Presentation is loading. Please wait.

Presentation is loading. Please wait.

The 10 Deadly Sins of Information Security Management

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "The 10 Deadly Sins of Information Security Management"— Presentation transcript:

1 The 10 Deadly Sins of Information Security Management
Basie von Solms & Rossouw von Solms, Computers & Security (23), , 2004 Presented by Bhavana Reshaboina

2 Introduction The authors talk about 10 essential aspects to be taken into account when implementing/planning for an information security plan

3 Information Security Is A Corporate Governance Responsibility
Laws and legal requirements emphasize the integration of information security with corporate governance Compromised informational assets can lead to financial and legal implications Top management has to be involved in ensuring the protection of sensitive information

4 Information Protection Is Not A Technical Issue Alone
Securing informational assets is a business issue as much as it is a technical one Information protection is an investment Investment decisions are business decisions

5 Information Security Governance Is A Multi-dimensional Discipline
Various dimensions collectively contribute towards a secure environment Some examples are legal, personnel, technical, ethical, organizational etc Single dimension, product or tool results in lopsided solutions All the important dimensions must be should be taken into account

6 Information Security Plan Must Be Based On Identified Risks
Know what assets need protection Know what are the potential threats If security planning is not based on risk analysis, spends time and money on unclear objectives

7 Adopting Best Practices For Information Security Governance
Learn from the success and failure experiences of others The ‘bread & butter’ aspects of information security are the same in most IT environments Challenge is to ‘Do the right thing at the right time’ Use of documented ‘Standards and Guidelines’ should be the starting point

8 A Corporate Information Security Policy Is Absolutely Essential
Security policy is the heart of any security management plan Starting point and reference on which all other security related sub-policies or standards are based on Must be signed by the top executives of the company

9 Information Security Compliance Enforcement, Management Essential
No use of a perfect security policy if it is not enforced to effect Continuous monitoring is needed to ensure proper compliance ‘That which can be measured can be managed’ Technical and non-technical tools must be used to monitor the policy at real time

10 Proper Information Security Governance Structure Is Essential
Governance structure refers to organizational structure, job responsibilities, communication flow etc Structured chaos is good It brings clarity and accountability in the security management plan

11 Information Security Awareness Among Users Is Important
Users unaware of the security policies and potential risks arising due to their activities render the best security planning ineffective User’s should not be made the weakest link Money spent on user awareness is some of the best money spent on information security

12 Empower Managers To Support Information Security
Information security manager cant run a one man show Necessary infrastructure, tools and supporting mechanisms need to be provided

13 Conclusions Creating and implementing a proper information security program is based on the understanding of the essential issues unique to IT security Any plan that addresses these core issues would serve to protect the IT assets suitably

14 Thank You! Questions and comments are welcome

Download ppt "The 10 Deadly Sins of Information Security Management"

Similar presentations

EMS Checklist (ISO model)

EMS Checklist (ISO model)
PRESENTATION ON MONDAY 7 TH AUGUST, 2006 BY SUDHIR VARMA FCA; CIA(USA) FOR THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER.

PRESENTATION ON MONDAY 7 TH AUGUST, 2006 BY SUDHIR VARMA FCA; CIA(USA) FOR THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER.
Environmental Management System (EMS)

Environmental Management System (EMS)
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.

ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.

1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
Developing Information Security Policy. Why is Developing Good Security Policy Difficult? Effective Security/IA Policy is more than locking doors and.

Developing Information Security Policy. Why is Developing Good Security Policy Difficult? Effective Security/IA Policy is more than locking doors and.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
IT Planning.

IT Planning.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
Pertemuan 11-12 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Pertemuan Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
Why Managers Must Understand IT Managers play a key role –Frame opportunities and threats so others can understand them –Evaluate and prioritize problems.

Why Managers Must Understand IT Managers play a key role –Frame opportunities and threats so others can understand them –Evaluate and prioritize problems.
© 2013 Cengage Learning. All Rights Reserved. 1 Part Four: Implementing Business Ethics in a Global Economy Chapter 8: Developing an Effective Ethics Program.

© 2013 Cengage Learning. All Rights Reserved. 1 Part Four: Implementing Business Ethics in a Global Economy Chapter 8: Developing an Effective Ethics Program.
Chapter 10 Managing the Delivery of Information Services.

Chapter 10 Managing the Delivery of Information Services.
Implementing and Auditing Ethics Programs

Implementing and Auditing Ethics Programs
QUALITY, ENVIRONMENTAL AND OCCUPATIONAL HEALTH AND SAFETY POLICY.

QUALITY, ENVIRONMENTAL AND OCCUPATIONAL HEALTH AND SAFETY POLICY.
Control environment and control activities. Day II Session III and IV.

Control environment and control activities. Day II Session III and IV.
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing

Similar presentations

Ads by Google