Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright Security-Assessment.com 2004 Information Security Management A Process Driven Approach by Peter Benson and Phillip Mawson.

Published byAidan Bussell Modified over 10 years ago

Similar presentations

Presentation on theme: "Copyright Security-Assessment.com 2004 Information Security Management A Process Driven Approach by Peter Benson and Phillip Mawson."— Presentation transcript:

1 Copyright Security-Assessment.com 2004 Information Security Management A Process Driven Approach by Peter Benson and Phillip Mawson

2 Copyright Security-Assessment.com 2004 Overview  Information Security Management (ISM)  Task centred approach to ISM  Pro’s and Con’s  Process centred approach to ISM  Pro’s and Con’s  Process Example  Questions

3 Copyright Security-Assessment.com 2004 Information Security Management Challenges  Security threat growing  Pressure to reduce IT operational spend  Centralisation of infrastructure access technology  Growth of online e-business  Rapidly changing environments

4 Copyright Security-Assessment.com 2004 Information Security Management Process Centred vs task centred Security Management  Task: A unit of work  Process: A complete end to end set of tasks that together create values for a client.  Generally speaking Security Management today is task focused

5 Copyright Security-Assessment.com 2004 Task Centred Approach  Define Policy (password age 30 days)  Audit environment against policy  Identify level of non compliance  Action plan to address non-compliance  Re-audit environment to assess progress

6 Copyright Security-Assessment.com 2004 Task Centred Approach Disadvantages  Lots of tasks  It’s expensive  Often business value is unclear  Susceptible to policy idealism (long live practical security policies)

7 Copyright Security-Assessment.com 2004 Process Centred Approach Existing security processes security process quality system

8 Copyright Security-Assessment.com 2004 Process Centred Approach Advantages  Starting point is current state  Overcomes snapshot limitations  Process focus keeps things practical  Process view is cheaper than policy view  Simplified technology roadmap

9 Copyright Security-Assessment.com 2004 Security Patch Management Process Identify & Assess Manage Monitor Audit

10 Copyright Security-Assessment.com 2004 Identify & Assess

11 Copyright Security-Assessment.com 2004 Manage

12 Copyright Security-Assessment.com 2004 Monitor

13 Copyright Security-Assessment.com 2004 Information Security Management Process Centred Approach – quick tips  Process owners, doers and reviewers  Process abdication is bad  But we don’t have a process for that ???  Measurement is key

14 Copyright Security-Assessment.com 2004 Questions

Download ppt "Copyright Security-Assessment.com 2004 Information Security Management A Process Driven Approach by Peter Benson and Phillip Mawson."

Similar presentations

Outsourced Applications and Hosting Dr Richard M Marshall Technical Director Rapid Mobile Media Ltd www.rapid-mobile.com June 7, 2004.

Outsourced Applications and Hosting Dr Richard M Marshall Technical Director Rapid Mobile Media Ltd June 7, 2004.
Project Management with VIVA PPM Tool (Project Portfolio Management)

Project Management with VIVA PPM Tool (Project Portfolio Management)
The Cost of Open Access? RCS Workshop Conference Aston 23rd July 2010 Bill Hubbard Centre for Research Communications University of Nottingham.

The Cost of Open Access? RCS Workshop Conference Aston 23rd July 2010 Bill Hubbard Centre for Research Communications University of Nottingham.
The benefits of more effective research data management in UK universities Neil Beagrie Charles Beagrie Limited MRD Programme Conference Birmingham March.

The benefits of more effective research data management in UK universities Neil Beagrie Charles Beagrie Limited MRD Programme Conference Birmingham March.
Mid-market server campaign – thru partner presentation: Slide for presenter only: do not show Speaker: Partner Title of Presentation: Giving you the power.

Mid-market server campaign – thru partner presentation: Slide for presenter only: do not show Speaker: Partner Title of Presentation: Giving you the power.
City of Boroondara Mobile Device Management

City of Boroondara Mobile Device Management
PhoenixPro Procurement. technology. contracts. projects.

PhoenixPro Procurement. technology. contracts. projects.
Collaborating By: Mandi Schumacher.

Collaborating By: Mandi Schumacher.
© Copyright 2006 SkyView Partners Inc. All rights reserved. www.skyviewpartners.com 1 Introducing: SkyView Policy Minder for i5/OS and OS/400 “In today’s.

© Copyright 2006 SkyView Partners Inc. All rights reserved. 1 Introducing: SkyView Policy Minder for i5/OS and OS/400 “In today’s.
RISK ASSESSMENT Identify, Assess and Control risks quickly and efficiently with BDC risk reports BDC’s Updated Risk Assessment Reports Copyright © 2010.

RISK ASSESSMENT Identify, Assess and Control risks quickly and efficiently with BDC risk reports BDC’s Updated Risk Assessment Reports Copyright © 2010.
Mobility in Government Consolidation & Wrap-up Lee Naik3 Oct 2013.

Mobility in Government Consolidation & Wrap-up Lee Naik3 Oct 2013.
The RAN ONE Advantage The Challenges of Owning a Business A Partnership to Grow Your Business A RAN ONE Accountant…The Right Choice About the RAN ONE Network.

The RAN ONE Advantage The Challenges of Owning a Business A Partnership to Grow Your Business A RAN ONE Accountant…The Right Choice About the RAN ONE Network.
Crossing Disciplinary and Methodological Boundaries Peter Halfpenny Executive Director National Centre for e-Social Science NCRM Research Methods Festival.

Crossing Disciplinary and Methodological Boundaries Peter Halfpenny Executive Director National Centre for e-Social Science NCRM Research Methods Festival.
© Mailbarrow Spreadsheet Professional Getting Your Spreadsheet Numbers Under Control A 5 minute presentation by Mailbarrow www.mailbarrow.com.

© Mailbarrow Spreadsheet Professional Getting Your Spreadsheet Numbers Under Control A 5 minute presentation by Mailbarrow
Experience World Class Processes!© Adaptive Processes Consulting Juggling the Balls Art of Managing Multiple Standards Implementation LN Mishra Principal.

Experience World Class Processes!© Adaptive Processes Consulting Juggling the Balls Art of Managing Multiple Standards Implementation LN Mishra Principal.
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, 2007. This work is the intellectual property rights of the author.

Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.
PCI Compliance Roundtable Update Presented by the PCI Compliance Task Force.

PCI Compliance Roundtable Update Presented by the PCI Compliance Task Force.
ISS IT Assessment Framework

ISS IT Assessment Framework
 Controls that provide security against internal and external threats  2 Types of access controls: › Physical controls › Logical controls.

 Controls that provide security against internal and external threats  2 Types of access controls: › Physical controls › Logical controls.

Similar presentations

Ads by Google