Platform voor Informatiebeveiliging IB Governance en management dashboards



Similar documents
Hierarchical Security Management

Information Security Governance

Informatiebeveiliging volgens ISO/IEC 27001:2013

UvA college Governance and Portfolio Management

Data Driven Strategy. BlinkLane Consul.ng Amsterdam, 10 december Ralph Hofman Arent van t Spijker

Duurzaam Supply Management

Duurzaam Supply Management

Assuring the Cloud. Hans Bootsma Deloitte Risk Services +31 (0)

What can Office 365 do for your organization? Cor Kroon

ISACA Roundtable. Cobit and 7 september 2015

Integraal Risicomanagement De zin en onzin ervan... Harold Malaihollo Pelle van Vlijmen

IT-waardeketen management op basis van eeuwenoude supply chain kennis

Architectuur hulpmiddelen TechnoVision & CORA. Maarten Engels Nieuwegein, 9 februari 2012

IC Rating NPSP Composieten BV. 9 juni 2010 Variopool

ISO de internationale richtlijn voor risicomanagement

Virtualisatie. voor desktop en beginners. Gert Schepens Slides & Notities op gertschepens.be

Private Equity Survey 2011

Risk-Based Monitoring

PROFIBUS & PROFINET Nederland PROFIBUS, PROFINET en IO-Link. Ede, 12 november 2009

ITCulinair Cisco InterCloud

How to manage Business Apps - Case for a Mobile Access Strategy -

TRENDS IN TRAVEL. GfK turning research into business opportunities. Judith Nijk,

#BMIT. Welcome. Seminar Business Continuity

Van risico analyse naar security plan

Hoorcollege marketing 5 de uitgebreide marketingmix. Sunday, December 9, 12

Logging en Monitoring - privacy, beveiliging en compliance Enkele praktijkvoorbeelden

OGH: : 11g in de praktijk

Advanced Metering Infrastructure

HR Transformation and Future of HR Brussel, 25 april 2013 Material part 1/2

SALES KIT. Richtlijnen verkooptools en accreditatieproces Voyages-sncf.eu. Vertrouwelijk document. Eigendom van de VSC Groep

Cloud. Regie. Cases.

De tarieven van Proximus Niet meer gecommercialiseerde Bizz packs

Hoe kies je de juiste Microsoft Hosted Exchange Service Provider?

Oversight Management: een zinvolle aanvulling!

Introductie Agilos Enterprise Warehouse View The Audit-Data Warehouse: a data refinery Controls Warehouses Solution Warehouses

MAYORGAME (BURGEMEESTERGAME)

Storage in Microsoft Azure Wat moet ik daarmee? Bert

Software VOC netwerkbijeenkomst De kansen van OEM. Hans Schut OEM Partner Manager Nederland 9 juli 2014

NL VMUG UserCon March

How To Write A Book On The Internet Security

EA E S A A S Eerste uitbreiding

Moving Forward with IT Governance and COBIT

Dutch Mortgage Market Pricing On the NMa report. Marco Haan University of Groningen November 18, 2011

Cloud. Gebruik. Cases.

IBK Scholingsdag. Created with Haiku Deck, presentation software that's simple, beautiful and fun. page 1 of 44

CSRQ Center Rapport over schoolhervormingsmodellen voor basisscholen Samenvatting voor onderwijsgevenden

HIPPO STUDY DG Education And Culture Study On The Cooperation Between HEIs And Public And Private Organisations In Europe. Valorisatie 9/26/2013

Citrix Access Gateway: Implementing Enterprise Edition Feature 9.0

The state of DIY. Mix Express DIY event Maarssen 14 mei 2014

Internal Audit Ambition Model

Practical implementation of ISO / 27002

CO-BRANDING RICHTLIJNEN

Requirements Lifecycle Management succes in de breedte. Plenaire sessie SPIder 25 april 2006 Tinus Vellekoop

HOE WERKT CYBERCRIME EN WAT KAN JE ER TEGEN DOEN? Dave Maasland Managing Director ESET Nederland

De rol van requirements bij global development

A view on governance. SharePoint Kennisdelingsdag. Nick Stuifbergen, consultant 28 January 2011

ICAAP of SNS Bank. Arno van Eekelen Senior Consultant SNS Bank Global Association of Risk Professionals. June 2014

Hoofdstuk 2 Samenwerking en afstemming in de zorgketen

Examen Software Engineering /09/2011

IPW Smart Delivery Management

Kansen in KP7 NMP. Aansluitend op de HTSM Roadmap Nanotechnologie. 11 juni Melvin A. Kasanrokijat

Risks are Key, Processes Follow. Michiel Schuijt Chief Risk Officer, Mn Services

101 Inspirerende Quotes - Eelco de boer - winst.nl/ebooks/ Inleiding

10 Best-Selling Modules For Home Information Technology Professionals

Corporate Universities Aanjagers van de lerende organisatie

How to deliver Self Service IT Automation

Security Controls What Works. Southside Virginia Community College: Security Awareness

