| Topic : Information Security and Risk scenario |
|
|
IT Services - Information Risk Management
|
||
|
Source : http://searchsecurity.techtarget.com
Activity:
1 comments
442 views
last activity : 07 06 2010 20:18:04 +0000
|
||
|
|
Well the use of technology by using company's security dollars is much in use
Establishing technology standards may be easy but how to effectively use them :-
Step 1: Understand and define your information risk universe
To develop a comprehensive information risk management (IRM) framework, CISOs must first define their responsibilities. For example, Forrester Research's framework consists of 17 domains that span people, processes and technology. But defining these domains by themselves will be useless unless each domain has appropriate controls to ensure confidentiality, integrity and availability of information.
Step 2: Determine confidentiality, integrity and availability requirements
Not all areas of a business require the same level of protection. Contractual obligations and legislative mandates may determine business controls for some organizations, but for many others, informed judgment calls in conjunction with partners in line-of-business jobs is necessary.
Step 3: Define your controls
The role of a security office has expanded considerably over the past few years. CISOs are now responsible for areas such as business continuity, disaster recovery and compliance. There are related areas that the CISO is not directly responsible for, such as physical security, applications development and IT operations, but these functions have huge implications on the overall security of information assets
Step 4: Develop enforcement, monitoring and response mechanisms
An IRM framework must ensure that these controls are defined, enforced, measured, monitored and reported. For areas where these controls may not sufficiently mitigate the risk, CISOs must ensure that those risks are reduced, transferred or accepted.
Step 5: Measure and report
A lot of security managers are focused on gathering and reporting tactical and status update information. To develop a successful security metrics program, CISOs need to identify, prioritize, monitor and measure security based on business goals and objectives. They should then focus on translating those measurements into business language that can be of use to executive management when making strategic business decisions.
|
|
Credit risk management is a very important area for for the banking sector and there are wide... |
|
|
10 referals
11 comments,
6629 views
|
|
|
Banks and other lending institutions must constantly balance risks and rewards. Too high a price... |
|
|
11 referals
4 comments,
4729 views
|
|
|
Today everybody is running for an MBA. But can an MBA make a better manager? After engineering... |
|
|
1105 referals
63 arguments,
2500 views
|
|
|
|
|
|
|
|
|
17 Management Funda's1. "We will do it" means "You will do it" 2. "You have done a great job"... |
|
|
29 referals
1 comments,
105 views
|
|
|
Grown in the lab: Artificial implants (Cornea) that restore sight in partially blind patients... |
|
|
935 referals
14 comments,
245 views
|
|
|
Excerpt from the Book “Unposted Letter” by T. T. Rangarajan ’10 minutes early’ means I can live... |
|
|
2078 referals
27 comments,
377 views
|
|
|
|
|
|
|
Yes they are going to be here.. and the first destination is Bangalore... Google cars and trikes will begin driving and taking street level photographs of public locations around the city. The images will be made available at a later date in... |
When I was in college reliance had a totally unbelievable offer, 18000 messages free for 6 months in 180 Rupees!!! As telecom companies try to outdo each other with attractive and cheap SMS plans offering hundreds of free messages daily, it has... |
There are so many apps created everyday .. We so not even know few of them and still they keep on coming.. Do you think is it a world full of useless apps? |