Course: Information Security Management in e-governance. Day 1. Session 3: Models and Frameworks for Information Security Management

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Course: Information Security Management in e-governance. Day 1. Session 3: Models and Frameworks for Information Security Management"

Transcription

1 Course: Information Security Management in e-governance Day 1 Session 3: Models and Frameworks for Information Security Management

2 Agenda Introduction to Enterprise Security framework Overview of security models, framework & standards Salient features of ISO security standards

3 What is Information Security ISO 27001:2005 defines this as: Confidentiality : the property that information is not made available or disclosed to unauthorized individuals, entities(programs), or processes (superceding processes) Integrity : the property of safeguarding the accuracy and completeness of assets. Availability : the property of being accessible and usable upon demand by an authorized entity. Slide 3

4 Who Should be Concerned? Users -Standards will affect them the most. System Support Personnel -they will be required to implement and adapt and support the standards. Executive Management -concerned about protection of data and the associated cost of the policy / standards. Slide 4

5 Role of Standards Manage Information Security Identify assets and appropriately protect them Reduce the risks of human error, theft, fraud or misuse of facilities Prevent unauthorized access, damage and interference to business Ensure the correct and secure operation of information processing facilities Control Access to Information Ensure security is built into information systems Counteract interruptions to business activities Avoid breaches of any criminal and civil law, statutory, regulatory or contractual obligations Slide 5

6 Why Best Practices are Important! Today, the effective use of best practices can help avoid re-inventing wheels, optimize the use of scarce IT resources and reduce the occurrence of major IT risks, such as: Project failures Wasted investments Security breaches System crashes Failures by service providers to understand and meet customer requirements Slide 6

7 Why Best Practices are Important! COBIT, ITIL and ISO are valuable to the ongoing growth and success of an organization because: Companies are demanding better returns from IT investments Best practices help meet regulatory requirements for IT controls Organizations face increasingly complex IT-related risks Organizations can optimize costs by standardizing controls Best practices help organizations assess how IT is performing Management of IT is critical to the success of enterprise strategy They help enable effective governance of IT activities A management framework helps staff understand what to do (policy, internal controls and defined practices) They can provide efficiency gains, less reliance on experts, fewer errors, increased trust from business partners and respect from regulators Slide 7

8 Benefits Productivity: Audit/Review Savings Breaking Barriers -Business Relationships Self-Analysis Security Awareness Targeting Of Security 'Baseline' Security and Policy Consistency Communication Slide 8

9 After adopting Standards Moved towards international best practice Manage the breadth and depth of information risk Build confidence in third parties Reduce the likelihood of disruption from major incidents Fight the growing threats of cybercrime Comply with legal and regulatory requirements Maintain business integrity Citizens Confidence Most Important Slide 9

10 Approach in Implementing Standards Support from Top Management Risk management -Accept, Mitigate, Transfer Well developed Security Policy Effective Implementation of policy User awareness is most important Prevention is better than cure Periodic review / audit Understand fundamental system functionality Identify security issues due to gaps Slide 10

11 Integrated IS Framework COBIT Service Management Information Security Project Management Application Delivery Business Continuity ITIL ISO IT Operations ISO 27K PMI CMM BS Slide 11

12 Some of the Standards - Overview Environment (ISO 14001) Business Continuity ( BS 25999) Quality (ISO 9001: 2000, QS 9000) Environment (ISO 14001) Organization Improvement (ISO 9004) Governance ( COBIT) Information Security (ISO 27001, 27002) Customers (BS 8600) Slide 12

13 ISO Slide 13

14 History of ISO - Timeline 1992 The Department of Trade and Industry (DTI), which is part of the UK Government, publish a 'Code of Practice for Information Security Management' This document is amended and re-published by the British Standards Institute (BSI) in 1995 as BS Support and compliance tools begin to emerge, such as COBRA The first major revision of BS7799 was published. This included many major enhancements. Accreditation and certification schemes are launched. LRQA and BSI are the first certification bodies. Slide 14

15 History of ISO The Timeline 2000 In December, BS7799 is again re-published, this time as a fast tracked ISO standard. It becomes ISO (or more formally, ISO/IEC 17799) The 'ISO Toolkit' is launched A second part to the standard is published: BS This is an Information Security Management Specification, rather than a code of practice. It begins the process of alignment with other management standards such as ISO A new version of ISO is published. This includes two new sections, and closer alignment with BS processes ISO is published, replacing BS7799-2, which is withdrawn. This is a specification for an ISMS (information security management system), which aligns with ISO and is compatible with ISO 9001 and ISO Slide 15

16 Where did come from? BS7799 was conceived, as a technology-neutral, vendor-neutral management system that, properly implemented, would enable an organization's management to assure itself that its information security measures and arrangements were effective. From the outset, BS7799 focused on protecting the availability, confidentiality and integrity of organizational information and these remain, today, the driving objectives of the standard. BS7799 was originally just a single standard, and had the status of a Code of Practice. In other words, it provided guidance for organizations, but hadn't been written as a specification that could form the basis of an external third party verification and certification scheme. Slide 16

17 Overview ISO (base standard) Published standards ISO/IEC the certification standard against which organizations' ISMS may be certified (published in 2005) ISO/IEC the re-naming of existing standard ISO (last revised in 2005, and renumbered ISO/IEC 27002:2005 in July 2007) ISO/IEC a guide to the certification/registration process (published in 2007) In preparation ISO/IEC a standard vocabulary for the ISMS standards ISO/IEC a new ISMS implementation guide ISO/IEC a new standard for information security management measurements ISO/IEC a proposed standard for risk management ISO/IEC a guideline for auditing information security management systems ISO/IEC a guideline for telecommunications in information security management system ISO/IEC guidance on implementing ISO/IEC in the healthcare industry Slide 17

18 Well known ISO standards in the 27xxx series ISO This is the specification for an information security management system & replaces old BS ISO This is the new standard number of the existing ISO standard ISO Designated number for a new standard covering information security management measurement & metric ISO Emerging standard for information security risk management Slide 18

