Post on 06-Feb-2015
description
transcript
WIKEPEDIA
Governance makes decisions that define expectations, grant power, or verify performance.
It consists either of a separate process or of a specific part of management or
leadership processes.
Security Governanceas a model for the management of corporate information
Security Risk Management Australasia 2007
Drivers sox, basel II, national legislation, IT accountability, risk mitigation
DerivativesIT management framework, provisioning framework,
information security framework
Directionunified
management systems standards PAS99 & other initiatives
Security Governanceas a model for the management of corporate information
Security Risk Management Australasia 2007
IT governance
Security Governanceas a model for the management of corporate information
Security Risk Management Australasia 2007
advantages of a governance framework?
No reinvention required
Excellent signposting tool
Encapsulates best practices
Knowledge sharing
Auditable
Security Governanceas a model for the management of corporate information
Security Risk Management Australasia 2007
Management cycle from 4 different governance frameworks
Governance frameworks
Security Governanceas a model for the management of corporate information
Security Risk Management Australasia 2007
The impact of governance on information
Security Governanceas a model for the management of corporate information
Security Risk Management Australasia 2007
The impact of internal & external influences on information
Corporate Information Asset
unavailable
available
unavailable
available extracorporationimpact
intracorporationimpact
conditions conditions
conditionsconditions
organisationalboundary
Patient Personal Info
unavailable
availablepatient care
classification issuesinformation leak
access control issues
billingpersonal injury
organisationalboundary
personal injuryidentity theft
brand confidencefraud exposure
Security Governanceas a model for the management of corporate information
Security Risk Management Australasia 2007
The impact of internal & external influences on information
Security Governanceas a model for the management of corporate information
Taken from the ISO Guide 72 on justification and drafting of management system standards, http://www.tc176.org/PDF/News_Articles/2002/2002_7.pdf
Security Risk Management Australasia 2007
Security Governanceas a model for the management of corporate information
Security Risk Management Australasia 2007
ISO/IEC27001 ACSI33 ISF – Best Practices ISM3
Some leading frameworks
Security Governanceas a model for the management of corporate information
Security Risk Management Australasia 2007
Cybercrime Act 2001 Information Confidentiality Telecommunications act 1997 Tax act 1999
Legislation
Security Governanceas a model for the management of corporate information
Security Risk Management Australasia 2007
Governance & the advantages of a framework
We discussed the various IT governance frameworks and the commonalities between frameworks
We then looked at information security and the different types of Information security governance frameworks available and the impact standards and legislation had on corporate information
Summary
Security Governanceas a model for the management of corporate information
Security Risk Management Australasia 2007
Questions?