Governance of Enterprise Security

7/28/2019 Governance of Enterprise Security

1/32

Governance of Enterprise Security:

CyLab 2010 Report

Author: Jody R. Westby

Adjunct Distinguished Fellow, CyLabCEO, Global Cyber Risk LLC

June 15, 2010


2/32


3/32

2010 by Carnegie Mellon University & Jody R. Westby

All rights reserved. No part of the contents hereof may be reproduced in any form without the prior

written consent of the copyright owners.

Carnegie Mellon CyLab

Carnegie Mellon University

5000 Forbes Avenue

Pittsburgh, PA 15213

(412) 268-5090 ! (412) 268-7675 (Fax)

Dean, College of Engineering & Founder, CyLab: Pradeep K. Khosla, Ph.D.

Director, CyLab: Virgil Gligor

Adjunct Distinguished Fellow: Jody R. Westby

Jody R. Westby, Esq.

CEO

Global Cyber Risk LLC

5125 MacArthur Blvd., NW

Third Floor

Washington, DC 20016

(202) 537-5070 ! (202) 537-5073 (Fax)


!

""

Table of Contents


4/32


!

"""

#$%&'!()!*(+,'+,-!......................................................................................................................................................!""!

/%%0'1"$,"(+-!............................................................................................................................................................!"1!

/%(2,!*$0+'3"'!4'&&(+!*56$%!.............................................................................................................................!7!

/%(2,!8(95!:.!;'-,%5!.............................................................................................................................................!

=>'?2,"1'!@2AA$05!.................................................................................................................................................!B!

/%(2,!,C'!@201'5!......................................................................................................................................................!D

E.! E+,0(92?,"(+!........................................................................................................................................................!F!

G20H(-'!()!,C'!I(1'0+$+?'!@201'5!.........................................................................................................!F!

J$?K30(2+9L!M2,5!()!J($09-!N!M"0'?,(0-!...................................... ............................................... ........!F!

EE.! O"+9"+3-!$+9!*(+?&2-"(+-!.........................................................................................................................!7P!

;C(!;'!/-K'9!..............................................................................................................................................!7P!

O"+9"+3-............................................................................................................................................................!77 !

*(+?&2-"(+-!....................................................................................................................................................!7F !

EEE.! :'?(AA'+9$,"(+-!......................................................................................................................................!7Q!

J"%&"(30$HC5!N!/99","(+$&!:')'0'+?'-!.........................................................................................................!7R!

J"%&"(30$HC5!...................................................................................................................................................!7R !

/99","(+$&!:')'0'+?'-!............................................. ............................................... ....................................!


5/32


!

"1

Abbreviations

ABA American Bar Association

ASIS American Society for Industrial Security

CEO Chief Executive Officer

CFO Chief Financial OfficerCIO Chief Information Officer

CISO Chief Information Security Officer

CMU Carnegie Mellon University

CoE Council of Europe

CPO Chief Privacy Officer

CRO Chief Risk Officer

CSO Chief Security Officer

CyLab Carnegie Mellon CyLab

D&Os Directors & Officers

EU European Union

FDA Food and Drug AdministrationGLBA Gramm-Leach-Bliley Act

HIPAA Health Insurance Portability and Accountability Act

ISACA Information Systems Audit and Control Association

ISO International Organization for Standardization

ISSA Information Systems Security Association

IT Information Technology

ITU International Telecommunication Union

ITGI Information Technology Governance Institute

PII Personally Identifiable Information

PwC PricewaterhouseCoopers

R&D Research & Development

SEC Securities and Exchange Commission

SOD Segregation of Duties

U.S. United States


6/32


!

7

About Carnegie Mellon CyLab

Carnegie Mellon CyLab is the largest university-based research and education center for computer and

network security, information security, and software assurance. CyLab is located in the College of

Engineering at Carnegie Mellon University and has U.S. campuses in Silicon Valley and Pittsburgh. ForeignCyLab programs are located in Japan, Greece, and Portugal.

Recognizing that technology issues today are increasingly impacted by legal/regulatory requirements and

operational considerations, CyLab leverages its cross-university involvement with faculty, researchers, and

students from Carnegie Mellons:

! Information Networking Institute;

! Department of Electrical and Computer Engineering;

! Engineering and Public Policy Department;

! School of Computer Science;

! Software Engineering Institute;

! Tepper School of Business;

! Department of Statistics; and the

! Heinz School of Public Policy and Management.

CyLab also brings in first-tier governance, legal, and policy expertise through its Distinguished Fellows. The

CyLab research team includes over fifty faculty researchers and over one hundred graduate students.

CyLab is a bold and visionary effort, which establishes public-private partnerships for the research and

development (R&D) of new technologies for sustainable, resilient, and trustworthy computing and

communications systems. Through its Governance Surveys, CyLab extends the universitys sphere of

influence in the governance of enterprise security to boards of directors and senior management.


7/32


!

Date post:	03-Apr-2018
Category:	Documents
Upload:	pshashi82
View:	218 times
Download:	0 times

Governance of Enterprise Security

Documents