19 Where does ISO / fits in.. Slide 19

20 Implementation context for PDCA ISO Information Security Management System (ISMS) adopts the PDCA model Plan (Design Phase) Establish the objectives and processes necessary to deliver results in accordance with the specifications. Do (Implementation Phase) Implement the processes. Check AKA Study (Assessment Phase) Monitor and evaluate the processes and results against objectives and Specifications and report the outcome. Act (Manage, Authorize Phase) Apply actions to the outcome for necessary improvement. This means reviewing all steps (Plan, Do, Check, Act) and modifying the process to improve it before its next implementation. Slide 20

21 PDCA Process P D C A Interested Parties ISMS PROCESS Management Responsibility Interested Parties PLAN Establish ISMS P R O C E S S Information Security Requirements & Expectations DO Implement & Operate the ISMS CHECK Monitor & Review ISMS ACT Maintain & Improve Managed Information Security Slide 21

22 BS ISO/IEC 27002:2005 (aka ISO 27002) The international Standard that establishes the guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization. The full title of this standard is: Information technology. Security techniques. Code of practice for information security management ISO is technology independent, focusing on : Management aspects of information security, Defining controls in a generic sense so that they are applicable across different applications, platforms, and technologies. Slide 22

23 Structure and Format of ISO ISO/IEC is: A code of practice - a generic, advisory document, not truly a standard or formal specification A reasonably well structured set of suggested controls to address information security risks, covering confidentiality, integrity and availability aspects ISO specifies 39 control objectives: To protect information assets against threats to their confidentiality, integrity and availability Which comprise a generic functional requirements specification for an organization s information security management controls architecture And suggests literally hundreds of best-practice information security control measures Slide 23

24 Structure and Format of ISO The formal standard is arranged in the following sections: 0. Introduction 1. Scope 2. Terms and definitions 3. Structure of this standard 4. Risk assessment The actual control domains and detail controls begin with Section 5. Section 5: Security policy Management should : Define a policy to clarify their direction of, and support for, information security, Provide a high-level information security policy statement identifying key information security directives and mandates for the entire organization Support the policy by a comprehensive suite of more detailed corporate information security policies, typically in the form of an information security policy manual. The policy manual in turn is supported by a set of information security standards, procedures and guidelines

25 Structure and Format of ISO Section 6: Organization of information security A suitable information security governance structure should be designed and implemented. 6.1 Internal organization The organization should have a management framework for information security. Senior management should approve information security policies. Roles and responsibilities should be defined Information security should be independently reviewed. 6.2 External parties Information security should not be compromised by the introduction of third party products or services. Risks should be assessed and mitigated. when dealing with customers and in third party agreements. Slide 25

26 Structure and Format of ISO Section 7: Asset management The organization should be in a position to understand what information assets it holds, and to manage their security appropriately. 7.1 Responsibility for assets All [information] assets should be accounted for and have a nominated owner. The inventory should record ownership and location of the assets, and owners should identify acceptable uses. An inventory of information assets should be maintained, including: IT hardware, software data storage media computer room air conditioners and UPSs, and ICT services) system documentation 7.2 Information classification Information should be classified according to its need for security protection and labeled accordingly. Slide 26

27 Structure and Format of ISO Section 8: Human resources security The organization should manage system access rights etc. for joiners, movers and leavers, and should undertake suitable security awareness, training and educational activities. 8.1 Prior to employment Security responsibilities should be taken into account when recruiting permanent employees, contractors and temporary staff 8.2 During employment Management responsibilities regarding information security should be defined. Employees and third party IT users should educated and trained in security procedures. A formal disciplinary process is necessary to handle security breaches. 8.3 Termination or change of employment Security aspects of a person s exit from the organization (e.g. the return of corporate assets and removal of access rights) or change of responsibilities Slide 27

28 Structure and Format of ISO Section 9: Physical and environmental security Valuable IT equipment should be physically protected against malicious or accidental damage or loss, overheating, loss of mains power etc. 9.1 Secure areas This section describes the need for concentric layers of physical controls to protect sensitive IT facilities from unauthorized access. 9.2 Equipment security Critical IT equipment, cabling and so on should be protected against physical damage, fire, flood, theft etc., both on- and off-site. Power supplies and cabling should be secured. IT equipment should be maintained properly and disposed of securely. Slide 28

29 Structure and Format of ISO Section 10: Communications and operations management This lengthy, detailed section of the standard describes security controls for systems and network management Operational procedures and responsibilities 10.2 Third party service delivery management 10.3 System planning and acceptance 10.4 Protection against malicious and mobile code 10.5 Back-up 10.6 Network security management 10.7 Media handling 10.8 Exchange of information 10.9 Electronic commerce services Monitoring Slide 29

30 Structure and Format of ISO Section 11: Access control Logical access to IT systems, networks and data must be suitably controlled to prevent unauthorized use. This is another lengthy and detailed section Business requirement for access control 11.2 User access management 11.3 User responsibilities 11.4 Network access control 11.5 Operating system access control 11.6 Application and information access control 11.7 Mobile computing and teleworking Slide 30

31 Structure and Format of ISO Section 12: Information systems acquisition, development and maintenance Information security must be taken into account in the Systems Development Lifecycle (SDLC) processes for specifying, building/acquiring, testing, implementing and maintaining IT systems Security requirements of information systems 12.2 Correct processing in application systems 12.3 Cryptographic controls 12.4 Security of system files 12.5 Security in development and support processes 12.6 Technical vulnerability management Slide 31

32 Structure and Format of ISO Section 13: Information security incident management Information security events, incidents and weaknesses (including nearmisses) should be promptly reported and properly managed Reporting in information security events and weaknesses An incident reporting/alarm procedure is required, plus the associated response and escalation procedures. There should be a central point of contact, and all employees, contractors etc. should be informed of their incident reporting responsibilities Management of information security incidents and improvements Responsibilities and procedures are required to manage incidents consistently and effectively, to implement continuous improvement (learning the lessons), and to collect forensic evidence. Slide 32

33 Structure and Format of ISO Section 14: Business continuity management This section describes the relationship between IT disaster recovery planning, business continuity management and contingency planning, ranging from analysis and documentation through to regular exercising/testing of the plans. These controls are designed to minimize the impact of security incidents that happen despite the preventive controls noted elsewhere in the standard. Section 15: Compliance 15.1 Compliance with legal requirements 15.2 Compliance with security policies and standards, and technical compliance 15.3 Information systems audit considerations Slide 33

