Professional Documents
Culture Documents
Topic 3 - Approaches To Implementing Information Assurance
Topic 3 - Approaches To Implementing Information Assurance
Topic 3 - Approaches To Implementing Information Assurance
APPROACHES TO IMPLEMENTING
INFORMATION ASSURANCE
Key Components of Info Assurance Approaches
• Example 1: high TCO & low ROI due to focus on technology over
people and process
Freshly installed tools become obsolete but no people
trained to operate them.
• Example 2: high TCO & high ROI
Hiring info assurance employees, directing them to write
policies, standards, and procedures, and having them
perform risk assessment; the organization then determine
the best requirements for technology: purchase technology
that meets a specific need and targets a specific risk (e.g.
encryption for the banking); the risk of a breach is reduced.
• Input for the strategic plan should not be merely from the CIO,
CISO, or CSO (responsible for an information assurance
program), support should also come from senior management
personnel: the board of directors, CEO, and heads of business or
IT functions.
• Eventually, support should come from all employees.
• This support can be stimulated by an effective security
awareness program tailored to different groups of employees.
• Have considered
Key Components of Info Assurance Approaches
Level of Controls in Managing Security
Top-Down Approach
Bottom-Up Approach
Outsourcing and the Cloud
Balancing Info Assurance and Associated Costs