Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 4 of the Executive Guide manual

Published byBernadette Clarke Modified over 8 years ago

Similar presentations

Presentation on theme: "Chapter 4 of the Executive Guide manual"— Presentation transcript:

1 Chapter 4 of the Executive Guide manual
PEOPLE

2 Overview People are the most important component of effective info security program 3 key areas for security evaluation framework Strategy Components Administrations

3 People Strategy Information security strategy must be updated regularly due to new daily challenges/threats Measuring prevented security breaches helps to quantify the effectiveness of your security program Ensure compliance with regulations (HIPPA, Gram Leach Bliely, PCI, etc) Certifications for your Security Program is an indication of program best practice

4 People Components Assess personnel skills & credentials to ensure program’s success. Having dedicated information security org. indicates that Mngt is committed to a quality security program. Leaders who is qualified, informed and flexible to adapt to increasing security challenges.

5 People Administrations
Must have well defined roles & responsibilities Have authority to enforce policies Commitment from C suites Regular reporting to Executives and Board ensure appropriate oversight. SOD Support & involvement of key organizations (legal, HR, audit, etc. )

6 People Administrations Cont.
Global program Must include Risk management Aligns with business goals by understanding risk associated with existing and new products & services Have right people in the org. is paramount to overall success of the security program. Review table 4-1 for people evaluation of your security program.

7 Strategy Provide adequate training & have accountabilty
Identify a baseline and hire the right people with the skills and credential to ensure program success 2 staffing strategies Built in-house ( hire into the co) Outsource (3rd party ) What must NOT be outsourced?

8 In-House vs Outsources
In-House Pros & Cons Outsources Pros & Cons Challenges in finding skilled staff Retained knowledge Robust security functions Training SLA Ensure compliance with increasing regulations Enable Co to concentrate on core competencies Must have effective vendor governance process Knowledge transfers Vendor financial stability Service Level Agreement (SLA) Auditable clause Exit strategy

9 Components Invest resources to hire & develop security team
3 categories of personnel Management Technical Audit staff Individuals needs to be both technical and business savy

10 Who has the ultimate responsibility to ensure customer data is secure
Outsourced vendor or Company?

11 Management Staff Need broad understanding of info security and business operations Need breath & depth experiences Needs to have education & credentials CISSP, CISM, CISA, GIAC etc..

12 Technical Staff Have the knowledge and skills for specific area of expertise & some business knowledge Be certified in the specific areas of concentrations (see SAN list) Continued education to stay abreast on current events & technology changes

13 Administrations Everyone plays a role in information security
Tone at the top is critical for the success of the program Policy & procedures provides guidance for people to execute security programs Review Info Security Roles & responsibilities table 4-3

14 Roles & Responsibility Matrix

15 Organizational Structure
Functional/Centralized Geographic/Decentralized Personnel remain w/in area of expertise Better utilization of scare resources Recourse are not close to customer/user Specialized expertises Closer relationships with clients Can encourage personnel to adhered to security program Jack of all trades

16 SOD Matrix

17 Information Security Governance
Ideal to have a board Responsibilities include Define goals/directions of a security program Establish polices Provide resources Review KPI/Metrics on IT Operations Make critical decisions regarding security systems Sr. Management from Key Operations ( IT, HR Legal, Audit, etc.

18 Governance cont. Security program align w/ Co. strategy
IT investments align w/ business priorities Perform benchmark to ensure best practices Audit security program periodically

19 Summary Key Points People are ???
Reporting relationship btw Information Security management and Executives & Board is important because it give enforcement power to support security program Pro & Cons of in-house vs outsource security program People skills, training, certifications are important Having appropriate governance in place ensure support system is place.

Download ppt "Chapter 4 of the Executive Guide manual"

Similar presentations

Board Governance: A Key to Quality Organizations

Board Governance: A Key to Quality Organizations
Module N° 7 – SSP training programme

Module N° 7 – SSP training programme
Module N° 4 – ICAO SSP framework

Module N° 4 – ICAO SSP framework
Organizational Governance

Organizational Governance
Business Partnership Model Aligning HR Service with organisation strategy.

Business Partnership Model Aligning HR Service with organisation strategy.
SAFE AND WELL Angela McKinnon Feb. 2006. What is Safe and Well? A document building on previous guidance - part of the SE reform programme Supplement.

SAFE AND WELL Angela McKinnon Feb What is Safe and Well? A document building on previous guidance - part of the SE reform programme Supplement.
B B1 We are the champions Louise Brent, risk manager, London Borough of Lambeth.

B B1 We are the champions Louise Brent, risk manager, London Borough of Lambeth.
CUPA-HR Strong – together!

CUPA-HR Strong – together!
Administration, Management, and Coordination of Supportive Housing: Guidelines from CSH’s Dimensions of Quality MHSA TA Operations Call September 1, 2010.

Administration, Management, and Coordination of Supportive Housing: Guidelines from CSH’s Dimensions of Quality MHSA TA Operations Call September 1, 2010.
Outsourcing – Managing for Success Stuart Payne, Morgan Chambers Copyright © 1999 Morgan Chambers plc Copyright © 1999 Morgan.

Outsourcing – Managing for Success Stuart Payne, Morgan Chambers Copyright © 1999 Morgan Chambers plc Copyright © 1999 Morgan.
Security and Personnel

Security and Personnel
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
IT Governance and Management

IT Governance and Management
Software Development Contracts and Legal Issues Cost plus Fixed price Combined.

Software Development Contracts and Legal Issues Cost plus Fixed price Combined.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
Vendor Management Frequent regulatory findings:

Vendor Management Frequent regulatory findings:
Presented By: Donna Denker, CPA Donna Denker & Associates.

Presented By: Donna Denker, CPA Donna Denker & Associates.
Legal & Administrative Oversight of NGOs Establishing and Monitoring Performance Standards.

Legal & Administrative Oversight of NGOs Establishing and Monitoring Performance Standards.
SCC EHR Workshop for Contractors: Implementation Considerations May 25, 2011.

SCC EHR Workshop for Contractors: Implementation Considerations May 25, 2011.

Similar presentations

Ads by Google