Information Security Governance Papers
|
Paper Title
|
Exhibit 5 | Information Security Governance Framework Architect and Establish (Plan)
|
|
The Abstract of The Paper
|
Exhibit 5 | Information Security Governance Framework Architect and Establish (Plan) Implement and Operate (Do) Monitor and Review (Check, Act) Management Processes Functional Processes Management Processes Strategy and Human Communications Asset Planning Management Resources and Outreach Security Physical and Comms and Environmental Operations Security Management Compliance and Policy Portfolio Performance Management Identity and Information Management Access Systems Management Acquisition Incident Business Risk Management Continuity Awareness and Management Management Training Management Oversight Source: Booz Allen Hamilton negotiation with prospective cloud service providers for These processes comprise the Plan phase of the inclusion in SLAs and contracts. continual improvement process. Our assumption in the following discussion is that Strategy and Planning Process management and governance processes are primarily Strategy and planning are essential to an effective the responsibility of a centralized information security information security management and governance function (such as the office of the Chief Information program. The primary purposes of the strategy and Security Officer [CISO]) for an agency or large planning process are to— government entity, with considerable participation by information technology management (such as the • Establish information security program direction office of the Chief Information Officer [CIO]). This and guide activities centralized security and technology group would • Ensure alignment of the information security perform the cloud provider acquisition function program with mission goals and objectives and manage the service provider relationship over the duration of the agreement. This group would • Define the information security program vision, also provide the information, policy, and guidelines goals, requirements, and scope necessary for users to follow when implementing cloud computing-based services. Architect and Establish (Plan) Implement and Operate (Do) Monitor and Review (Check, Act) Management Processes Functional Processes Management Processes Architecting and Establishing the Strategy and Planning Asset Human Communications and Outreach Information Security Program (PLAN) Management Resources Security Physical and Comms and Environmental Operations Designing and planning for an effective information Policy Portfolio Security Management Compliance and Performance Management Identity and Information Management security governance structure occurs through three Access Management Systems Acquisition major management processes: strategy and planning, Incident Business Risk Management Continuity Awareness and Management Management Training policy portfolio management, and risk management. Management Oversight 5
|
|
Web Link
|
http://www.slideshare.net/BoozAllen/information-security-governance-government-considerations-for-the-cloud-computing-environment
|
Back To Information Security Governance Papers List