Presentation is loading. Please wait.

Presentation is loading. Please wait.

INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.

Published byQuentin Hines Modified over 9 years ago

Similar presentations

Presentation on theme: "INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance."— Presentation transcript:

1 INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance

2 INFORMATION SECURITY GOVERNANCE (ISG) Should be a part of the internal controls and policies that constitute corporate governance –To accomplish the goal of making information security, an integral part of core business operations –To secure the information assets

3 MAJOR ELEMENTS OF THE ISG FRAMEWORK Organizational Responsibilities and Authority –Describes the ISG responsibilities and functions Of each member of an organization, including the Board of Directors/Trustees, Senior Executive, Executive Team Members, Senior Managers and all employees. –Each has a significant role to play in ISG.

4 MAJOR ELEMENTS OF THE ISG FRAMEWORK Information Security Program Components –Describe the essential components of an information security program with detailed guidance specified in the security practices of ISO/IEC 17799. This includes assessment, policies and procedures, training, testing, remediation of risks, detection and response to incidents and business continuity planning.

5 MAJOR ELEMENTS OF THE ISG FRAMEWORK Reporting and Independent Evaluation Recommendations –Describe the contents, frequency and audience for reporting to satisfy governance oversight requirements. –Each independent organizational unit should assess, remediate, and report on its information security program

6 MAJOR ELEMENTS OF THE ISG FRAMEWORK Reporting and Independent Evaluation Recommendations –Annually, an independent information security program evaluation should be completed based on generally accepted auditing standards the results should be reported to the Board of Directors/Trustees

7 Benefits of Implementing the ISG Framework Facilitates compliance with applicable legislative, regulatory and contractual requirements.

8 Benefits of Implementing the ISG Framework Additional tangible business benefits- –Improved internal processes and controls Authentication, authorization and auditability of the people, devices and applications on the network improves efficiency and effectiveness of business processes. –Potential to reduce cost of audit and insurance Through better governance and the ability to demonstrate an auditable, complete ISG program

9 Benefits of Implementing the ISG Framework Additional tangible business benefits- –Market differentiation through a continuous improvement process This is a method for improving productivity and customer loyalty. Ultimately, quality becomes a market differentiator. In course of time, an ISG program may also provide results to help determine a market leader.

10 Benefits of Implementing the ISG Framework Additional tangible business benefits- –Self-governance as a better alternative to regulation Implementation of an industry-led solution based on open standards and best practices would help mitigate the requirement for new governmental regulation. Should new legislations emerge, organizations that have invested in an ISG program are likely to benefit

11 CYBER SECURITY GOVERNMENT REGULATIONS REGULATIONS BY CIOs & IT DEPARTMENTS COMPUTER FORENSICS – Application of Computer investigation and analysis techniques

Download ppt "INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance."

Similar presentations

Module N° 3 – ICAO SARPs related to safety management

Module N° 3 – ICAO SARPs related to safety management
Session No. 4 Implementing the State’s Safety Programme Implementing Service Providers SMS 1 1 1.

Session No. 4 Implementing the State’s Safety Programme Implementing Service Providers SMS
Organizational Governance

Organizational Governance
Www.theiia.org WHO, WHAT, HOW Your Internal Audit Team …by your side. …at your service. …in your best interests.

WHO, WHAT, HOW Your Internal Audit Team …by your side. …at your service. …in your best interests.
VALUE OF INTERNAL AUDITING: ASSURANCE, INSIGHT, OBJECTIVITY A PRESENTATION TO STAKEHOLDERS ABOUT THE VALUE OF INTERNAL AUDITING.

VALUE OF INTERNAL AUDITING: ASSURANCE, INSIGHT, OBJECTIVITY A PRESENTATION TO STAKEHOLDERS ABOUT THE VALUE OF INTERNAL AUDITING.
Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.

Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.
Www.theiia.org Your Internal Audit Team …by your side. …at your service. …in your best interests.

Your Internal Audit Team …by your side. …at your service. …in your best interests.
CIP Cyber Security – Security Management Controls

CIP Cyber Security – Security Management Controls
NAIC Oversight of Corporate Governance Commissioner Susan Donegan Vermont Department of Financial Regulation.

NAIC Oversight of Corporate Governance Commissioner Susan Donegan Vermont Department of Financial Regulation.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Security Controls – What Works

Security Controls – What Works
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
TEL382 Greene Chapter 11. 10/27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.

TEL382 Greene Chapter /27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.
Information Security Governance in Higher Education Policy2004 The EDUCAUSE Policy Conference Gordon Wishon EDUCAUSE/Internet 2 Security Task Force This.

Information Security Governance in Higher Education Policy2004 The EDUCAUSE Policy Conference Gordon Wishon EDUCAUSE/Internet 2 Security Task Force This.
Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.

Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.
Control environment and control activities. Day II Session III and IV.

Control environment and control activities. Day II Session III and IV.
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
Session No. 3 ICAO Safety Management Standards ICAO SMS Framework

Session No. 3 ICAO Safety Management Standards ICAO SMS Framework
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Similar presentations

Ads by Google