Information Security Governance Model
Information security, sometimes shortened to infosec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or at least reducing the probability of unauthorized / inappropriate access, use, disclosure, disruption, deletion / destruction, corruption, modification, inspection, recording or devaluation, although it may also involve reducing the adverse impacts of incidents. Information may take any form, e.g. electronic or physical, tangible (e.g. paperwork) or intangible (e.g. knowledge). Information security's primary focus is the balanced protection of the confidentiality, integrity and availability of data while maintaining a focus on efficient policy implementation, all without hampering organization productivity.
Below are the common mistakes around Information Security Governance.
- Security is seen as something of the security officers; security officers have to design objectives for the security controls
- Security responsibility is assigned to a single manager only (or to managers only)
- ISO 27001/27002 control objectives are specified on the corporate or division level only
- Reliance on the audits or security officers for the C (check) of the PDCA
During this event, Hein willI explain you the recommended Information Security Governance Model that he has developed based on his recent experience at two organizations. Below is the summary of the Information Security Governance Model.
- Organise the PDCA cycle not only at the corporate level but also on the divisional and operational level.
- Formulate the ISO controls for each operational team and define what their specific security responsibilities are. Let the teams do a periodic self assessment supported by security specialists.
- Organise a periodic management review at the divisional level. The team managers bring the reports by their own teams and appropriate actions are formulated. It might be that projects need to be started and as such you probably will have a security programme of projects.
- Because multiple teams can have a responsibility relating to a specific ISO control, someone must make sure that the sum of all those responsibilities adds up to the total what the organisation needs. The execution between teams might also need to be coordinated. For that you can group ISO controls in processes and assign a process manager to coordinate all the controls per process. One way to group the ISO controls is, is according to the ITIL processes.
Look forward to seeing you at the event.
Date: Wednesday 19th February 2020
Arrive: 7:00 AM
Presentation: 7:20 AM - 8:20 AM
Depart: 9:00 AM
Location: Castlereagh Boutique Hotel, 169 Castlereagh St, Sydney NSW 2000
Professional Development Units (PDU): 1 PDU can be claimed for attending this event.
Cost: Free for PMI Sydney Chapter Members (log in first), $40 for Guests
Note: If you are a PMI Sydney Chapter member, before registering for this event, please be sure to first log in to www.pmisydney.org via the home page. Refunds may not be given for members that have forgotten to log in first. If you have an issue logging in before registering for the event, please contact tech_support@pmisydney.org with your issue and do not register until the issue is resolved first.
Presenter: Hein Bouman (https://www.linkedin.com/in/heinbouman/)
