IAS1 - LAP2 - 3B

Bottom-Up Approach

Touch-Down Approach

Lack of cooperation between senior managers and relevant directives

High cost of implementation

Slow response to threats

Policies and procedures formulated by executives

Direct involvement of system administrators

Focus on technical aspects only

Investigation Phase

Analysis Phase

Implementation Phase

To ensure the system remains effective and secure

To develop new features

To conduct user training

Identifying protection requirements through risk assessment

Developing user training programs

Creating marketing strategies

To ensure controls continue to be effective

To develop new software

To conduct user feedback sessions

To validate that controls are effectively implemented

To create new security policies

To train staff on security measures

Authorization of an information system to process information

Development of security software

Training of security personnel

To consider potential security impacts due to changes

To develop new features for the system

To conduct user training