Information Security Governance Papers
|
Paper Title
|
significantly depending on CCE deployment and the • Clarify roles and responsibilities service models employed. However, other Booz Allen
|
|
The Abstract of The Paper
|
significantly depending on CCE deployment and the • Clarify roles and responsibilities service models employed. However, other Booz Allen • Drive the ongoing competency of information papers address the implementation and operation of security staff. information security functional processes and controls, and this topic is not essential to discussions related Execution of these important management processes to the effective management and governance of will not vary as a result of the introduction of a CCE. information security in a cloud environment. However, the processes will need to include formal awareness, training, communication, and outreach Monitoring and Measuring the Information to inform all relevant agency users of the new Security Program (CHECK) policies, guidelines, standards, procedures, risks, Three management processes are included in the and compliance issues related to the migration of Check phase of the information security management information services to a CCE. and governance framework: awareness and training, communication and outreach, and compliance and Compliance and Performance Management Process performance management. Of these three, the Architect and Establish (Plan) Implement and Operate (Do) Monitor and Review (Check, Act) compliance and performance management process Management Processes Functional Processes Management Processes represents the area with the most significant issues Strategy and Planning Asset Management Human Resources Communications and Outreach Security for consideration when migrating services to a CCE. Physical and Environmental Comms and Operations Security Management Compliance and Policy Portfolio Performance Management Identity and Information Management Access Systems Awareness and Training and Communication and Management Acquisition Incident Business Outreach Processes Risk Management Continuity Awareness and Management Management Training Architect and Establish (Plan) Implement and Operate (Do) Monitor and Review (Check, Act) Management Oversight Management Processes Functional Processes Management Processes Strategy and Planning Asset Management Human Resources Security Communications and Outreach Compliance and performance management is the key Physical and Environmental Comms and Operations process in the Check phase of the framework. The Security Management primary purposes of the process include— Compliance and Policy Portfolio Performance Management Identity and Information Management Access Systems Management Acquisition Risk Management Incident Management Business Continuity Management Awareness and • Create regular measurement and reporting of Training progress and issues Management Oversight • Inform and prioritize program improvements The major purposes of these management processes • Record progress toward achieving strategic goals are complementary and similar. The purposes and compliance with requirements include— • Drive continuous improvement of the information • Consistently communicate the importance of security program information security throughout the organization • Minimize potential for recurrence of systemic • Educate staff on required actions related to issues changes in regulatory, legislative, and other mandates • Optimize consistency and efficiency of security implementations • Broaden and deepen the security awareness of the organization • Inform modifications to risk analyses and risk mitigations • Enhance compliance through better understanding and knowledge 10
|
|
Web Link
|
http://www.slideshare.net/BoozAllen/information-security-governance-government-considerations-for-the-cloud-computing-environment
|
Back To Information Security Governance Papers List