Windows Azure Push Notifications

Load Balancing Lync Jaap Wesselius

Benefits to the Quality Management System in implementing an IT Service Management Standard ISO/IEC

ead management een digital wereld

Enabling Compliance Requirements using ISMS Framework (ISO27001)

Lean in het digitale tijdperk. Hans Toebak, Arjen Markus, 13 november 2013

Shopper Marketing Model: case Chocomel Hot. Eric van Blanken 20th October 2009

Challenges in Enterprise Asset Information Management. Edwin van Dijk Director Product Management Johan van de Velde Area Sales Manager Benelux

Third-Party Cybersecurity and Data Loss Prevention

Outsourcing and Information Security

ISO/IEC ITIL Service Management V.2 V s V.3 Project ACE Andy Evans Programme Director and Strategic Programme Advisor

Information security policies. Security in Organizations 2011 Eric Verheul

UPI 002 Taak Risico Analyse (TRA)

Transcription:

Platform voor Informatiebeveiliging IB Governance en management dashboards Johan Bakker MSc CISSP ISSAP Principal Policy Advisor KPN Corporate Center Information Security Governance

Agenda Drivers voor Informatiebeveiliging bij KPN KPN Corporate Security Policy (CSP) Security Governance Security Compliance Vragen? 1

Drivers voor Informatiebeveiliging bij KPN De business en de Business strategy Opta SOx TW Wet & regelgeving NMa WBP Basel2 Partners SAS70 ISO 27001 Security Beleid SAS70 ISO 27001 Suppliers PCI Product chains PCI Customers TPM ITIL TPM ITIL klant, de wet en de keten 2

KPN Corporate Security Policy Hoe doen we dat bij KPN? Corporate Security Policy (CSP) Onderdeel Business Control Framework (BCF) Per 4 sept 2006 door de CFO ondertekend Daarmee de geldende security policy Gebaseerd op een Security Management System (SMS) Een risico gedreven cyclisch process (gebaseerd op ISO 27001) Methode om maatregelen te selecteren (uit ISO 27002) Uitrol in progress 3

KPN Corporate Security Policy Het CSP Framework Policy Rules Means Corporate Security Policy Security Management Requirements Design principles and axioms Implementation Manual CSP Compliance Framework Baseline Security Controls Guidelines, templates, methods, tools Introduction into the CSPF Functional Security Policies Report Repository In lagen opgebouwd 4

KPN Corporate Security Policy Strategic Tactical Security Governance en compliance Policy, Organization & Management CISO is owner Corporate Security Policy MT CISO / CFO TRU Tactical Reporting Unit Consumer Business Wholesale Internal IT Corporate MT Aggregated reporting & Compliance Operational Three levels of security management MT MT MT MT ORU Operational Reporting Unit Business requirements & Reporting (Products & Services) [= business alignment] MT MT MT MT Hiërarchisch en in de Supply chain IPB Internet IP-TV Mobiel Vaste tel 5

Security Governance - Hiërarchisch Strategic Tactical Operational Scope KPN Enterprise Tactical Reporting Unit Product(s), service(s) or process(es) Context Market, legal, regulatory, societal developments, KPN Mission Business developments, demand/supply chain, tactical scopes, CSP Cust. requirements, CSP and local policies and procedures Security aspects Enterprise impact, tactical level of compliance Business impact, operational level of compliance Confidentiality, Integrity and Availability Assets The KPN Brand(s) Products, services and processes Typical Information assets Risks Enterprise risks Business risks Security risks Controls CSP Framework, tactical ISMS s SLA s, local policies operational ISMS s ISO/IEC 27002 controls 6

Security Governance Supply chain Rollen in de supply chain Requirements Agreements Owner Customer PWB Implementer Development contract Handover Service delivery Operator Service Contract, SLA De verantwoordelijkheden beschreven 7

Compliance reporting - Hiërarchisch Iedere TRU aggregeert en rapporteert Organisatie en management Wie is de policyhouder voor de TRU? Welke ORU s rapporteren over security? Wie zijn er op die ORU s accountable voor security? Wie zijn er op die ORU s responsible voor security? Mate van implementatie Voor welke ORU s zijn AC, BIA en RA uitgevoerd? Zijn de baseline controls geïmplementeerd? En in welke mate? Gerapporteerde security exceptions de mate van volwassenheid 8

Compliance reporting Supply chain In de Supply chain geldt Extern (aan klant en van leverancier) SLA reporting ISO 27001 certificaten TPM s SAS 70 verklaringen Intern SLA s tussen bedrijfsonderdelen Complaince reports security services (HR, Facilities, CPO, IT, Corp) Rapporten KPN audit wat er met de klant is afgesproken 9

Compliance reporting Dashboard Op Corporate niveau Kwartaalrapportage aan RVB: Stoplichtrapportage compliance TRU s High profile incidenten Trends en ontwikkeling Statistieken: Abusemeldingen Spam en virussen Integriteitsonderzoeken overzien we het geheel 10

Vragen? 11

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information