Management of Information Security - York University

CSE 4482 Computer Security Management:

Assessment and Forensics

Management of Information Security

Instructor: N. Vlajic, Fall 2013

Required reading: Management of Information Security (MIS), by Whitman & Mattord Chapter 1, pages 8 ? 15 Chapter 4, all pages Chapter 5, pages 163 - 188

Learning Objectives

Upon completion of this material, you should be able to:

? List the key managerial roles and the main types of managerial positions in an organization.

? Describe the POLC project management model.

? List and describe organizational/structural approaches to information security.

? Explain the difference between security policy, standard and procedure.

? Enlist different types of security policy that can be found in an organization.

Management: Definitions

? Management ? process of achieving objectives using a given set of resources

? Manager ? person assigned to handle following roles necessary to achieve desired objective(s)

informational role: collect, process, use, provide information that can affect the completion of the objective

interpersonal role: coordinate and interact with superiors, subordinates, outside stakeholders and other parties that influence or are influenced by the completion of the task

decisional role: select among alternative approaches and and resolve conflicts, dilemmas or challenges

Examples: teacher, student, president, software developer

Management: Definitions (cont.)

Example: 3 managerial role categories



 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download