Bucharest, Romania October 2006 The World is Changing and so is Information Assurance Management This document is confidential and is intended solely for.

Slides:



Advertisements
Similar presentations
IT Governance & Quality Management
Advertisements

Auditing Governance Functions
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
Chapter 10 Accounting Information Systems and Internal Controls
Introduction to Enterprise Risk Management (ERM)
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
Agenda COBIT 5 Product Family Information Security COBIT 5 content
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Roger Southgate Past President of ISACA London Chapter Member of the BSI Committees for Service Management and IT Governance Leader.
Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
Security Controls – What Works
ISS IT Assessment Framework
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
Information Security Governance and Risk Chapter 2 Part 1 Pages 21 to 69.
Aust. AM Collaborative Group (AAMCOG) An introduction to ISO “What to do” guide 20th October 2014.
NIST framework vs TENACE Protect Function (Sestriere, Gennaio 2015)
“The Impact of Sarbanes Oxley, An Evolving Best Practice” Ellen C. Wolf Senior Vice President & Chief Financial Officer American Water National Association.
Information Systems Controls for System Reliability -Information Security-
1 Business Continuity and Compliance Working Together Kristy Justice, AVP WaMu Card Services 08/19/2008.
COSO Framework Update IIA Columbus Chapter May 17, 2013
Chicagoland IASA Spring Conference
Auditing Cloud Computing: Adapting to Changes in Data Management IIA and ISACA Joint Meeting March 12, 2013 Presented by: Jay Hoffman (AEP), John Didlott.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Consultancy.
© 2010 Plexent – All rights reserved. 1 Change –The addition, modification or removal of approved, supported or baselined CIs Request for Change –Record.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
A NASSCOM ® Initiative Security and Quality Kamlesh Bajaj CEO, DSCI May 23, 2009 NASSCOM Quality Summit Hyderabad 1.
Information Security Framework & Standards
No one questions that Microsoft can write great software. Customers want to know if we can be innovative, scalable, reliable in the cloud. (1996) 450M+
Evolving IT Framework Standards (Compliance and IT)
Business Analysis: A Business Unit Perspective International Institute of Business Analysis January 18, 2012.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Challenges in Infosecurity Practices at IT Organizations
CSI - Introduction General Understanding. What is ITSM and what is its Value? ITSM is a set of specialized organizational capabilities for providing value.
Roadmap to Maturity FISMA and ISO 2700x. Technical Controls Data IntegritySDLC & Change Management Operations Management Authentication, Authorization.
An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0.
Committee of Sponsoring Organizations of The Treadway Commission Formed in 1985 to sponsor the National Commission on Fraudulent Financial Reporting “Internal.
© 2011 Underwriters Laboratories Inc. All rights reserved. This document may not be reproduced or distributed without authorization. ASSET Safety Management.
© 2008 IBM Corporation Challenges for Infrastructure Outsourcing July 29, 2011 Atul Gupta Vice President, Strategic Outsourcing, IBM.
Holistic Approach to Security
Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.
IT Governance: COBIT, ISO17799 & ITIL. Introduction COBIT ITIL ISO17799Others.
ERP For Payments Presented by: Greg Midtbo Oracle Corporation Industry Vice President Financial Services.
Working with HIT Systems
Designing Services for Security: Information Security Management throughout the Service Lifecycle Sarah Irwin & Craig Haynal 2015 Penn State Security Conference,
Samantha Schreiner University of Illinois at Urbana- Champaign BA 559 – Professor Michael Shaw December 15 th, 2008 A Survey of IT Governance Through COBIT,
Vendor Management from a Vendor’s Perspective. Agenda Regulatory Updates and Trends Examiner Trends Technology and Solution Trends Common Issues and Misconceptions.
Kathy Corbiere Service Delivery and Performance Commission
Strategies for making evaluations more influential in supporting program management and informing decision-making Australasian Evaluation Society 2011.
ISA99 - Industrial Automation and Controls Systems Security
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
CSC4003: Computer and Information Security Professor Mark Early, M.B.A., CISSP, CISM, PMP, ITILFv3, ISO/IEC 27002, CNSS/NSA 4011.
COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.
1© Copyright 2016 EMC Corporation. All rights reserved. VIEWTRUST SOFTWARE OVERVIEW RISK MANAGEMENT AND COMPLIANCE MONITORING.
What is ISO Certification? Information is a valuable asset that can make or break your business. When properly managed it allows you to operate.
Donald JG Chiarella, PhD, CISM, CDMP, PEM, CHS-CIA, MBA.
Dr. Yeffry Handoko Putra, M.T
BIL 424 NETWORK ARCHITECTURE AND SERVICE PROVIDING.
EITS Planning & Decision Support
Introduction to the Federal Defense Acquisition Regulation
IS4680 Security Auditing for Compliance
Holistic Approach to Information Security
Cybersecurity ATD technical
KEY INITIATIVE Shared Services Function Management
IT Management Services Infrastructure Services
MANAGEMENT of INFORMATION SECURITY, Fifth Edition
Presentation transcript:

Bucharest, Romania October 2006 The World is Changing and so is Information Assurance Management This document is confidential and is intended solely for the use and information of the client to whom it is addressed.

1 What is Information Assurance (IA)? IA is fundamentally all about ensuring the Confidentiality, Integrity and Availability of assets (e.g., information systems, infrastructure, and data) Specifically:  Information Assurance (IA) is a subset of Information Operations (IO). IA are actions that protect and defend information assets and information systems / infrastructures by ensuring availability, integrity, authentication, confidentiality, and non-repudiation  This includes resilience, providing for restoration of information systems by incorporating protection, detection, and reaction capabilities  Source: U.S. Dept. of Defense, Joint Staff, Joint Publication 3-13 Information Operations The Security Life Cycle applies to systems from program initiation through disposal, as well as the enterprise management activities of policy, strategy, and program development, training, and risk management.  Risk Assessment  Security Requirements  Security Budgeting  Information  Media Sanitization  Sensitivity Assessment  Back-ups  Awareness and Training  Access Control  Plan Updates  Audit & Monitor  Key Management  Security Features Enabled  Test and Evaluation  Technology Research  Product Evaluations  Automation Support  Training  IA Standards Support  DISA SRR/STG  Quality Assurance  Configuration Management  Risk Management  Defense in Depth  GIG / NCES  CDS  NSTISSP #11  Common Criteria  IATF / DoDAF / ISO / COSO / CobiT  DCID 6/3 DITSCAP / NIACAP  FISMA / HSPD-12 / NIST / HIPPA / SOX  Infrastructure / PKI / PKE Guiding Processes and Technology Ongoing Support Services  Installation  Certification & Accreditation Security 101

2 Organizations are living in an evolving world full of diverse pressures  Technology enables business to deliver a greater variety and quality of services  Existing technology improves  New technology offers new business capabilities  Enterprises conduct business in different economic systems, jurisdictions. and legal systems  Employees are separated by distance and time  Operations have to adjust to local infrastructures  Western countries are experiencing engineering skills shortage  Other countries can provide qualified staff in a more cost- effective manner  Changing technology introduces new vulnerabilities  New technology introduces new classes of vulnerabilities  Enterprises conduct business in different economic systems, jurisdictions. and legal systems  Employees are separated by distance and time  Operations have to adjust to local infrastructures  Multicultural workforce think and communicate differently  Diverse cultural assumptions and loyalties increase complexity of managing a global enterprise DriversImplications How do these apply to your situation? Technology Globalization Human Capital Business Drivers Technology Globalization Human Capital Regulations Standards Frameworks Convergence Outsourcing Governance Trends Business Environment Macro Trends Information Assets Industry Trends