34 Implementation process cycle IS POLICY SECURITY ORGANISATION MANAGEMENT REVIEW PLAN Establish ISMS ASSET IDENTIFICATION & CLASSIFICATION DO Implement & Operate the ISMS ACT Maintain & Improve CORRECTIVE & PREVENTIVE ACTIONS CHECK Monitor & Review ISMS CONTROL SELECTION & IMPLEMENTATION CHECK PROCESSES OPERATIONALIZ E THE PROCESES Slide 34

35 ITIL Slide 35

36 Background What is Information Technology Infrastructure Library (ITIL )? Describes best practice in IT service management (ITSM) drawn from public and private sector IT organizations The primary objective of Service Management is to ensure that the IT services are aligned to the business needs and actively support them. Benefits include: Increased user and customer satisfaction with IT services Improved service availability, directly leading to increased benefits profits and revenue Financial savings from reduced rework, lost time, improved resource management and usage Improved time to market for new products and services Improved decision making and optimized risks ITIL is a Registered Trade Mark, and Registered Community Trade Mark of the Office of Government Commerce, and is Registered in the U.S. Patent and Trademark Office. Slide 36

37 What is ITIL V3? ITIL is about more than just infrastructure Business of IT oriented approach Promoting service based approach to managing IT Includes discussion topics about strategic options, functions, roles and responsibilities as well as continual improvement Makes reference to other frameworks (i.e. Cobit, ISO27001) and talks about better alignment to those Helps to provide a standardized process context Highlights the importance of process Identifies the core activities and metrics for its processes Requests measurement programs (baselining, benchmarking) to ensure performance (i.e. TCO, ROI, Costing/Pricing) Revised certification program for Professionals more structured and focused by processes Slide 37

38 Version 3 Overview V3 Overview Service strategy: Service Portfolio Mgmt Financial Mgmt Demand Mgmt Supporting material: Service, organizational, process and technology maps Service design: Service Catalogue Mgmt Service Level Mgmt Supplier Mgmt Capacity Mgmt Availability Mgmt IT Service Continuity Mgmt Information Security Mgmt Service operation: Event Mgmt Incident Mgmt Request Fulfilment Access Mgmt Problem Mgmt Functions: Service Desk Technical Mgmt IT Operations Mgmt Applications Mgmt Service transition: Change Mgmt Service Asset & Configuration Mgmt Knowledge Mgmt Transition Planning and Support Release & Deployment Mgmt Service Validation & Testing Evaluation Continual Service Improvement: Seven Step Improvement Process Slide 38

39 ITIL Version 3 Service Design Slide 39

40 Service Design Goals & Objectives Goal: The design of appropriate and innovative IT services, including their architectures, processes, policies, and documentation, to meet current and future agreed business requirements. Objectives: Design services to meet agreed business outcomes Design processes to support the service lifecycle Identify and manage risks Design secure and resilient IT infrastructures, environments, applications and data/information resources and capability Design measurement methods and metrics Slide 40

41 Service Design Goals & Objectives (contd..) Objectives (contd..): Produce and maintain plans, processes, policies, standards, architectures, frameworks and documents to support the design of quality IT solutions Develop skills and capability within IT Contribute to the overall improvement in IT service quality Slide 41

42 Service Design Processes covered in Service Design Service Catalogue Management: The purpose SCM is to provide a single, consistent source of information on all of the agreed services, and ensure that it is widely available to those who are approved to access the service catalogue Service Level Management: SLM negotiates, agrees and documents appropriate IT service targets with the business, and then monitors and produces reports on delivery against the agreed level of service Capacity Management: The purpose of Capacity Management is to provide a point of focus and management for all capacity and performance-related issues, relating to both services and resources, and to match the capacity of IT to the agreed business demands IT Service Continuity Management: The purpose of ITSCM is to maintain the appropriate on-going recovery capability within IT services to match the agreed needs, requirements and timescales of the business Slide 42

43 Service Design Processes covered in Service Design (con t) Availability Management: The purpose of Availability Management is to provide a point of focus and management for all availability-related issues, relating to services, components and resources, ensuring that availability targets in all areas are measured and achieved, and that they match or exceed the current and future agreed needs of the business in a cost-effective manner Information Security Management: The purpose of the ISM process is to align IT security with business security and ensure that information security is effectively managed in all service and Service Management activities Supplier Management: The purpose of the Supplier Management process is to obtain value for money from suppliers and to ensure that suppliers perform to the targets contained within their contracts and agreements, while conforming to all of the terms and conditions Slide 43

44 Service Design IT Service Continuity Management (ITSCM) ITSCM is concerned with managing an organisation s ability to continue to provide a pre-determined and agreed level of IT Services to support the minimum business requirements following an interruption to the business. Goal: The goal of the ITSCM is to support the overall Business Continuity Management process by ensuring that the required IT technical and service facilities (including computer systems, networks, applications, data repositories, telecommunications, technical support, and Service Desk) can be resumed within required, and agreed, business timescales. Slide 44

45 Service Design IT Service Continuity Management Objectives To maintain a set of IT service Continuity Plans and IT recovery plans that support the overall Business Continuity Plans (BCPs) of the organization To complete regular Business Impact Analysis (BIA) exercises to ensure that all continuity plans are maintained in line with changing business impacts and requirements To conduct regular risk assessment and management exercises in conjunction particularly with the business and the Availability Management and Security Management processes, that manages IT services within an agreed level of business risk Slide 45

46 Service Design IT Service Continuity Management Objectives To ensure that appropriate continuity and recovery mechanisms are put in place to meet or exceed the agreed business continuity targets To assess the impact of all changes on the IT service Continuity Plans and IT recovery plans To ensure that proactive measures to improve the availability of services are implemented wherever it is cost justifiable to do so To negotiate and agree the necessary contracts with suppliers for the provision of the necessary recovery capability to support all continuity plans in conjunction with the Supplier Management process Slide 46

