Information Security Governance Papers
| Paper Title | Where does your organization stand in governing information security risk management, control strategy, and compliance? |
|---|---|
| The Abstract of The Paper |
The problem.
Many organizations have the misunderstanding that ""information security"" is the same thing as ""IT security"". Managing and controlling access to information throughout the organization - whether electronic or hard copy - is now a concern throughout the entire organization. Today, the concern for controlling information confidentiality, integrity, and availability even transcends beyond the organization's boundaries to how information is regulated, how it is used and protected by vendors, and how the expectations of our customers and trading partners affect our current information management processes. In short, managing information security has become much, much more than keeping hackers out of an IT network. It has become a corporate governance issue that requires professional management and oversight according to international standards. The solution. Your organization needs to migrate from IT-centric information security management that is rife with a lack of proper segregation of duties, to a fully mature program that is planned, deployed, monitored, and continually improved according to a set of internationally recognized standards. Better yet, your organization can then move forward to have its information security management system certified by the International Organization for Standardization, or ISO. How we can help. Certified Information Security has the knowledge, experience, and alliances to train your people. Allen Keele, the firm's founder, is a Certified Information Systems Security Professional, Certified Information Systems Auditor, Certified Information Security Manager, and Certified Fraud Examiner. He has delivered custom-developed information security training sessions to organizations throughout the world, including the United States, Caribbean, Africa, Europe, and Asia for over 10 years. Exploring the use of ISO/IEC standards 27001 and 27002, this course provides critical information for understanding the business drivers for information security, as well as the core concepts for planning and implementing information security according to the internationally accepted best practices. This course also includes thorough instruction of the recently released risk assessment framework ISO/IEC Standard 27005:2008, and how it can support the ISO 27001 information security management system. |
| Web Link | http://www.certifiedinfosec.com/index.php?option=com_content&view=article&id=21&Itemid=38 |