I. Discuss the purpose of these four layered model approaches with respect to a project plan process:
Question:
I. Discuss the purpose of these four layered model approaches with respect to a project plan process:
• Policies: this is the outer-most layer of the diagram. It also provides the ground rules that systems must use to function correctly. When implementing complex changes, these should be used to provide clarity as to the purpose of the project being executed.
• Networks recognize the fact that for a long time information security was focused strictly on this layer. Now, though, it is more complex due to the infrastructure encountering threats from public networks. This layer also focuses on authentication and authorization to connect to an organization’s systems via public networks.
• Systems gain understanding that as a system gets more complex, the harder it is to maintain a secure environment for it. Additionally, this includes servers and desktops for process control and manufacturing systems.
• Applications: this is the inner-most layer of the model and includes programs that help run an organization so work can be completed. Examples of this include office automation, e-mail programs, and customized software packages.
II. Applying this model provides knowledge necessary where to focus resources and capabilities in the information security blueprint which is then applied to the overall project plan.
III. Understand how the following relate to what the model dictates regarding information security practices:
• No additional resources should be spent on controls until a sound and usable IT and information security policy is in place and deployed.
• All resources should be focused on the goal of having strong network controls in place unless the policy needs of an organization need adjustment.
• Implementation should focus primarily on the process, manufacturing systems, and information once policies and network controls are established.
• Provided that assurance is achieved and policies in place are solid, attention can then be diverted to assessing and remediating the security needs of the organization’s applications. Critical applications should, by default, get the most attention.
Step by Step Answer:
Principles Of Information Security
ISBN: 9780357506431
7th Edition
Authors: Michael E. Whitman, Herbert J. Mattord