This chapter defined foundational ISS concepts and key terms. You learned about the key tenets of ISS management to ensure confidentiality, integrity, availability, authentication, and nonrepudiation. Additionally, you read that information systems security (ISS) and information assurance (IA) are two separate but similar concepts. Associated with IA and ISS is governance. Governance ensures people are following the rules, such as policies, regulations, standards, and procedures. You also read about the importance of quality control and quality assurance.
There are several situations when security policies are to be considered. Opportunities include:
You read about where policies fit within an organization to meet operational and governance requirements. These include all seven domains, across the business spectrum. ISS policies are important for several reasons. A primary reason is controlling authorized access to information. Another reason is to control change to systems. You read about how to express risk in terms of threats and vulnerabilities. Finally, you learned about policy acceptance and enforcement, and factors that make those processes difficult. Employee support is required at all levels for policy buy-in and enforcement. Enforcement also hinges on effective policy writing.
1. Fadilpašić, Sead, “DDoS Attacks Are Getting Even Larger,” ITProPortal, September 13, 2018, https://www.itproportal.com/news/ddos-attacks-are-getting-even-larger/, accessed April 14, 2020.
2. Help Net Security, “Average DDoS Attack Sizes Decrease 85% Due to FBI’s Shutdown of DDoS-for-Hire Websites,” March 21, 2019, https://www.helpnetsecurity.com/2019/03/21/average-ddos-attack-sizes-decrease/, accessed April 14, 2020.