Summary of all lectures of Information Security Management, part of Decision and Risk Analysis. I used the lecture slides and added my notes to clarify these slides and to provide more detail on the various concepts and guidelines mentioned in the slides.
INFORMATION
SECURITY
MANAGEMEN
T
Decision and Risk Analysis
Lecture notes and slides
,Information Security Management – Lecture Notes and Slides
Lecture 1
Introduction
Packet switching
Describe the internet with one word: Packet switching.
Packet switching was the basic idea behind arpa net.
If you ‘send’ something, it is divided in packets and these packets are sent
away.
Nowadays there’s just one kind of packet. There are some more, but not
common.
Arpa.net
Arpa net was a project financed by DoD (department of defense).
DoD was the largest investor in projects in defense since WW II.
Bell labs
Bell labs was the big one of one of the big telephone companies in the
United States. They had some labs that were very great in discovering new
items in communicating and computing. Linux is coming from them.
PARC
PARC was a research centre, owned by Xerox. They invented the mouse
and the graphical interface. At first they didn’t do anything with it.
IPv4 Internet protocol
Example: 137.056.xxx.xxx, is TilburgUniversity.edu
Five or six years ago, we didn’t have any addresses left. Thus, al most then
years ago they came up with IPv6. This means 32 digits in stead of 12.
Zero’s are omitted, but they might add them.
Internet of things:
A lot of other things than computers are connected to the internet. Almost
everybody has three communication devices, so you already need three
addresses. Everything will be connected to the internet. You might be able
to command and manage them from a distance. Companies will do that
with their plants and machinery.
Information security
Cybercrime: when people/groups of people use the internet to get to your
data; thieves.
Why do we need information security ?
national security
privacy
all private and company owned data has to be protected
, We need IS to have reliable data in our society.
If data is not reliable, managers will take wrong decisions because of
wrong data.
Difference between information systems and information technology
Information technology is mainly hardware, software, infrastructure etc.
There’s one element that has to be added before we talk about
information systems: people/organizations. So: hardware, software and
people/organization.
Difference between IT security and IS security
People are the weakest part of all the security. People will not always
exactly do what you tell them to; computers/devices will.
Lecture 2
Information security management
How to create a successful ISM program ?
Have a good understanding if what the business is about. It has to
be fit for the company.
Investment analysis. Develop some kind of business case to justify
the money spent on information security.
To find out what the specifics are of the regulations for our company.
Identify the regular and legal requirements.
Look for somebody who will agree on the idea. Obtain commitment
of senior management. You need somebody at the top level from
whom you can obtain authority. They have to permit to this program.
Start finding a structure, including reporting mechanisms and try to
‘roll out’ a program on information security.
You have to make some structure and define the roles, tasks and
responsibilities throughout the organization, on different levels.
Are there organization that don’t necessarily have to follow all the steps ?
Some organizations have more legal possession to do something. Also,
some organizations already have some security management in place;
they are aware that they have to be precious about some information. Two
obvious ones are hospitals (privacy related data; dangerous operations)
and the petrol chemical industry (production process can’t explode).
Corporate governance
Corporate governance means ‘goed bestuur’ (in Dutch) / ‘good
management’. All the important aspects of good organizations are in the
definition of corporate governance.
Main problem of corporate governance
The principal agency problem. The difference between shareholders and
management.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller annemiekvdb. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $3.52. You're not tied to anything after your purchase.