47 Service Design IT Service Continuity Management Lifecycle of Service Continuity Management Business Continuity Management (BCM) Initiation Lifecycle Key activities Policy setting Scope Initiate a project Business Continuity Strategy Requirements and strategy Business Impact Analysis Risk Assessment IT Service Continuity Strategy Business Continuity plans Implementation Develop IT Service continuity plans Develop IT plans, recovery plans and procedures Organization Planning Testing strategy Invocation On going Operation Slide 47 Education, awareness and Training Review and audit Testing Change Management

48 Service Design IT Service Continuity Management KPIs Positive results from audits performed over the ITSCM plans to ensure that, at all times, the agreed recovery requirements of the business can be achieved Successful results from recovery testing Reduction in the risk and impact of possible failure of IT services Increased awareness of business impact, needs and requirements throughout IT Increased preparedness of all IT service areas and staff to respond to an invocation of the ITSCM plans Slide 48

49 IT Service Continuity Management KPIs Response time to restore business operations after a disaster occurs based on the type of recovery option chosen (i.e. manual, immediate, fast, intermediate, or gradual) Cost of service continuity management vs. cost incurred by the business in the event of an IT service loss. This could include both tangible (i.e. financial) and intangible (i.e. reputation) costs Slide 49

50 COBIT Control Objective for Information & related Technology Accepted globally as a set of tools that ensures IT is working effectively Provides common language to communicate goals, objectives and expected results to all stakeholders Based on, and integrates, industry standards and good practices in: Strategic alignment of IT with business goals Value delivery of services and new projects Risk management Resource management Performance measurement Slide 50

51 COBIT Control Objective for Information & related Technology COBIT provides guidance for executive management to govern IT within the enterprise More effective tools for IT to support business goals More transparent and predictable full life-cycle IT costs More timely and reliable information from IT Higher quality IT services and more successful projects More effective management of IT-related risks Slide 51

52 Harmonizing the Elements of IT Governance IT Governance Resource Management Slide 52

53 The COBIT Framework Slide 53

54 COBIT Defines Processes, Goals and Metrics Relationship Amongst Process, Goals and Metrics (DS5) Slide 54

55 COBIT Products and Their Primary Audience COBIT, Risk IT and Val IT frameworks Implementing and Continually Improving IT Governance COBIT User Guide for Service Managers COBIT and Application Controls Slide 55

56 End of Session Slide 56

ISO 27001 Controls and Objectives

ISO 27001 Controls and Objectives ISO 27001 s and Objectives A.5 Security policy A.5.1 Information security policy Objective: To provide management direction and support for information security in accordance with business requirements

More information

INFORMATION TECHNOLOGY SECURITY STANDARDS

INFORMATION TECHNOLOGY SECURITY STANDARDS INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL

More information

ISO27001 Controls and Objectives

ISO27001 Controls and Objectives Introduction This reference document for the University of Birmingham lists the control objectives, specific controls and background information, as given in Annex A to ISO/IEC 27001:2005. As such, the

More information

Information Security: Business Assurance Guidelines

Information Security: Business Assurance Guidelines Information Security: Business Assurance Guidelines The DTI drives our ambition of prosperity for all by working to create the best environment for business success in the UK. We help people and companies

More information

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY DATA LABEL: PUBLIC INFORMATION SECURITY POLICY CONTENTS 1. INTRODUCTION... 3 2. MAIN OBJECTIVES... 3 3. LEGISLATION... 4 4. SCOPE... 4 5. STANDARDS... 4

More information

OVERVIEW. In all, this report makes recommendations in 14 areas, such as. Page iii

OVERVIEW. In all, this report makes recommendations in 14 areas, such as. Page iii The Office of the Auditor General has conducted a procedural review of the State Data Center (Data Center), a part of the Arizona Strategic Enterprise Technology (ASET) Division within the Arizona Department

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information

ISO/IEC 27002:2013 WHITEPAPER. When Recognition Matters

ISO/IEC 27002:2013 WHITEPAPER. When Recognition Matters When Recognition Matters WHITEPAPER ISO/IEC 27002:2013 INFORMATION TECHNOLOGY - SECURITY TECHNIQUES CODE OF PRACTICE FOR INFORMATION SECURITY CONTROLS www.pecb.com CONTENT 3 4 5 6 6 7 7 7 7 8 8 8 9 9 9

More information

University of Sunderland Business Assurance Information Security Policy

University of Sunderland Business Assurance Information Security Policy University of Sunderland Business Assurance Information Security Policy Document Classification: Public Policy Reference Central Register Policy Reference Faculty / Service IG 003 Policy Owner Assistant

More information

Tutorial: Towards better managed Grids. IT Service Management best practices based on ITIL

Tutorial: Towards better managed Grids. IT Service Management best practices based on ITIL Tutorial: Towards better managed Grids. IT Service Management best practices based on ITIL EGI Technical Forum 2011, Lyon (France) September 22, 2011 Dr. Thomas Schaaf www.gslm.eu EMERGENCE TECH LTD. The

More information

Domain 1 The Process of Auditing Information Systems

Domain 1 The Process of Auditing Information Systems Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge

More information

Head of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2

Head of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2 Policy Procedure Information security policy Policy number: 442 Old instruction number: MAN:F005:a1 Issue date: 24 August 2006 Reviewed as current: 11 July 2014 Owner: Head of Information & Communications

More information

Business Continuity Policy and Business Continuity Management System

Business Continuity Policy and Business Continuity Management System Business Continuity Policy and Business Continuity Management System Summary: This policy sets out the structure for ensuring that the PCT has effective Business Continuity Plans in place in order to maintain

More information

Security Controls What Works. Southside Virginia Community College: Security Awareness

Security Controls What Works. Southside Virginia Community College: Security Awareness Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction

More information

ITIL v3 Service Manager Bridge

ITIL v3 Service Manager Bridge ITIL v3 Service Manager Bridge Course Length: 5 Days Course Overview This 5 day hands on, certification training program enables ITIL Version 2 certified Service Managers to upgrade their Service Manager

More information

ISO20000: What it is and how it relates to ITIL v3

ISO20000: What it is and how it relates to ITIL v3 ISO20000: What it is and how it relates to ITIL v3 John DiMaria; Certified Six Sigma BB, HISP BSI Product Manager; ICT (ISMS,ITSM,BCM) Objectives and Agenda To raise awareness, to inform and to enthuse

