In this blog, 25.000 books will be uploaded, so far more than 1400 books are available. Books, will be added daily, please check this blog daily.
Monday, May 23, 2011
Guide to Information Technology Security Services
Table of Contents
1. Introduction ......................................................................................................................1-1
1.1 Authority...................................................................................................................1-1
1.2 Purpose....................................................................................................................1-1
1.3 Limitations................................................................................................................1-2
1.4 Intended Audience ...................................................................................................1-2
1.5 Document Organization ...........................................................................................1-2
2. Roles and Responsibilities .............................................................................................2-1
2.1 Chief Information Officer ..........................................................................................2-1
2.2 Contracting Officer ...................................................................................................2-1
2.3 Contracting Officer’s Technical Representative .......................................................2-1
2.4 IT Investment Board (or equivalent).........................................................................2-1
2.5 IT Security Program Manager..................................................................................2-1
2.6 IT System Security Officer .......................................................................................2-1
2.7 Program Manager (Owner Of Data)/Acquisition Initiator .........................................2-2
2.8 Privacy Officer..........................................................................................................2-2
2.9 Other Participants ....................................................................................................2-2
3. IT Security Services .........................................................................................................3-1
3.1 Overview of IT Security Services .............................................................................3-1
3.2 Overview of IT Security Service Arrangements .......................................................3-1
3.3 Overview Of IT Security Services Management Tools.............................................3-2
3.4 Overview of IT Security Services Issues..................................................................3-2
3.5 General Considerations for IT Security Services .....................................................3-3
3.6 Organizational Conflict of Interest............................................................................3-5
4. IT Security Services Life Cycle .......................................................................................4-1
4.1 Phase 1: Initiation ...................................................................................................4-2
4.2 Phase 2: Assessment .............................................................................................4-3
4.2.1 Baseline Existing Environment .....................................................................4-4
4.2.2 Analyze Opportunities and Barriers..............................................................4-6
4.2.3 Identify Options and Risks............................................................................4-7
4.3 Phase 3: Solution....................................................................................................4-8
4.3.1 Develop the Business Case .........................................................................4-9
4.3.2 Develop the Service Arrangement ...............................................................4-9
4.3.3 Develop the Implementation Plan ..............................................................4-10
4.4 Phase 4: Implementation ......................................................................................4-10
4.4.1 Identify Service Provider and Develop Service Agreement........................4-11
4.4.2 Finalize and Execute the Implementation Plan ..........................................4-13
4.4.3 Manage Expectations.................................................................................4-13
4.5 Phase 5: Operations ..............................................................................................4-13
4.5.1 Monitor Service Provider Performance ......................................................4-14
4.5.2 Monitor and Measure Organization Performance.......................................4-14
4.5.3 Evaluate and Evolve...................................................................................4-15
4.6 Phase 6: Closeout.................................................................................................4-15
4.6.1 Select Appropriate Exit Strategy ................................................................4-16
4.6.2 Implement Appropriate Exit Strategy..........................................................4-16
Types of Services.............................................................................................................5-1
5.
5.1 Management Security Services ...............................................................................5-2
5.1.1 IT Security Program Development ...............................................................5-2
5.1.2 IT Security Policy..........................................................................................5-3
5.1.3 Risk Management ........................................................................................5-4
5.1.4 IT Security Architecture ................................................................................5-4
5.1.5 Certification and Accreditation......................................................................5-4
5.1.6 IT Security Product Evaluation .....................................................................5-5
5.2 Operational Security Services..................................................................................5-6
5.2.1 Contingency Planning ..................................................................................5-6
5.2.2 Incident Handling..........................................................................................5-7
5.2.3 Testing..........................................................................................................5-8
5.2.4 Training ........................................................................................................5-9
5.3 Technical Security Services...................................................................................5-11
5.3.1 Firewalls .....................................................................................................5-11
5.3.2 Intrusion Detection .....................................................................................5-11
5.3.3 Public Key Infrastructure ............................................................................5-12
Appendix A— REFERENCES ................................................................................................. A-1
Appendix B— ACRONYM LIST .............................................................................................. B-1
Appendix C— SERVICE AGREEMENT OUTLINE ................................................................ C–1
Appendix D— SAMPLE ACQUISITION LANGUAGE ........................................................... D–1
Appendix E— FREQUENTLY ASKED QUESTIONS............................................................. E–1
Another Computer Security Books
Another Information System Books
Download
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment