Symbiosis Centre for Information Technology

SIU Course Code

30241111 Credit Points: 3 Course Designer : Dr.Dhanya Pramod Revision Date: 2nd Jan 2012

Course Name

Security Management Practices Information Security Governance Practices Security management responsibilities Understand the principles of security management Security policies Understand the considerations and criteria for classifying data Information Security for mergers and acquisitions Set information security roles and responsibilities throughout your organization Understanding ROSI Determine how employment policies and practices are used to enhance information security in your organization Security-awareness training Use change control to maintain security Role of an Information Security Officer To learn to define Information Assets and the methodology of IAP. To understand methodical approach to address various threats and vulnerability of the IT Infrastructure.

Scope and Objectives

Prerequisite LCD Required Yes/No (Yes) 1) Information Security Management Handbook, H. Tipton, M Krause, 6th edn. Auerbach Publications 2) Official (ISC2) Guide to CISSP Exam, S. Hansche, J, Berti, C. Hare 3) Information Asset Profiling by James Stevens, Carnegie Mellon University & Software Engineering Institute material. 4) Computer Security by Stallings and Brown 5) Principles and Practices of Information Security (Ch.-on Physical security) by Michal Whitman and Herbert Mattord 1) CISSP Study Guide Third Edition By James Michael, Ed Tittel, Mike Chappel The CISSP Prep Guide, 2nd Edn, R. Kurtz and R D Vines

Prescribed Books

Reference books/Sites

MBA ITBM 2013-15 (Ele-ISM)

1/1

Symbiosis Centre for Information Technology

1) Zen and the Art of Information Security, Ira Winkler, Syngress Publishing 2) CISO Leadership Essential Principles for Success, Todd Fitzgerald, M Krause, Auerbach Publications 3) Unauthorised Acces Physical penetration Testing By Wil Allsopp and Kevin Mitnik

Additional Readings:

Topics

Details
Corporate Governance Security Governance Defined Need for IS Governance Organisational Dynamics Pitfalls in IS Governance Roles and Responsibilities Separation of Duties and Principle of Least Privilege Job Rotation Top Management Security issues Necessary but Insufficient Condition : Support Why Communication Fails Critical Success Factors Establish Classifications Minimum controls Classify Information and Applications Background and Necessity of IS Threats and Consequences Pre-Merger/Pre-Acquisition Strategy Day of Merger/Acquisition Actions Post-Merger/Acquisition Phase Overview of Corporate IT Security Organisation Building an Effective and Winning Security Team Maintaining Information Security when downsizing Definition and examples of each

Information Security Governance (2 sessions)

Assignments/ Presentations/ Case Studies

Top Management Support (1 session) Data Classification (1 sessions) Information Security for Mergers and Acquistions (1 sessions) Security Management Planning (1 sessions) Policies, Standards, Guidelines, Procedures, Baseline (1 sessions) Employment policies and practices (1 sessions) Security ROI (2 sessions) Security Awareness

Hiring and Termination practices, Security management of employees Understanding ROI Calculating ROSI Arguments against ROSI Training and Education, Auditing the
2/2

MBA ITBM 2013-15 (Ele-ISM)

Symbiosis Centre for Information Technology

(2 sessions) Change Control Management (1 sessions) Information Security Officer (1 sessions) Introduction (2 Session) Define an Information Asset (2 Session) Identify the Asset Owner (1 Session) security infrastructure Types of changes, Change procedures

Qualifications Role and Responsibilities Reporting Model Information Asset Profiling Objectives Information & Data Asset Characteristics Information Assets and how they are different Identifying in information asset in the Information Study of an Annual Report Cycle. and identify typical assets Background Information and examples of information Boundaries & Containers assets Owners & Custodians Multiple Assets & Owners Group Assignment on defining an information asset.

Identify Containers Category of Containers: Systems & Applications; Assignments on white hardware; people, other containers papers on Security (1 Session) Categorization, Mapping, Valuation etc. Confidentiality, integrity & availability Identify Security Managing information security vulnerabilities vs. managing risk to information assets requirements Risk Identification (1 Session) Determine the IAP Process Methodology used by US Information Asset Federal Govt. Valuation (2 Session) Physical security Introduction (1 Session) Significance of Physical security in Infrastructure management . What constitutes an IT Infrastructure Identification and description of Infrastructure elements in a Data Centre Typical layout of a modern Data Centre, Design Issues, basic components , Process for IT System operations, Service Management Process, Types of Threats Likely Vulnerable spots:

Physical layout (1 Session) Identification of the threats and vulnerability of an IT Infrastructure (1 Session) Effect of Physical threats on

Service delivery process

3/3

MBA ITBM 2013-15 (Ele-ISM)

Symbiosis Centre for Information Technology

(1 Session) Design and Implementation: (1 Session) Storage management,

Security Management (1 Session)

Security Policy Framework: Overview and Mission Statement Physical Security Plan for IT infrastructure in relation to the Risk analysis and vulnerable spots Security Design for the entire Infrastructure Implementation-identifying the security devices for prevention and identification Integrating Physical IT Security and Cyber Security Planning Physical Security and BCP and DR

Physical Security Controls, Logical Security Controls, Infrastructure' & Data Integrity, Policies and Procedures for Staff: Secure Backups, Equipment Certification, Audit Trails Various devices for detection and control

Security Devices (1 Session) Evaluation Policy

Internal Evaluation : 90 Marks External Evaluation : 60 Marks

MBA ITBM 2013-15 (Ele-ISM)

4/4