More information

IT Service Management

IT Service Management IT Service Management VNUG Conference 2013-09-04 Anders Stenmark Business Critical Consultant, HP Agenda Introduction Reliable service delivery ITSM ITSM Assessments 2 Introduction Anders Stenmark Business

More information

Governance and Management of Information Security

Governance and Management of Information Security Governance and Management of Information Security Øivind Høiem, CISA CRISC Senior Advisor Information Security UNINETT, the Norwegian NREN About Øivind Senior Adviser at the HE sector secretary for information

More information

AN OVERVIEW OF INFORMATION SECURITY STANDARDS

AN OVERVIEW OF INFORMATION SECURITY STANDARDS AN OVERVIEW OF INFORMATION SECURITY STANDARDS February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced

More information

Service Management. A framework for providing worlds class IT services

Service Management. A framework for providing worlds class IT services Service Management A framework for providing worlds class IT services Barry Corless MISM Slide - 1 Copyright Remarc Technologies Ltd, 2007 These course notes were produced by Remarc Service Management,

More information

IT Governance Dr. Michael Shaw Term Project

IT Governance Dr. Michael Shaw Term Project IT Governance Dr. Michael Shaw Term Project IT Auditing Framework and Issues Dealing with Regulatory and Compliance Issues Submitted by: Gajin Tsai gtsai2@uiuc.edu May 3 rd, 2007 1 Table of Contents: Abstract...3

More information

ITIL: What is it? How does ITIL link to COBIT and ISO 17799?

ITIL: What is it? How does ITIL link to COBIT and ISO 17799? ITIL: What is it? How does ITIL link to COBIT and ISO 17799? 1 What is ITIL? The IT Infrastructure Library A set of books comprising an IT service management Best Practices framework An industry of products,

More information

Build (develop) and document Acceptance Transition to production (installation) Operations and maintenance support (postinstallation)

Build (develop) and document Acceptance Transition to production (installation) Operations and maintenance support (postinstallation) It is a well-known fact in computer security that security problems are very often a direct result of software bugs. That leads security researches to pay lots of attention to software engineering. The

More information

Information Security Policy

Information Security Policy Information Security Policy Author: Responsible Lead Executive Director: Endorsing Body: Governance or Assurance Committee Alan Ashforth Alan Lawrie ehealth Strategy Group Implementation Date: September

More information

Safeguards Frameworks and Controls. Security Functions Parker, D. B. (1984). The Many Faces of Data Vulnerability. IEEE Spectrum, 21(5), 46-49.

Safeguards Frameworks and Controls. Security Functions Parker, D. B. (1984). The Many Faces of Data Vulnerability. IEEE Spectrum, 21(5), 46-49. Safeguards Frameworks and Controls Theory of Secure Information Systems Features: Safeguards and Controls Richard Baskerville T 1 F 1 O 1 T 2 F 2 O 2 T 3 F 3 O 3 T 4... T n...... F l O m T F O Security

More information

Information Security Management System Policy

Information Security Management System Policy Information Security Management System Policy Public Version 3.3 Issued Document Name Owner P079A ISMS Security Policy Information Security Security Policies, Standards and Procedures emanate from the

More information

ITIL v3 (Lecture II) Service Management as a Practice

ITIL v3 (Lecture II) Service Management as a Practice ITIL v3 (Lecture II) as a Practice 1 Processes Availability mgmt Knowledge mgmt Service cont mgmt Evaluation Supplier mgmt Validation & Testing Access mgmt Financial mgmt Info security mgmt Release & Deploy

More information

Information Security Management System Information Security Policy

Information Security Management System Information Security Policy Management System Policy Version: 3.4 Issued Document Name: Owner: P079A - ISMS Security Policy Classification: Public Security Policies, Standards and Procedures emanate from the Policy which has been

More information

By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd

By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd BS 25999 Business Continuity Management By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd 1 Contents slide BSI British Standards 2006 BS 25999(Business Continuity) 2002 BS 15000

More information

Information Security Management Systems

Information Security Management Systems Information Security Management Systems Øivind Høiem CISA, CRISC, ISO27001 Lead Implementer Senior Advisor Information Security UNINETT, the Norwegian NREN About Øivind Senior Adviser at the HE sector

More information

Information Security Managing The Risk

Information Security Managing The Risk Information Technology Capability Maturity Model Information Security Managing The Risk Introduction Information Security continues to be business critical and is increasingly complex to manage for the

More information

Information security controls. Briefing for clients on Experian information security controls

Information security controls. Briefing for clients on Experian information security controls Information security controls Briefing for clients on Experian information security controls Introduction Security sits at the core of Experian s operations. The vast majority of modern organisations face

More information

ISO 27000 Information Security Management Systems Foundation

ISO 27000 Information Security Management Systems Foundation ISO 27000 Information Security Management Systems Foundation Professional Certifications Sample Questions Sample Questions 1. is one of the industry standards/best practices in Service Management and Quality

More information

ITIL A guide to service asset and configuration management

ITIL A guide to service asset and configuration management ITIL A guide to service asset and configuration management The goal of service asset and configuration management The goals of configuration management are to: Support many of the ITIL processes by providing

More information

ISO/IEC 27001 Information Security Management. Securing your information assets Product Guide

ISO/IEC 27001 Information Security Management. Securing your information assets Product Guide ISO/IEC 27001 Information Security Management Securing your information assets Product Guide What is ISO/IEC 27001? ISO/IEC 27001 is the international standard for information security management and details

More information

Business Continuity (Policy & Procedure)

Business Continuity (Policy & Procedure) Business Continuity (Policy & Procedure) Publication Scheme Y/N Can be published on Force Website Department of Origin Force Operations Policy Holder Ch Supt Head of Force Ops Author Business Continuity

More information

ITSM Process Maturity Assessment

ITSM Process Maturity Assessment ITSM Process Maturity Assessment April 2011 Prepared by: Brian Newcomb TABLE OF CONTENTS Executive Summary... 3 Detailed Assessment Results and Recommendations... 5 Advisory Group Survey Results (External

More information

San Francisco Chapter. Presented by Mike O. Villegas, CISA, CISSP

San Francisco Chapter. Presented by Mike O. Villegas, CISA, CISSP Presented by Mike O. Villegas, CISA, CISSP Agenda Information Security (IS) Vision at Newegg.com Typical Issues at Most Organizations Information Security Governance Four Inter-related CoBIT Domains ISO

More information

Hengtian Information Security White Paper

Hengtian Information Security White Paper Hengtian Information Security White Paper March, 2012 Contents Overview... 1 1. Security Policy... 2 2. Organization of information security... 2 3. Asset management... 3 4. Human Resources Security...

