Kudler Security Report
Kudler Fine Foods IT Security Report and Presentation Security Considerations
CMGT/400
Kudler Fine Foods IT Security Report and Presentation Security Considerations
According to Whitman and Mattord (2010), The ISO 27000 series is one of the most widely referenced security models. Referencing ISO/IEC 27002 (17799:2005), the major process steps include: risk assessment and treatment, security policy, organization of information security, asset management, human resources security, physical and environmental security, communications and operations management, access control, information systems acquisition, development, and maintenance, information security incident management, business continuity management, and compliance (Chapter 10, Security Management Models). 1. Risk assessment and treatment 2. Security policy: Focuses mainly on information security policy 3. Organization of information security: For both the internal organization and external parties 4. Asset management: Includes responsibility for assets and information classification 5. Human resources security: Ranges from controls prior to employment and during employment to termination or change of employment 6. Physical and environmental security: Includes secure areas and equipment security 7. Communications and operations management: Incorporates operational procedures and responsibilities, third-party service delivery management, systems palnning and acceptance, protection against malicious and mobile code, backup, network security management, media handling, exchange of information, electronic commerce services and monitoring 8. Access control: Focuses on business requirement for access control, user access management, user responsibilities, network access control, operating system access control, application and information access control, and mobile computing and teleworking 9. Information systems acquisition, development, and maintenance: Includes
CMGT/400
Kudler Fine Foods IT Security Report and Presentation Security Considerations
According to Whitman and Mattord (2010), The ISO 27000 series is one of the most widely referenced security models. Referencing ISO/IEC 27002 (17799:2005), the major process steps include: risk assessment and treatment, security policy, organization of information security, asset management, human resources security, physical and environmental security, communications and operations management, access control, information systems acquisition, development, and maintenance, information security incident management, business continuity management, and compliance (Chapter 10, Security Management Models). 1. Risk assessment and treatment 2. Security policy: Focuses mainly on information security policy 3. Organization of information security: For both the internal organization and external parties 4. Asset management: Includes responsibility for assets and information classification 5. Human resources security: Ranges from controls prior to employment and during employment to termination or change of employment 6. Physical and environmental security: Includes secure areas and equipment security 7. Communications and operations management: Incorporates operational procedures and responsibilities, third-party service delivery management, systems palnning and acceptance, protection against malicious and mobile code, backup, network security management, media handling, exchange of information, electronic commerce services and monitoring 8. Access control: Focuses on business requirement for access control, user access management, user responsibilities, network access control, operating system access control, application and information access control, and mobile computing and teleworking 9. Information systems acquisition, development, and maintenance: Includes
References: Whitman, M., & Mattord, H. (2010). Management of Information Security (3rd ed.). Retrieved from https://ecampus.phoenix.edu/content/eBookLibrary2/content/eReader.aspx? assetMetaId=fabd4b16-12a9-47f4-bf47-bcb1410f0ee1&assetDataId=d660cb13-8789-4280-aae9-4243087d34dc&assetpdfdataid=d910f4d6-8741-440e-abc7-b24644f4b198 SANS: SCORE. (2012). Retrieved from http://www.sans.org/score/ISO_17799checklist2.php