organization. Share may include information technology components, or any process of purchasing one of the possible results here change in the level At"m / HS which is in the current organization. For example, the procurement of new smartphones which will include corporate saas information of any kind.
2.2.3. saas Physical Security is responsible for protecting people, saas property and information by providing a reference to the physical aspects of security processes. One example might be a gift to take measures to protect laptops when they are transported from the organization saas outside of the organization. Physical security in this example will prompt how to carry your laptop, how to protect it in the private car, public transport, airport, aircraft in flight, and so on. To complete the picture in this example, the information security aspects Hmihsoviim required to provide guidance on how to protect the data on your laptop against unauthorized leakage factor (through encryption, for example) or how to protect your laptop against penetration of malicious software (using anti-virus tools, for example).
2.2.4. Business Units / Corporate are the reason why the organization exists at all. Organizational unit responsible for one or more business processes that the organization would like to perform. Meaning of responsibility is the responsibility of business process should include all aspects of the process. One of the issues is the management of all risks accompanying
No comments:
Post a Comment