More information

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015 Business Continuity Management Governance Frank Higgins Abu Dhabi March 2015 Different Names Same Concept BCM (Business Continuity Management) BSI 25999 IPOCM (Incident Preparedness & Operational Continuity

More information

Service Children s Education

Service Children s Education Service Children s Education Data Handling and Security Information Security Audit Issued January 2009 2009 - An Agency of the Ministry of Defence Information Security Audit 2 Information handling and

More information

ITIL Introducing service design

ITIL Introducing service design ITIL Introducing service design The objectives of service design The main objective of the service design stage can be defined as: The design of appropriate and innovative IT services, including their

More information

Preparation Guide. EXIN IT Service Management Associate Bridge based on ISO/IEC 20000

Preparation Guide. EXIN IT Service Management Associate Bridge based on ISO/IEC 20000 Preparation Guide EXIN IT Service Management Associate Bridge based on ISO/IEC 20000 Edition January 2014 Copyright 2014 EXIN All rights reserved. No part of this publication may be published, reproduced,

More information

Information Technology Engineers Examination. Information Technology Service Manager Examination. (Level 4) Syllabus

Information Technology Engineers Examination. Information Technology Service Manager Examination. (Level 4) Syllabus Information Technology Engineers Examination Information Technology Service Manager Examination (Level 4) Syllabus Details of Knowledge and Skills Required for the Information Technology Engineers Examination

More information

Business Continuity Management

Business Continuity Management Business Continuity Management Standard Operating Procedure Notice: This document has been made available through the Police Service of Scotland Freedom of Information Publication Scheme. It should not

More information

Need to reassure customers that your cloud services are secure? Inspire confidence with STAR Certification from BSI

Need to reassure customers that your cloud services are secure? Inspire confidence with STAR Certification from BSI Need to reassure customers that your cloud services are secure? Inspire confidence with STAR Certification from BSI What is STAR Certification? TM STAR Certification is a unique new certification which

More information

Microsoft s Compliance Framework for Online Services

Microsoft s Compliance Framework for Online Services Microsoft s Compliance Framework for Online Services Online Services Security and Compliance Executive summary Contents Executive summary 1 The changing landscape for online services compliance 4 How Microsoft

More information

Company Management System. Business Continuity in SIA

Company Management System. Business Continuity in SIA Company Management System Business Continuity in SIA Document code: Classification: Company Project/Service Year Document No. Version Public INDEX 1. INTRODUCTION... 3 2. SIA S BUSINESS CONTINUITY MANAGEMENT

More information

Information Management Advice 35: Implementing Information Security Part 1: A Step by Step Approach to your Agency Project

Information Management Advice 35: Implementing Information Security Part 1: A Step by Step Approach to your Agency Project Information Management Advice 35: Implementing Information Security Part 1: A Step by Step Approach to your Agency Project Introduction This Advice provides an overview of the steps agencies need to take

More information

Introduction to ITIL for Project Managers

Introduction to ITIL for Project Managers CSC NORTH AMERICAN PUBLIC SECTOR Introduction to ITIL for Project Managers May Chantilly Luncheon Linda Budiman, PMP ITILv2 & ITILv3 Process Architect ITIL Service Manager, CobiT certified 5/13/2008 8:08:45

More information

West Midlands Police and Crime Commissioner Records Management Policy 1 Contents

West Midlands Police and Crime Commissioner Records Management Policy 1 Contents West Midlands Police and Crime Commissioner Records Management Policy 1 Contents 1 CONTENTS...2 2 INTRODUCTION...3 2.1 SCOPE...3 2.2 OVERVIEW & PURPOSE...3 2.3 ROLES AND RESPONSIBILITIES...5 COMMISSIONED

More information

Information Security Program

Information Security Program Stephen F. Austin State University Information Security Program Revised: September 2014 2014 Table of Contents Overview... 1 Introduction... 1 Purpose... 1 Authority... 2 Scope... 2 Information Security

More information

Best Practice ITIL (Information Technology Infrastructure Library)

Best Practice ITIL (Information Technology Infrastructure Library) Best Practice ITIL (Information Technology Infrastructure Library) To achieve G H Bank s overall objectives, the Information Technology Group must provide excellent cutting-edge IT services to all stakeholders

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

Need to reassure customers that your cloud services are secure? Inspire confidence with STAR Certification from BSI

Need to reassure customers that your cloud services are secure? Inspire confidence with STAR Certification from BSI Need to reassure customers that your cloud services are secure? Inspire confidence with STAR Certification from BSI What is STAR Certification? TM STAR Certification differentiates you from your competition.

More information

ITIL Roles Descriptions

ITIL Roles Descriptions ITIL Roles s Role Process Liaison Incident Analyst Operations Assurance Analyst Infrastructure Solution Architect Problem Manager Problem Owner Change Manager Change Owner CAB Member Release Analyst Test

More information

Does it state the management commitment and set out the organizational approach to managing information security?

