WIKEPEDIA

Governance makes decisions that define expectations, grant power, or verify performance.

It consists either of a separate process or of a specific part of management or

leadership processes.

Security Governanceas a model for the management of corporate information

Security Risk Management Australasia 2007

Drivers sox, basel II, national legislation, IT accountability, risk mitigation

DerivativesIT management framework, provisioning framework,

information security framework

Directionunified

management systems standards PAS99 & other initiatives

Security Governanceas a model for the management of corporate information

Security Risk Management Australasia 2007

IT governance

Security Governanceas a model for the management of corporate information

Security Risk Management Australasia 2007

advantages of a governance framework?

No reinvention required

Excellent signposting tool

Encapsulates best practices

Knowledge sharing

Auditable

Security Governanceas a model for the management of corporate information

Security Risk Management Australasia 2007

Management cycle from 4 different governance frameworks

Governance frameworks

Security Governanceas a model for the management of corporate information

Security Risk Management Australasia 2007

The impact of governance on information

Security Governanceas a model for the management of corporate information

Security Risk Management Australasia 2007

The impact of internal & external influences on information

Corporate Information Asset

unavailable

available

unavailable

available extracorporationimpact

intracorporationimpact

conditions conditions

conditionsconditions

organisationalboundary

Patient Personal Info

unavailable

availablepatient care

classification issuesinformation leak

access control issues

billingpersonal injury

organisationalboundary

personal injuryidentity theft

brand confidencefraud exposure

Security Governanceas a model for the management of corporate information

Security Risk Management Australasia 2007

The impact of internal & external influences on information

Security Governanceas a model for the management of corporate information

Taken from the ISO Guide 72 on justification and drafting of management system standards, http://www.tc176.org/PDF/News_Articles/2002/2002_7.pdf

Security Risk Management Australasia 2007

Security Governanceas a model for the management of corporate information

Security Risk Management Australasia 2007

ISO/IEC27001 ACSI33 ISF – Best Practices ISM3

Some leading frameworks

Security Governanceas a model for the management of corporate information

Security Risk Management Australasia 2007

Cybercrime Act 2001 Information Confidentiality Telecommunications act 1997 Tax act 1999

Legislation

Security Governanceas a model for the management of corporate information

Security Risk Management Australasia 2007

Governance & the advantages of a framework

We discussed the various IT governance frameworks and the commonalities between frameworks

We then looked at information security and the different types of Information security governance frameworks available and the impact standards and legislation had on corporate information

Summary

Security Governanceas a model for the management of corporate information

Security Risk Management Australasia 2007

Questions?