Chapter 5 summary

Chapter 5 summary:

This chapter focus on how information security program can structure and organize risk contains that may be faced by organization. Every organization should have security team that assessing information security functions to make sure about the security level of services that will deliver to organization members. Information security must be divided into four areas, which are non-technical areas, IT group, within the information security department serving organization customers and within the information security department as a compliance enforcement obligation. The number of information security specialist depends on the size of the organization from small to large organization. It is very important in information security to select a qualified people to work in this section, which required being fully prepared as well as strong background about the mission before being started to be able to deliver best work quality to organization members and customers. Finally, security warning can be delivered to people as email, flyer, recorded video describes the current risk and newsletter.

In my opinion, this chapter gives tips helping reader to understand how to develop entire security program producing system can protect all functions are existing in organization whether for large or small community. 

 

Chapter 6 summary:

This chapter explaining various security management models such as access control models, security architecture models and security management models as well as this chapter describing each model in details, such as what the model providing, what this model used for and giving definition of each standard as well as what requirements need to be gained in order reach the level. This chapter discusses Mandatory access controls (MAC), Trusted computer system evaluation (TCSES), Harrison-Ruzzo-Ullman (HRU), Control objectives for information and related technology (COBIT) and Information technology infrastructure library (ITIL).

Basically, this chapter helpful to understand the security management and its standards as well as explain each model functions and what requirement organization need to have in order to has powerful security system.