Does it state the management commitment and set out the organizational approach to managing information security? Risk Assessment Check List Information Security Policy 1. Information security policy document Does an Information security policy exist, which is approved by the management, published and communicated

More information

Information security management systems Specification with guidance for use

Information security management systems Specification with guidance for use BRITISH STANDARD BS 7799-2:2002 Information security management systems Specification with guidance for use ICS 03.100.01; 35.020 This British Standard, having been prepared under the direction of the

More information

Preparation Guide. EXIN IT Service Management Associate based on ISO/IEC 20000

Preparation Guide. EXIN IT Service Management Associate based on ISO/IEC 20000 Preparation Guide EXIN IT Service Management Associate based on ISO/IEC 20000 Edition January 2014 Copyright 2014 EXIN All rights reserved. No part of this publication may be published, reproduced, copied

More information

Domain 5 Information Security Governance and Risk Management

Domain 5 Information Security Governance and Risk Management Domain 5 Information Security Governance and Risk Management Security Frameworks CobiT (Control Objectives for Information and related Technology), developed by Information Systems Audit and Control Association

More information

Ohio Supercomputer Center

Ohio Supercomputer Center Ohio Supercomputer Center IT Business Continuity Planning No: Effective: OSC-13 06/02/2009 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original

More information

WHITE PAPER December, 2008

WHITE PAPER December, 2008 INTRODUCTION Key to most IT organization s ongoing success is the leadership team s ability to anticipate, plan for, and adapt to change. With ever changing business/mission requirements, customer/user

More information

Integrating Project Management and Service Management

Integrating Project Management and Service Management Integrating Project and Integrating Project and By Reg Lo with contributions from Michael Robinson. 1 Introduction Project has become a well recognized management discipline within IT. is also becoming

More information

INFORMATION SECURITY PROCEDURES

INFORMATION SECURITY PROCEDURES INFORMATION AN INFORMATION SECURITY PROCEURES Parent Policy Title Information Security Policy Associated ocuments Use of Computer Facilities Statute 2009 Risk Management Policy Risk Management Procedures

More information

BUSINESS CONTINUITY POLICY

BUSINESS CONTINUITY POLICY BUSINESS CONTINUITY POLICY Document Type Corporate Policy Unique Identifier CO-038 Document Purpose To provide a structure through which: i. A comprehensive business continuity management system (BCMS)

More information

Business Continuity Management

Business Continuity Management Business Continuity Management Policy Statement & Strategy July 2009 Basildon District Council Business Continuity Management Policy Statement The Council is committed to ensuring robust and effective

More information

Information Security Awareness Training

Information Security Awareness Training Information Security Awareness Training Presenter: William F. Slater, III M.S., MBA, PMP, CISSP, CISA, ISO 27002 1 Agenda Why are we doing this? Objectives What is Information Security? What is Information

More information

ITIL Foundation for IT Service Management 2011 Edition

ITIL Foundation for IT Service Management 2011 Edition ITIL Foundation for IT Service Management 2011 Edition ITIL Rev 03.12 3 days Description ITIL (IT Infrastructure Library) provides a practical, no-nonsense framework for identifying, planning, delivering

More information

Proposal for Business Continuity Plan and Management Review 6 August 2008

Proposal for Business Continuity Plan and Management Review 6 August 2008 Proposal for Business Continuity Plan and Management Review 6 August 2008 2008/8/6 Contents About Newton IT / Quality of our services. BCM & BS25999 Overview 2. BCM Development in line with BS25999 3.

More information

NSW Government Digital Information Security Policy

NSW Government Digital Information Security Policy NSW Government Digital Information Security Policy Version: 2.0 Date: April 2015 CONTENTS PART 1 PRELIMINARY... 3 1.1 Scope... 3 1.2 Application... 3 1.3 Objectives... 3 PART 2 POLICY STATEMENT... 4 Core

More information

IT Governance: The benefits of an Information Security Management System

IT Governance: The benefits of an Information Security Management System IT Governance: The benefits of an Information Security Management System Katerina Cai, CISSP Hewlett-Packard 2004 Hewlett-Packard Development Company, L.P. The information contained herein is subject to

More information

Managing e-health data: Security management. Marc Nyssen Medical Informatics VUB Master in Health Telematics KIST E-mail: mnyssen@vub.ac.

Managing e-health data: Security management. Marc Nyssen Medical Informatics VUB Master in Health Telematics KIST E-mail: mnyssen@vub.ac. Managing e-health data: Security management Marc Nyssen Medical Informatics VUB Master in Health Telematics KIST E-mail: mnyssen@vub.ac.be Structure of the presentation Data management: need for a clear

More information

Frameworks for IT Management

Frameworks for IT Management Frameworks for IT Management Copyright protected. Use is for Single Users only via a VHP Approved License. For information and printed versions please see www.vanharen.net 18 ITIL - the IT Infrastructure

More information

ITIL 2011 Lifecycle Roles and Responsibilities UXC Consulting

ITIL 2011 Lifecycle Roles and Responsibilities UXC Consulting ITIL 2011 Lifecycle Roles and Responsibilities UXC Consulting Date November 2011 Company UXC Consulting Version Version 1.5 Contact info@uxcconsulting.com.au http://www.uxcconsulting.com.au This summary

More information

ITIL V3 and ISO/IEC 20000

ITIL V3 and ISO/IEC 20000 For IT Service Management ITIL V3 and ISO/IEC 20000 Jenny Dugmore and Sharon Taylor Alignment White Paper March 2008 ITIL V3 and ISO/IEC 20000 Background For some years the close relationship between ITIL

More information

Moving from BS 25999-2 to ISO 22301. The new international standard for business continuity management systems. Transition Guide

Moving from BS 25999-2 to ISO 22301. The new international standard for business continuity management systems. Transition Guide Transition Guide Moving from BS 25999-2 to ISO 22301 The new international standard for business continuity management systems Extract from The Route Map to Business Continuity Management: Meeting the

More information

Draft Information Technology Policy

Draft Information Technology Policy Draft Information Technology Policy Version 3.0 Draft Date June 2014 Status Draft Approved By: Table of Contents 1.0 Introduction... 6 Background... 6 Purpose... 6 Scope... 6 Legal Framework... 6 2.0 Software

More information

ITIL v3. Service Management

ITIL v3. Service Management ITIL v3 1 as a Practice ITIL = IT Infrastructure Library Set of books giving guidance on the provision of quality IT services Common language Best practices in delivery of IT services Not standards! Platform

More information

Is securing personal information a priority? Reassure clients and achieve data protection compliance with BS 10012

Is securing personal information a priority? Reassure clients and achieve data protection compliance with BS 10012 Is securing personal information a priority? Reassure clients and achieve data protection compliance with BS 10012 Make protection of personal information your priority and safeguard your reputation. Comply

More information

INFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c

INFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c INFORMATION SECURITY MANAGEMENT SYSTEM Version 1c Revised April 2011 CONTENTS Introduction... 5 1 Security Policy... 7 1.1 Information Security Policy... 7 1.2 Scope 2 Security Organisation... 8 2.1 Information

