Information Security IBK3IBV01 College 3 Paul J. Cornelisse.

Slides:



Advertisements
Similar presentations
Board Governance: A Key to Quality Organizations
Advertisements

Child Protection Units
Module N° 7 – SSP training programme
Module N° 4 – ICAO SSP framework
USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.
Principles of Standards and Measures
Overview of Priorities and Activities: Shared Services Canada Presentation to the Information Technology Infrastructure Roundtable June 17, 2013 Liseanne.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
IS 700.a NIMS An Introduction. The NIMS Mandate HSPD-5 requires all Federal departments and agencies to: Adopt and use NIMS in incident management programs.
Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Security Controls – What Works
Elements of Planning and Decision-Making
Information Systems Security Officer
Purpose of the Standards
Session 3 – Information Security Policies
HDA’s revised strategic direction and Annual Performance Plan 2013/14 March 2013.
Control environment and control activities. Day II Session III and IV.
Information Technology Audit
School Leadership Evaluation System Orientation SY13-14 Evaluation Systems Office, HR Dr. Michael Shanahan, CHRO.
Internal Auditing and Outsourcing
Peer Information Security Policies: A Sampling Summer 2015.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
Copyright Course Technology 1999
Minnesota’s Internal Control Initiative National Association of State Comptrollers March 25, 2011 Speaker Jeanine Kuwik, MBA, CPA, CISA Director of Internal.
Organization Mission Organizations That Use Evaluative Thinking Will Develop mission statements specific enough to provide a basis for goals and.
SAR as Formative Assessment By Rev. Bro. Dr. Bancha Saenghiran February 9, 2008.
Module 4: Association Personnel – The Executive Director Presented by the Southern Early Childhood Association.
A Proposed Risk Management Regulatory Framework Commissioner George Apostolakis Presented at the Organization of Agreement States 2012 Annual Meeting Milwaukee,
Strong Schools, Strong Communities Strategic Plan Implementation Process and Roles Saint Paul Public Schools has designed the following process and roles.
© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.
Organize to improve Data Quality Data Quality?. © 2012 GS1 To fully exploit and utilize the data available, a strategic approach to data governance at.
1 1 BRANCH: CORPORATE AFFAIRS 1. CORPORATE MANAGEMENT SERVICES To provide financial and strategic support services that enhance service delivery by the.
IAEA International Atomic Energy Agency Reviewing Management System and the Interface with Nuclear Security (IRRS Modules 4 and 12) BASIC IRRS TRAINING.
Information Assurance The Coordinated Approach To Improving Enterprise Data Quality.
Managing the Privacy Function at a Large Company Kimberly S. Gray, Esq., CIPP Chief Privacy Officer Highmark Inc.
Establishing A Compliance Program: It Makes Sense
Roles and Responsibilities
Module N° 8 – SSP implementation plan. SSP – A structured approach Module 2 Basic safety management concepts Module 2 Basic safety management concepts.
08 October 2015 M. Ammar Mehdi Introduction to Human Resource Management & SSG-16 Actions 4 th Steering Committee on Competence of Human.
Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
DRAFT – For Discussion Only HHSC IT Governance Executive Briefing Materials DRAFT April 2013.
Report on the Evaluation Function Evaluation Office.
Building Capability.  In order to successfully operate an architecture function within an enterprise, it is necessary to put in place appropriate organization.
Privacy Project Framework & Structure HIPAA Summit Brent Saunders
1 © Material United States Department of the Interior Federal Information Security Management Act (FISMA) April 2008 Larry Ruffin & Joe Seger.
SACS-CASI Southern Association of Colleges and Schools Council on Accreditation and School Improvement FAMU DRS – QAR Quality Assurance Review April 27-28,
Geoffrey L. Beausoleil Assistant Manager, Office of Operational Support DOE Idaho Operations Office September 12, 2006 Presentation to DOE ISM Champions.
SMS Planning.  Safety management addresses all of the operational activities of the entire organization.  The four (4) components of an SMS are: 1)
DATA IT Senate Data Governance Membership IT Senate Data Governance Committee Membership Annie Burgad, Senior Programmer, Central IT Julie Cannon, Director.
Placing Information Security within an Organization
SACS-CASI Accreditation and the Library Media Program in Public Schools Laura B. Page.
Chief Compliance Officer
THE SECURITY SECTOR REVIEW PROCESS. ISSUES Understanding: -Scope: What are the elements of a SS Review? -Need: Why review the Security Sector? -Process:
ISO CONCEPTS Is a management standard, it is not performance or product standard. The underlying purpose of ISO 1400 is that companies will improve.
© 2009 The McGraw-Hill Companies, Inc. School, Family, and Community Collaboration Chapter 3.
1 Presentation to Portfolio Committee on Education & Training 13 November 2015.
178, 178, , 108, , 208, 80 67, 184, 211 0, 99, 178 STAR-Transition Project October 2011.
Board Structure & Responsibilities Governing Board Online Training Module.
1 MANAGEMENT OF CHANGE LEADERSHIP TOWARDS CHANGE, RENDERING STRUCTURES, FUNCTIONS AND PROCEDURES COMPATIBLE A Case Study of the Kenya Revenue Authority.
Shared Services and Third Party Assurance: Panel May 19, 2016.
School Leadership Evaluation System Orientation SY12-13 Evaluation Systems Office, HR Dr. Michael Shanahan, CHRO.
Establish and Identify Processes  Identify and establish current state:  Roles and responsibilities  Processes and procedures  Operational performance.
SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.
What does the State GIS Coordinator do?
Overview – Guide to Developing Safety Improvement Plan
Overview – Guide to Developing Safety Improvement Plan
Privacy Project Framework & Structure
By Jeff Burklo, Director
School Leadership Evaluation System Orientation SY12-13
Presentation transcript:

Information Security IBK3IBV01 College 3 Paul J. Cornelisse

Organization of Information Security The Internal Information Security Organization

Organization of Information Security To protect their information assets, public and private organizations need to consider how best to manage their information security efforts

Organization of Information Security To ensure comprehensive protection for all the organization’s information, the approach should address information security comprehensively, organization- wide

Organization of Information Security An enterprise-wide approach also facilitates management oversight and coordination of information security efforts

Organization of Information Security The design of the information security management framework should ensure it is properly tuned to the operational needs of the organization, which should primarily focus on the management of risks to its information assets

Organization of Information Security The design of the information security function must provide a management framework The framework permits effective initiation Implementation and control of information security activities within the organization

Organization of Information Security This includes Planning Coordination management of major information security projects as well as Monitoring Measuring Tracking

Organization of Information Security As well as overseeing the implementation of all aspects of the organization information security program

Organization of Information Security To have the requisite level of authority, the information security function must be led by a member of the organization’s management staff be positioned in the organizational management structure where the visibility of information security can be ensured

Organization of Information Security Today, leadership of the information security organization resides at the executive level with most large organizations. The position is that of the Chief Information Security Officer (CISO)

Organization of Information Security The process of organizing information security must address factors such as its mission its composition its placement within the organizational structure its authority towards other elements of the organization its responsibilities the functions it must perform its lines of communication and coordination

Organization of Information Security Based on knowledge of the current state of the organization’s information security posture, as well as the future state, organizations must then perform a gap analysis to identify unmet requirements, and a path forward for meeting them

Organization of Information Security The organization should clearly define the boundaries of the information security function to address interfaces with other internal elements that perform security-related functions

Organization of Information Security These may include: information technology operations personnel security function privacy staff the physical security office

Organization of Information Security Relationships should be documented in coordinated operational agreements charters concepts of operations or CONOPs procedures, etc.

Organization of Information Security Management Support Management must also recognize its own responsibility for information security by communicating this fact both in written and oral means

Organization of Information Security It is within management’s purview to ensure that the goals for the security of organization information are established through strategic and tactical planning maintained, emphasized, and measured

Organization of Information Security Management must act to ensure the organization has a mechanism for creating an information security policy that facilitates goal achievement

Organization of Information Security Management must ensure: the approved information security policy is properly implemented and consequently must take action to ensure that it has a mechanism for monitoring implementation activities for effectiveness

Organization of Information Security Organizational management must render appropriate direction and support for initiatives relating to its information security program

Organization of Information Security awareness campaign rollout of a new security strategy introduction of a new security process or solution Through such efforts, management can promote and foster a culture of security

Organization of Information Security The security of organization information requires a multidisciplinary approach involving: all organizational elements personnel

engage expertise available within the organization to include: the general counsel public affairs facility security and engineering personnel security union management human resources Training Contracting Finance internal audit information technology operations system development capital planning Insurance enterprise architecture Privacy and records management Organization of Information Security

 The objective of cross-organization coordination should be collaboration and cooperation. Organization of Information Security

Contact with Authorities Contact with Special Interest Groups Management Authorization Confidentiality Agreements External Parties Assessment of External Risks

Volgende week: Cryptology