Scribd Logo
Unggah

Selamat datang di Scribd!

  • Business Model Brochure

    Diunggah oleh

    Paulo Cezar Amado Cintra
    61 tayangan4 halaman
    The document introduces The Business Model for Information Security, which takes a holistic, business-oriented approach to managing information security. It addresses challenges like gaining senior management commitment to security initiatives and integrating business and security. The model examines security from a systems perspective and balances protection with business needs. It uses four elements - organization design/strategy, people, process, and technology - and considers their interconnections. The model helps align security with business objectives and maximize reputation, awareness, and ROI while reducing risk exposure.

    Deskripsi Asli:

    Hak Cipta

    © Attribution Non-Commercial (BY-NC)

    Format Tersedia

    PDF, TXT atau baca online dari Scribd

    Apakah menurut Anda dokumen ini bermanfaat?

    Apakah konten ini tidak pantas?

    Laporkan Dokumen Ini
    The document introduces The Business Model for Information Security, which takes a holistic, business-oriented approach to managing information security. It addresses challenges like gaining senior management commitment to security initiatives and integrating business and security. The model examines security from a systems perspective and balances protection with business needs. It uses four elements - organization design/strategy, people, process, and technology - and considers their interconnections. The model helps align security with business objectives and maximize reputation, awareness, and ROI while reducing risk exposure.

    Hak Cipta:

    Attribution Non-Commercial (BY-NC)
    Unduh sebagai PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    61 tayangan4 halaman

    Business Model Brochure

    Diunggah oleh

    Paulo Cezar Amado Cintra
    The document introduces The Business Model for Information Security, which takes a holistic, business-oriented approach to managing information security. It addresses challenges like gaining senior management commitment to security initiatives and integrating business and security. The model examines security from a systems perspective and balances protection with business needs. It uses four elements - organization design/strategy, people, process, and technology - and considers their interconnections. The model helps align security with business objectives and maximize reputation, awareness, and ROI while reducing risk exposure.

    Hak Cipta:

    Attribution Non-Commercial (BY-NC)
    Unduh sebagai PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    dari 4

    The Business Model for Information Security

    A holistic and business-oriented approach to managing information security, and a common language for information security and business management to talk about information protection.

    www.isaca.org/bmis

    What if there was a model that would help security professionals address the complexity of security while encouraging a balance between protection and the business?
    There is:

    Do you face the following challenges?


    y Senior managements commitment to information security initiatives y Managements understanding of information security issues y Information security planning prior to implementation of new technologies y Integration between business and information security y Alignment of information security with the enterprises objectives y Executive and line managements ownership and accountability for implementing, monitoring and reporting on information security
    If so, you are not alone. These challenges are of concern to many security professionals, regardless of location. Although enterprises have improved security technologies, there are still gaps in areas such as security governance, human factors, culture, and planning for the unexpected. The Business Model for Information Security enables security professionals to examine security from systems perspective, creating an environment where security can be managed holistically, allowing actual risks to be addressed.

    The Business Model for Information Security.


    The Business Model for Information Security challenges conventional thinking and enables you to creatively re-evaluate your information security investment.

    Download your complimentary introductory guide now at

    www.isaca.org/bmis.

    www.isaca.org/bmis

    Why a Model?
    There is a lack of research and information available to information security managers to use in decision making. Although internationally accepted standards and frameworks help to fill the gap in the knowledge base, they traditionally have not looked at the enterprise as a system, considering things such as culture and emergence. And while there are existing models for security, they have not taken a holistic approach or look at security systemically. The Business Model for Information Security is a holistic and business-oriented approach to managing information security, and fills the gap that other standards and frameworks have not.

    The Business Model for Information Security:


    y Uses a business-oriented approach y Can be used regardless of an enterprises size or the information security framework it has in place y Focuses on people and processes in addition to technology. y Is independent of any particular technology and is applicable across all industries, countries, and regulatory and legal systems. y Includes traditional information security, as well as links to privacy, risk, physical security and compliance. y Enables information security professionals to align the security program with business objectives by helping to widen the view to the enterprise

    The Business Model for Information Security


    The Business Model for Information Security is made up of four elements and six dynamic interconnections. The Business Model looks at each of these areas in-depth and, more importantly, the relationships between the areas. The Business Model for Information Security can be viewed as a three-dimensional model, best visualized as a pyramid. All aspects of the Model interact with each other. If any one part of the Model is changed, not addressed or managed inappropriately, it will distort the balance of the Model. Elements y y y y Organization Design and Strategy People Process Technology

    Information security professionals can use The Business Model for Information Security to:
    y Help ensure the success of initiatives such as: Strategic alignment Risk management Value delivery Performance measurement Resource management Assurance process improvement y Have a common language for them to talk to business management about information protection

    Benefits of the model


    Effective use of the model can help the enterprise to: y Maximize reputation and brand y Increase awareness of security culture y Provide effective risk communication across the enterprise on information security y Provide ROI y Reduce information security exposure

    Dynamic Interconnections y y y y y y Culture Architecture Governing Emergence Enabling and Support Human Factors

    3701 Algonquin Road, Suite 1010 Rolling Meadows, Illinois 60008-3105, USA

    The Business Model for Information Security


    A holistic and business-oriented approach to managing information security, and a common language for information security and business management to talk about information protection.

    www.isaca.org/bmis

    Anda mungkin juga menyukai