Overview
Read this article from a comprehensive knowledge base, updated and supplemented with articles reviewed by scientific committees.
Read the articleAUTHOR
-
Robert LONGEON: Information Systems Security Officer - CNRS General Management
INTRODUCTION
The organization of ISS can be viewed from a number of different angles. For example, it can be seen in terms of essential principles, the most important of which is undoubtedly to never forget that security is first and foremost the responsibility of those involved in the system. But it's not enough to set out the principles; we also need to specify the organizational consequences to be drawn from them. This is done in the first paragraph for the most important of them.
In the second paragraph, we look at ISS from the angle of the link between technology and organization, since technical resources, like security, are not an end in themselves, but serve objectives within the framework of a company or an administration, which have their own strengths and weaknesses. The third paragraph reviews a number of structures and procedures which, while not models for all, provide a better understanding of how to implement a safety organization. Finally, the fourth paragraph explains why a security policy cannot be designed, implemented or managed without a methodological approach, why a security organization cannot be set up without starting with a risk analysis, and how international standards dealing with security organization, administration and auditing are an integral part of this approach. We conclude this section by describing the content of a dashboard and its role in steering a safety policy, which would otherwise remain static.
Exclusive to subscribers. 97% yet to be discovered!
You do not have access to this resource.
Click here to request your free trial access!
Already subscribed? Log in!
The Ultimate Scientific and Technical Reference
This article is included in
Security of information systems
This offer includes:
Knowledge Base
Updated and enriched with articles validated by our scientific committees
Services
A set of exclusive tools to complement the resources
Practical Path
Operational and didactic, to guarantee the acquisition of transversal skills
Doc & Quiz
Interactive articles with quizzes, for constructive reading
Organization of the company's SSI
References
- (1) - Sécurité informatique : manager et assurer. - AFNOR normes, fév. 2002. http://www.afnor.fr
- (2) - CLUSIF, MEHARI - août 2000. http://www.clusif.asso.fr ...
Exclusive to subscribers. 97% yet to be discovered!
You do not have access to this resource.
Click here to request your free trial access!
Already subscribed? Log in!
The Ultimate Scientific and Technical Reference