Effective Security Structure
To survey and administer user activity, you must understand the practices and principles that comprise an effective security infrastructure.
This module will explain the elements of security and discuss how to administer and audit activity.
By the end of this module, you will be able to
- Identify the most important security elements
- Describe security standards in current use
- Identify key authentication techniques
- Understand the need for access control methods
- Describe the three main encryption methods
- Describe the application of encryption to security
- Explain the need for auditing and some auditing basics
The purpose of this module is to take the wide variety of regulations combined with industry best practices and define the essential elements of an effective IT security program. An effective program includes many elements and the task seems impossible as you begin reading the literally thousands of pages of security documentation published by the (NIST) National Institute of Standards and Technology, the Office of Management and Budget (OMB), the National Security Agency (NSA).
This module is not intended to identify every security program element in detail, but should give the reader a good basis on how to implement an effective security program. The five critical elements of a security program are the following:
- Periodically Assess Risk
- Document an entity-wide security program plan
- Establish a security management structure and clearly assign security responsibilities
- Implement effective security-related personnel policies
- Monitor the effectiveness of a security program and make changes as necessary