Chapter 45 – |
Management Responsibilities and Liabilities |
Carl Hallberg
Arthur Hutt
M. E. Kabay, PhD, CISSP
Chapter Contents:
|
45.1 |
|
Introduction
|
|
45.2 |
|
Responsibilities
|
|
45.2.1 |
|
Policy Management
|
|
45.2.2 |
|
Motivation
|
|
45.2.3 |
|
Supervision
|
|
45.2.4 |
|
Judgement and Adaptation
|
|
45.2.5 |
|
Management Failures
|
|
45.2.6 |
|
Risk Management
|
|
45.3 |
|
Liabilities
|
|
45.3.1 |
|
Case Study
|
|
45.3.2 |
|
Stakeholders
|
|
45.3.3 |
|
Due Diligence of Care
|
|
45.3.4 |
|
Downstream Liability
|
|
45.3.5 |
|
Audits
|
|
45.4 |
|
Computer Management Functions
|
|
45.4.1 |
|
Planning for Computer Security
|
|
45.4.2 |
|
Organizing
|
|
45.4.3. |
|
Integrating
|
|
45.4.4 |
|
Controlling
|
|
45.5 |
|
Security Administration
|
|
45.5.1 |
|
Staffing the Security Function
|
|
45.5.2 |
|
Authority and Responsibility
|
|
45.5.2.1 |
|
Establish Policy Statements And Guidelines For Information Protection
|
|
45.5.2.2 |
|
Identify Vulnerabilities And Risks
|
|
45.5.2.3 |
|
Recommend Protective Measures
|
|
45.5.2.4 |
|
Control The Implementation Of Protective Measures
|
|
45.5.2.5 |
|
Measure Effectiveness Of Security Precautions
|
|
45.5.2.6 |
|
Promote Security Awareness And Security Education
|
|
45.5.3 |
|
Professional Accreditation
|
|
45.6 |
|
Summary
|
|
|
|