3 Governments and industry responded to these business drivers with regulation and proliferation of standards and frameworks Regulatory Compliance, Frameworks, and Standards Drivers  Basel II  Sarbanes Oxley Act  Health Insurance Portability and Accountability Act (HIPAA)  OECD Guidelines  Energy Policy Act of 2005  ISO/IEC and series  NIST FISMA Standards and Guidance  ISO/IEC 21827, System Security Engineering Capability Maturity Model  Committee of Sponsoring Organizations of the Treadway Commission (COSO) Framework  Control Objectives for Information and related Technology (CobiT ®)  IT Infrastructure Library (ITIL)  Capability Maturity Model Integration (CMMI®)  Project Management Body of Knowledge PMBOK®)  Risk of non-compliance, including penalties, legal action, loss of customer confidence  Increased costs of compliance  Increased cost of multiple standard and frameworks compliance  Potential inconsistencies among implementation by organizational components  Confusion regarding applicability to individual environments  Provide consistency in audit processes  Allows for comparability between systems within an organization  Allows audit committees to more effectively plan and budget for reviews DriversImplications Regulations Standards Frameworks Technology Globalization Human Capital Regulations Standards Frameworks Convergence Outsourcing Governance Trends Industry Trends Business Environment Macro Trends Information Assets

4 Industry is adjusting the way it does business to evolving macro and governance trends Industry Trends Globalization Human Capital Regulations Standards Frameworks Convergence Outsourcing Governance Trends Business Environment Macro Trends Information Assets  Availability of expertise located in other countries  Reduced costs of doing business  Leverage of already existing experience gained with other clients  Reduced need to keep multiple sets of experts in house  Reliance on a variety of data for decision making  Increase in volume of data  Reliance on infrastructure, people, and facilities to deliver data  The expanding enterprise  Value migration from physical to intangible and information- based assets  New protective technologies impact several functional areas  New compliance and regulatory regimes  Continuing pressure to reduce cost  Outsourcing reduces focus on controls  Performance measurement depends on the quality of SLA  Lack of clarity regarding organizational responsibility  Data confidentiality issues with large service providers working for multiple clients  Prioritization is driven by service provider vs. the customer  Loss of key corporate knowledge to outsourced staff Drivers Implications Outsourcing Information Assets Convergence Technology  Increasing complexity of what constitutes an asset  Increasing challenge identifying asset ownership  Challenges of prioritizing assets for protection  Shift to enterprise-based view  Need for new risk mitigation approaches Industry Trends

5 Emerging business trends can no longer be addressed by applying current practices and processes Industry’s Leading Practices Technology Globalization Human Capital Regulations Standards Frameworks Convergence Outsourcing Governance Trends Industry Trends Business Environment Macro Trends Information Assets  Enterprise  People  Technology Assets and Infrastructure  Information and Data  Physical Plant  Resiliency Relationships  Service Delivery  Resiliency Sustainability Operational Resiliency Capabilities

6 Technology Risks Technology and Information Risks Technology and Information-Related Business Risks Risk- Driven Building an enterprise security program based on a business risk- aligned approach will allow your organization to effectively manage risk Scope Evolution of Information Security Functions Stages of Evolution Past  Focus on risks in technology infrastructure  Agenda shaped by technology developments and security incidents Current  Scope broadened to include confidentiality, integrity and information assurance  Reactive business alignment, based on audit functions and regulatory compliance Desired  Information and technology risk integrated into overall risk umbrella  Risk-based techniques used to help business set agenda and accept residual risk Event- driven Audit- Driven Approach Technology Focus 1 Compliance- Driven 2 Risk Management 3 Security can only be accomplished with a blend of technical and management solutions Industry’s Leading Practices

7 Implications for Romanian Organizations Opportunities and Implications Product and Technical Services Vendors  Enterprises are increasingly willing to rely on outside IA and InfoSec vendors in strategic roles.  Some enterprises are actively looking for vendors from emerging markets that can provide new skills and mirror the cultural and geographic spread of their companies.  But, they will require that vendors sell and deliver services and products the context of risk management frameworks they understand and use. Government and Enterprises  Users will require that IA Systems and Policies make information not only secure but also available and trustworthy when and where needed.  It is important to segment users by Quality of Service requirements in order to maintain Security in all cases while delivering the needed Availability at the needed Cost.  The Risk Management model accepts that not all risks can be eliminated. It is important to accurately assess what risks are acceptable and to develop a communication and recovery strategy to deal with potential and actual breaches.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.