Scribd Logo
Upload

Welcome to Scribd!

  • Module-4: Information Security Management and Metrics

    Uploaded by

    Sukriti Jaitly
    14 views8 pages
    This document discusses information security management and metrics. It describes the typical team structure for information and data security, including the board of directors who are responsible for protecting shareholder interests and understanding business risks, a security steering committee that sets strategic direction and reviews program performance, and executive management who must be aware of confidentiality, integrity and availability risks.

    Original Description:

    informotion sec

    Original Title

    spanish

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses information security management and metrics. It describes the typical team structure for information and data security, including the board of directors who are responsible for protecting shareholder interests and understanding business risks, a security steering committee that sets strategic direction and reviews program performance, and executive management who must be aware of confidentiality, integrity and availability risks.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    14 views8 pages

    Module-4: Information Security Management and Metrics

    Uploaded by

    Sukriti Jaitly
    This document discusses information security management and metrics. It describes the typical team structure for information and data security, including the board of directors who are responsible for protecting shareholder interests and understanding business risks, a security steering committee that sets strategic direction and reviews program performance, and executive management who must be aware of confidentiality, integrity and availability risks.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    of 8

    Module-4

    Information Security Management


    and Metrics
    Information Security Management and
    Metrics
    • Information and Data Security Team Structure
    • Security incident response team.
    • Introduction to Security Metrics
    • Types of Security Metrics
    • Using Security Metrics
    • Developing the Metrics Process
    • Metrics and Reporting
    • Designing information security measurement
    systems
    Information and Data Security Team
    Structure
    Information and Data Security Team
    Structure

    1. Board of Directors:
    – Responsible for protecting the interests of the shareholders of
    the corporation. This duty of care (fiduciary responsibility)
    requires that it understand the risk to the business and its data.
    – The Board of Directors is responsible for approving the
    appropriate resources necessary to safeguard data. It also needs
    to be kept aware of how the security program is performing.
    Information and Data Security Team
    Structure

    2. Security Steering Committee


    – The Committee has an important role in security
    governance; this group is responsible for setting the tactical
    and strategic direction for the organization as a whole.
    – The group generally consists of the CEO, CFO, CIO/CISO, and
    the internal auditing function (or oversight if it is
    outsourced to a third party). Other business functions
    might also be present, such as Human Resources and
    business operational leaders, depending on the size and
    Information and Data Security Team
    Structure
    2. Security Steering Committee
    – This team reviews audit results, risk assessment, and
    current program performance data. The committee also
    provides approval for any major policy or security
    strategy changes.
    Information and Data Security Team
    Structure

    3. CEO or Executive Management


    – Senior management must answer to the Board of Directors
    and shareholders of a company.
    – Furthermore, if the company is publicly traded, the CEO
    and CFO must personally attest to the accuracy and
    integrity of the financial reports the company issues.
    – Executive management sets the tone and direction for the
    rest of the company and must be aware of the risks the
    company faces for the confidentiality, integrity, and
    Information and Data Security Team
    Structure

    3. CEO or Executive Management


    – Senior management must answer to the Board of Directors
    and shareholders of a company.
    – Furthermore, if the company is publicly traded, the CEO
    and CFO must personally attest to the accuracy and
    integrity of the financial reports the company issues.
    – Executive management sets the tone and direction for the
    rest of the company and must be aware of the risks the
    company faces for the confidentiality, integrity, and

    You might also like