Amazing Books
Temporary Blank

Monday, May 23, 2011

Guide to Information Technology Security Services






Table of Contents
1. Introduction ......................................................................................................................1-1
1.1 Authority...................................................................................................................1-1
1.2 Purpose....................................................................................................................1-1
1.3 Limitations................................................................................................................1-2
1.4 Intended Audience ...................................................................................................1-2
1.5 Document Organization ...........................................................................................1-2
2. Roles and Responsibilities .............................................................................................2-1
2.1 Chief Information Officer ..........................................................................................2-1
2.2 Contracting Officer ...................................................................................................2-1
2.3 Contracting Officer’s Technical Representative .......................................................2-1
2.4 IT Investment Board (or equivalent).........................................................................2-1
2.5 IT Security Program Manager..................................................................................2-1
2.6 IT System Security Officer .......................................................................................2-1
2.7 Program Manager (Owner Of Data)/Acquisition Initiator .........................................2-2
2.8 Privacy Officer..........................................................................................................2-2
2.9 Other Participants ....................................................................................................2-2
3. IT Security Services .........................................................................................................3-1
3.1 Overview of IT Security Services .............................................................................3-1
3.2 Overview of IT Security Service Arrangements .......................................................3-1
3.3 Overview Of IT Security Services Management Tools.............................................3-2
3.4 Overview of IT Security Services Issues..................................................................3-2
3.5 General Considerations for IT Security Services .....................................................3-3
3.6 Organizational Conflict of Interest............................................................................3-5
4. IT Security Services Life Cycle .......................................................................................4-1
4.1 Phase 1: Initiation ...................................................................................................4-2
4.2 Phase 2: Assessment .............................................................................................4-3
4.2.1 Baseline Existing Environment .....................................................................4-4
4.2.2 Analyze Opportunities and Barriers..............................................................4-6
4.2.3 Identify Options and Risks............................................................................4-7
4.3 Phase 3: Solution....................................................................................................4-8
4.3.1 Develop the Business Case .........................................................................4-9
4.3.2 Develop the Service Arrangement ...............................................................4-9
4.3.3 Develop the Implementation Plan ..............................................................4-10
4.4 Phase 4: Implementation ......................................................................................4-10
4.4.1 Identify Service Provider and Develop Service Agreement........................4-11
4.4.2 Finalize and Execute the Implementation Plan ..........................................4-13
4.4.3 Manage Expectations.................................................................................4-13
4.5 Phase 5: Operations ..............................................................................................4-13
4.5.1 Monitor Service Provider Performance ......................................................4-14
4.5.2 Monitor and Measure Organization Performance.......................................4-14
4.5.3 Evaluate and Evolve...................................................................................4-15
4.6 Phase 6: Closeout.................................................................................................4-15
4.6.1 Select Appropriate Exit Strategy ................................................................4-16
4.6.2 Implement Appropriate Exit Strategy..........................................................4-16
Types of Services.............................................................................................................5-1
5.
5.1 Management Security Services ...............................................................................5-2
5.1.1 IT Security Program Development ...............................................................5-2
5.1.2 IT Security Policy..........................................................................................5-3
5.1.3 Risk Management ........................................................................................5-4
5.1.4 IT Security Architecture ................................................................................5-4
5.1.5 Certification and Accreditation......................................................................5-4
5.1.6 IT Security Product Evaluation .....................................................................5-5
5.2 Operational Security Services..................................................................................5-6
5.2.1 Contingency Planning ..................................................................................5-6
5.2.2 Incident Handling..........................................................................................5-7
5.2.3 Testing..........................................................................................................5-8
5.2.4 Training ........................................................................................................5-9
5.3 Technical Security Services...................................................................................5-11
5.3.1 Firewalls .....................................................................................................5-11
5.3.2 Intrusion Detection .....................................................................................5-11
5.3.3 Public Key Infrastructure ............................................................................5-12
Appendix A— REFERENCES ................................................................................................. A-1
Appendix B— ACRONYM LIST .............................................................................................. B-1
Appendix C— SERVICE AGREEMENT OUTLINE ................................................................ C–1
Appendix D— SAMPLE ACQUISITION LANGUAGE ........................................................... D–1
Appendix E— FREQUENTLY ASKED QUESTIONS............................................................. E–1


Another Computer Security Books
Another Information System Books
Download

No comments:

Post a Comment

Related Posts with Thumbnails
There was an error in this gadget

Put Your Ads Here!
There was an error in this gadget