Search the Web for the Forum of Incident Response and Security Teams (FIRST). In your own words, what is the forumís mission? The Forum of Incident Response and Security Teams (FIRST) is an international group of IT security teams who work to stay ahead of different types of computer threats. Their mission statement discusses providing its members with technical information, tools guidance and assistance for both government entities and the private sector alike.
Search the Web for two or more sites that discuss the ongoing responsibilities of the security manager. What other components of security management can be adapted for use in the security manager model?
Solstice Enterprise Manager Application Development Guide http://www.dkrz.de/~k202046/em/products/sem/Manuals/dev_guide/network.doc.html#4
HP Open View Performance Insight Courses: Student Pre-course Study Guide http://www.hp.com/education/briefs/u1614s_prestudy.pdf
Raise your organizationís cyber security preparedness, and to propel your people and their potential. Organizations receiving Education Services lower their risks, increase their return on technology investment and best achieve business outcomes.
The ISO network management model addresses management and operation through five topics:
∑ Fault management.
∑ Configuration and name management.
∑ Accounting management.
∑ Performance management.
∑ Security management.
A major component of the network management that can be adapted to the security management model is a firewall that serves dual role to keep external intrusion from entering an organizations internal data for the confidential, integrity and availability.
1. This would fall under the Incident Response portion of the model as the filter removed the questionable attachment prior to it arriving in the inbox of the recipient. This could have been a malicious attachment which could have infected the network as a result of being opened, but instead it was filtered out and not allowed into the network.
2. I would advise SLS to select a security model that is not only effective, but feasible within their company. Having a security model that requires man power that they cannot facilitate, no matter how good it looks on paper, will not help them with their security needs.
Ethical Decision Making:
I think there can be an argument made for boths viewpoints on this matter. On one hand, Charlie isnít the best person to be doing the review as he will not be affected by its outcome, nor will he be privy to what the results will be being he will be leaving the company. With that in mind, handing off this responsibility to whomever will be his replacement may make sense.
However, on the other hand it is part of his current responsibilities and he is being compensated to accomplish them. Putting it off for someone else isnít what he is being asked to do and therefore, I could understand if someone were to say that this move is unethical.