Scribd Logo
Unggah

Selamat datang di Scribd!

  • The Principles of Governance Slides

    Diunggah oleh

    nawabkabir
    18 tayangan31 halaman
    Slides presenting the principles of information security governance

    Hak Cipta

    © © All Rights Reserved

    Format Tersedia

    PDF, TXT atau baca online dari Scribd

    Apakah menurut Anda dokumen ini bermanfaat?

    Apakah konten ini tidak pantas?

    Laporkan Dokumen Ini
    Slides presenting the principles of information security governance

    Hak Cipta:

    © All Rights Reserved
    Unduh sebagai PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    18 tayangan31 halaman

    The Principles of Governance Slides

    Diunggah oleh

    nawabkabir
    Slides presenting the principles of information security governance

    Hak Cipta:

    © All Rights Reserved
    Unduh sebagai PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    dari 31

    The Governance of Information

    Security
    THE PRINCIPLES OF GOVERNANCE

    Kevin Henry
    CISSP-ISSAP, CISM CISA GSEC

    kevinmhenry@msn.com
    Agenda

    The Importance of
    Defining Security Governance
    Governance

    Governance versus Implementing Governance


    Management structures
    Governance
    The way that organizations or countries are managed
    at the highest level, and the systems for doing this.

    https://dictionary.cambridge.org/dictionary/english/governance
    Purpose of Governance
    The purpose of corporate governance is to facilitate effective,
    entrepreneurial and prudent management that can deliver the
    long-term success of the company.

    https://www.icaew.com/technical/corporate-
    governance/principles/principles-articles/does-corporate-
    governance-matter
    Corporate Governance
    Corporate governance is the process and rules under which a
    company is managed on the behalf of shareholders and
    stakeholders. The board of directors is primarily responsible for
    applying and maintaining a company's corporate governance
    https://investinganswers.com/dictionary/c/corporate-governance
    Characteristics and Terms Used with
    Governance

    Prudent Leadership Strategy

    Rules Actions Reporting


    Comparison

    Corporate Governance Corporate Management


    Strategic objectives Resource utilization
    Direction Implementation

    Oversight Actions

    Compliance Performance
    Common Elements

    Enterprise-wide Risk Management

    Culture Reporting
    Governance Influencers

    Competitors Bankers

    Laws Supply chain

    Governance

    Standards Employees

    Shareholders Management

    Customers
    IT Governance
    The management of IT services in support of business
    objectives and strategy
    Security Governance
    The responsible implementation of Security principles
    and activities to support business strategy and mission.
    Governance Elements

    Corporate
    Governance

    Financial Security
    IT Governance
    Governance Governance

    Not a complete list of governance functions


    Governance Elements

    Corporate
    Governance

    Financial Security
    IT Governance
    Governance Governance

    Each elements is mutually supporting


    Gaining Support

    The Security Governance framework should


    be:
    - More than just IT
    - Supported by management
    • Aligned with corporate governance
    § Business priorities
    Theory and Practice
    Governance can be lots of theory with no
    practical results – but that should not be
    the case
    Governance should be implemented
    through practical steps (to be examined in
    the following modules):
    - Budget
    - Frameworks
    - Resources
    - Management support
    - Monitoring
    - Continuous improvement
    Governance Process

    Strategic Objectives

    Performance
    Measurements
    Governance is an important foundation for
    a successful organization
    Key Points It sets out the behaviors and actions of
    each part of the organization
    Review
    Security Governance is a subset of
    Corporate governance
    Governance and Accountability
    Accountability

    The person that is held to account (liable)


    for the completion of a designated task
    - i.e., the manager is accountable for the
    actions of their staff
    Responsibility

    The person that is assigned (required to


    complete) a task
    - i.e., follow policy, direction
    RACI

    Responsible Accountable

    Consulted Informed
    Example of Roles: Information Security Policy

    The assigned member of the The manager of the security


    security staff is responsible to write
    the policy and get it through draft department is accountable to
    and ready for approval ensure the policy is done

    The staff member consults The union is informed about


    with HR to write the policy the policy
    Roles and Responsibilities

    First – security is ‘everybody’s’


    business BUT the Board of Directors is
    ultimately accountable
    Everyone is responsible
    Roles and Responsibilities

    Senior management is accountable for


    oversight and implementation of the
    security governance framework
    Responsibilities

    Middle and Line Managers are


    Users are responsible to
    responsible for following
    follow and adhere to security
    procedures - and accountable
    procedures and practices
    for the actions of their staff
    Responsibilities

    Security staff are responsible


    Auditors are responsible to
    to provide advice and
    evaluate the effectiveness and
    leadership to the managers of
    APPROPRIATENESS of
    the organization in regards to
    controls
    security
    The Organizational Chart

    The organizational chart is a useful It identifies reporting relationships,


    tool to demonstrate and implement accountability, jurisdiction
    security governance
    Creating a [Security] Culture

    The methods and process of governance is


    a key driver in creating the culture of the
    organization
    - Provides direction, support,
    accountability, assurance
    Tone at the Top

    The development of a stable and ethical


    governance function provides the direction
    for the employees and managers
    - The tone should be clear, open,
    unambiguous, legal, considerate
    Awareness

    Regular communications between


    management and employees and
    customers can build trust and confidence in
    the organization
    Governance is based on both principles
    Key Points and principals – ethical conduct of senior
    Review management and the implementation of
    sound business practices

    Anda mungkin juga menyukai