Presentation is loading. Please wait.

Presentation is loading. Please wait.

The 10 Deadly Sins of Information Security Management

Similar presentations

Presentation on theme: "The 10 Deadly Sins of Information Security Management"— Presentation transcript:

1 The 10 Deadly Sins of Information Security Management
Basie von Solms & Rossouw von Solms, Computers & Security (23), , 2004 Presented by Bhavana Reshaboina

2 Introduction The authors talk about 10 essential aspects to be taken into account when implementing/planning for an information security plan

3 Information Security Is A Corporate Governance Responsibility
Laws and legal requirements emphasize the integration of information security with corporate governance Compromised informational assets can lead to financial and legal implications Top management has to be involved in ensuring the protection of sensitive information

4 Information Protection Is Not A Technical Issue Alone
Securing informational assets is a business issue as much as it is a technical one Information protection is an investment Investment decisions are business decisions

5 Information Security Governance Is A Multi-dimensional Discipline
Various dimensions collectively contribute towards a secure environment Some examples are legal, personnel, technical, ethical, organizational etc Single dimension, product or tool results in lopsided solutions All the important dimensions must be should be taken into account

6 Information Security Plan Must Be Based On Identified Risks
Know what assets need protection Know what are the potential threats If security planning is not based on risk analysis, spends time and money on unclear objectives

7 Adopting Best Practices For Information Security Governance
Learn from the success and failure experiences of others The ‘bread & butter’ aspects of information security are the same in most IT environments Challenge is to ‘Do the right thing at the right time’ Use of documented ‘Standards and Guidelines’ should be the starting point

8 A Corporate Information Security Policy Is Absolutely Essential
Security policy is the heart of any security management plan Starting point and reference on which all other security related sub-policies or standards are based on Must be signed by the top executives of the company

9 Information Security Compliance Enforcement, Management Essential
No use of a perfect security policy if it is not enforced to effect Continuous monitoring is needed to ensure proper compliance ‘That which can be measured can be managed’ Technical and non-technical tools must be used to monitor the policy at real time

10 Proper Information Security Governance Structure Is Essential
Governance structure refers to organizational structure, job responsibilities, communication flow etc Structured chaos is good It brings clarity and accountability in the security management plan

11 Information Security Awareness Among Users Is Important
Users unaware of the security policies and potential risks arising due to their activities render the best security planning ineffective User’s should not be made the weakest link Money spent on user awareness is some of the best money spent on information security

12 Empower Managers To Support Information Security
Information security manager cant run a one man show Necessary infrastructure, tools and supporting mechanisms need to be provided

13 Conclusions Creating and implementing a proper information security program is based on the understanding of the essential issues unique to IT security Any plan that addresses these core issues would serve to protect the IT assets suitably

14 Thank You! Questions and comments are welcome

Download ppt "The 10 Deadly Sins of Information Security Management"

Similar presentations

Ads by Google