Describe the InfoSec management models, selection of InfoSec management models,

Question

Describe the InfoSec management models, selection of InfoSec management models, the fundamental elements of key InfoSec management practices, emerging trends in the certification and accreditation of U.S. federal information technology (IT) systems, key components and implementation strategies of a security performance measurement programs.

Security Management Models

InfoSec models are standards that are used for reference or comparison and often serve as the stepping-off point for emulation and adoption. As the Chief Information Officer, you have been tasked to provide a report to senior management concerning the Access Control Models and how the implementation of this model secures the organizations information system from external and insider threats.

Prepare a 350- to 1,050-word paper that fully discusses the topic questions

Explanation / Answer

(1)Infosec security performance measurement programs

Information security performance management is the process of designing,implementing and managing the use of collected data elements to determine the effectiveness of the overall security program, performance measurements are data points are computed trends that may indicate the effectiveness of security.

Organisations use three types of measurement:: (1) those that determine the effectiveness of the execution of Infosec policy. (2)Those that determine the effectiveness and/or efficiency of the delivery of information security services. (3) Those that assess the impact of an incident or other security event on the organisation or it's mission. Measurements must be useful for tracking performance and directing resources,once developed information security performance measurements must be implemented and integrated into ongoing information security management operations, (1) Capability Maturity model is one of the model used.    performance management measures include following steps. (a) prepare for data collection,identify,define,develop,and select infosec measure. (b) collect data and analyze results,collect,aggregate and consolidate metric data collection and compare meaurment with targets. (C) identify corrective actions develop a plan to serve as the roadmap of closing the gap identified in (b). (D) develop the bussiness case,(E) obtain resources,address the budgeting cycle for accqcounteresources neeeeded to implement remediation action identified in(c). (F)Apply corrective actions.

(2)Access control model implementions in the organisations are: (a) Information flow model example (1) Bell-Lapadula confidentiality model

(.) it's A state machine model that helps to ensure the confidentiality of an information system, using mandatory access controls (MAC)s data classification and security clearance

(:) By implementing this model it helps security prevent information from being moved from a level of higher security to a level of lower security,,,,,Access model can be one of two types, -simple security _ prohibits a subject of lower clearance from reading an object of higher classification,but allows a subject with a higher clearance level to read an object atba lower level.

-The *(star) property _ this *property(write property) prohibits a high level subject from sending messages to a lower level object

(B)Logical access control mechanisms _this mechanism are used to implement and enforce security policies are intended to counter internal and external threats :They are passwords,access control lists (ACL)s ,encryption,secure,gateways and firewalls ,,,   

Implementing of these provides organisations from both internal and external threats

Related Questions

Navigate

• Browse (All)
• Browse D
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.