More information

ITIL - QUICK REFERENCE GUIDE

ITIL - QUICK REFERENCE GUIDE http://www.tutorialspoint.com/itil/itil_quick_guide.htm ITIL - QUICK REFERENCE GUIDE Copyright tutorialspoint.com ITIL Overview ITIL is a framework providing best practice guidelines on all aspects of

More information

CLASSIFICATION SPECIFICATION FORM

CLASSIFICATION SPECIFICATION FORM www.mpi.mb.ca CLASSIFICATION SPECIFICATION FORM Human Resources CLASSIFICATION TITLE: POSITION TITLE: (If different from above) DEPARTMENT: DIVISION: LOCATION: Executive Director Executive Director, Information

More information

REGULATIONS FOR THE SECURITY OF INTERNET BANKING

REGULATIONS FOR THE SECURITY OF INTERNET BANKING REGULATIONS FOR THE SECURITY OF INTERNET BANKING PAYMENT SYSTEMS DEPARTMENT STATE BANK OF PAKISTAN Table of Contents PREFACE... 3 DEFINITIONS... 4 1. SCOPE OF THE REGULATIONS... 6 2. INTERNET BANKING SECURITY

More information

security policy Purpose The purpose of this paper is to outline the steps required for developing and maintaining a corporate security policy.

security policy Purpose The purpose of this paper is to outline the steps required for developing and maintaining a corporate security policy. Abstract This paper addresses the methods and methodologies required to develop a corporate security policy that will effectively protect a company's assets. Date: January 1, 2000 Authors: J.D. Smith,

More information

Business Continuity Policy

Business Continuity Policy Business Continuity Policy St Mary Magdalene Academy V1.0 / September 2014 Document Control Document Details Document Title Document Type Business Continuity Policy Policy Version 2.0 Effective From 1st

More information

Information Security Management Systems

Information Security Management Systems Information Security Management Systems Information Security Management Systems Conformity Assessment Scheme ISO/IEC 27001:2005 (JIS Q 27001:2006) ITMangement Center Japan Information Processing Development

More information

Business Continuity Management Policy

Business Continuity Management Policy Business Continuity Management Policy Business Continuity Policy Version 1.0 1 Version control Version Date Changes Author 0.1 April 13 1 st draft PH 0.2 June 13 Amendments in line with guidance PH 0.3

More information

ISO 27001: Information Security and the Road to Certification

ISO 27001: Information Security and the Road to Certification ISO 27001: Information Security and the Road to Certification White paper Abstract An information security management system (ISMS) is an essential part of an organization s defense against cyberattacks

More information

Information Technology Infrastructure Library -ITIL. IT Governance CEN 667

Information Technology Infrastructure Library -ITIL. IT Governance CEN 667 Information Technology Infrastructure Library -ITIL IT Governance CEN 667 1 Lectures Schedule Week Topic Introduction to IT governance Week 1 Overwiev of Information Security standards - ISO 27000 series

More information

Determining Best Fit. for ITIL Implementations

Determining Best Fit. for ITIL Implementations Determining Best Fit for ITIL Implementations Michael Harris President David Consulting Group Agenda Why ITIL? The Evolution of IT Metrics Towards the Business What do businesses need from IT Introduction

More information

Business Continuity Policy

Business Continuity Policy Business Continuity Policy Page 1 of 15 Business Continuity Policy First published: Amendment record Version Date Reviewer Comment 1.0 07/01/2014 Debbie Campbell 2.0 11/07/14 Vicky Ryan Updated to include

More information

BUSINESS CONTINUITY MANAGEMENT FRAMEWORK

BUSINESS CONTINUITY MANAGEMENT FRAMEWORK BUSINESS CONTINUITY MANAGEMENT FRAMEWORK Document Author: Civil Contingencies Service - Authorised by the CCS Joint Management Board - Version 1.0. Issued December 2012 Page 1 FRAMEWORK STATEMENT Business

More information

ISO 27002:2013 Version Change Summary

ISO 27002:2013 Version Change Summary Information Shield www.informationshield.com 888.641.0500 sales@informationshield.com Information Security Policies Made Easy ISO 27002:2013 Version Change Summary This table highlights the control category

More information

Roles within ITIL V3. Contents

Roles within ITIL V3. Contents Roles within ITIL V3 Roles are employed in order to define responsibilities. In particular, they are used to assign Process Owners to the various ITIL V3 processes, and to illustrate responsibilities for

More information

Hong Kong Information Security Group TRAINING AGENDA

Hong Kong Information Security Group TRAINING AGENDA TRAINING AGENDA THE ITIL FOUNDATION CERTIFICATE IN IT SEVICE MANAGEMENT The purpose of the ITIL Foundation certificate in IT Service Management is to certify that the candidate has gained knowledge of

More information

Information Security Policy

Information Security Policy Office of the Prime Minister document CIMU P 0016:2003 Version: 2.0 Effective date: 01 Oct 2003 Information 1. statement i) General The Public Service of the Government of Malta (Public Service) shall

More information

IM&T Infrastructure Security Policy. Document author Assured by Review cycle. 1. Introduction...3. 2. Policy Statement...3. 3. Purpose...

IM&T Infrastructure Security Policy. Document author Assured by Review cycle. 1. Introduction...3. 2. Policy Statement...3. 3. Purpose... IM&T Infrastructure Security Policy Board library reference Document author Assured by Review cycle P070 Information Security and Technical Assurance Manager Finance and Planning Committee 3 Years This

More information

Certified Information Systems Auditor (CISA)

Certified Information Systems Auditor (CISA) Certified Information Systems Auditor (CISA) Course Introduction Course Introduction Module 01 - The Process of Auditing Information Systems Lesson 1: Management of the Audit Function Organization of the

More information

Issue 1.0. UoG/ILS/IS 001. Information Security and Assurance Policy. Information Security and Compliance Manager

Issue 1.0. UoG/ILS/IS 001. Information Security and Assurance Policy. Information Security and Compliance Manager Document Reference Number Date Title Author Owning Department Version Approval Date Review Date Approving Body UoG/ILS/IS 001 January 2016 Information Security and Assurance Policy Information Security

More information