Date post: | 08-Jan-2017 |
Category: |
Technology |
Upload: | alanoudsalqoufi |
View: | 139 times |
Download: | 0 times |
Security Governance(IS 536)Second semester(Oct 5)
Name:Alanoud Saad AlqoufiID:435920068
Outline
• CH3-Legal and Regulatory Requirements
• PCI and BASEL • Regulations• Regulations Elements• Regulatory Compliance Level
• CH4-Roles and Responsibilities• Why Roles and Responsibilities• Management Levels• The board of directors• Executive Management• Security Steering Committee• The CISO
CH3
Legal and Regulatory Requirements
Payment Card Data Issues
PCI
• Stands for Payment Card Industry• Established PCI DSS• Maintained by PCI SSC• To insure Security of cardholder data
PCI DSS
BASEL II
• Refer to the Banking Supervision Accords• Issued by the BCBS• To maintain enough cash to cover risk
Regulations
• NFPA
• OSHA
• HIPPA
• COSO
• CoCo
• Patriot Act
• FCPA
• FISMA
• BASEL II
• SOX
• Cadbury
• King
• FFIFC
• …….
Regulations Elements
Transparency OversightDisclosure Record
Retention
TrainingOperational RiskAttestationPrivacy
Regulatory Compliance Level
• Less than 50% of US Organizations are in compliance
CH4
Roles and Responsibilities
Why Roles and Responsibilities?
• Adequate Protection against the possibility of fraud• Creating clear culture of Accountability• Identify Risks
Management Levels
Board of directors
Senior executives
Chief information security officer
Steering Committee
The Board Of Directors
• Setting strategic directions• Identify security leaders• Assign information security to key committee• Ensure risks , resources and performance are managed
appropriately
Why Directors are important?
• “The rising tide of cybercrime and threats to critical information assets
mandate that boards of directors and senior executives are fully engaged at
the governance level to ensure the security and integrity of those resources.”
By Shirley M. Hufstedler, a former director of Hewlett-Packard
• “Tone at the top” identified as a major contribution to Org failures
Executive Management
• Support for security mangers
• Enforce and monitore regulatory compliance
• Oversight of all management process plans
Security Steering Committee
• Identify and prioritise risks
• Assure security initiatives meet business objectives
• Review security strategy efforts
CISO
• Develop security strategy and plan
• Perform security risk assessments
• Implement security polices and procedures
Information Security Responsibilities
Reporting
• IT is about Performance, IS is about Safety
• 35% of CISO reported to CIO ?!
• Greater IT performance with less cost and security
IT IS CIO CISOVSVS
Thank you for your attention