INFORMATION SECURITY LAW - PowerPoint PPT Presentation

1 / 15
About This Presentation
Title:

INFORMATION SECURITY LAW

Description:

Industry Standard Business Software Alliance ... Ernst & Young Global Info Survey 2003 ... Global Info Survey 2003. Major driver for info security spending is ... – PowerPoint PPT presentation

Number of Views:24
Avg rating:3.0/5.0
Slides: 16
Provided by: michaelg2
Category:

less

Transcript and Presenter's Notes

Title: INFORMATION SECURITY LAW


1
INFORMATION SECURITY LAW
2
Elements - law/regulation on info security
  • Management involvement
  • Strategic policies and procedures
  • Risk-based, process approach
  • Documented
  • Appropriate to size and complexity of
    organization
  • Administrative, technical and physical controls
    to mitigate risk
  • Monitoring, updating, independent auditing

3
Essential administrative, technical and physical
controls to mitigate risk
  • Access Controls (administrative and technical)
  • Information processing, storage, transmission and
    disposal procedures
  • Physical Environmental Security Controls
  • Third Party Oversight Measures
  • Incident Response Plan

4
Emerging Standard
  • Asset Assessment
  • Risk Assessment
  • Develop Security Program to Manage and Control
    Risk
  • Responsibility for Security Program

5
Emerging Standard
  • Awareness, Training and Education
  • Monitoring and Testing
  • Review and Adjustment
  • Oversee Third Party Service Provider Arrangements

6
Industry Standard Business Software Alliance
  • Need for an effective security organizational
    structure
  • Need for risk assessment mgmt must understand
    risks to info assets and security measures must
    be commensurate with the risks

7
Industry Standard Business Software Alliance
  • Need to create, implement and continuously
    monitor security measures, and communicate and
    enforce security policies
  • Need for organizational commitment, awareness and
    training of personnel

8
Present Environment of Info Security Programs
  • Ernst Young Global Info Survey 2003
  • Over 1400 organizations in 66 countries were
    surveyed on information security
  • Most respondents were chief information officers
    (CIOs) or chief information security officers

9
Global Info Survey 2003
  • Information security is considered a high
    priority in achieving overall business objectives
    (90)
  • But only half indicate that info security
    spending is aligned well with key business
    objectives

10
Global Info Survey 2003
  • Board involvement in info security over 50
    indicate that they report on info security to the
    board on an annual basis or less often
  • Meetings between CIOs and business unit leaders
    are also infrequent - over 55 do not meet on a
    regular basis

11
Global Info Survey 2003
  • Few organizations take a strategic approach to
    information security most take a
    technology-based, reactive approach
  • Info security plans are not reviewed and updated
    on a ongoing basis

12
Global Info Survey 2003
  • Major obstacle to effective info security was
    inadequate funding more sophisticated threats
    had been cited in prior years
  • Return on investment measures were not generally
    used to make decisions on info security measures

13
Global Info Survey 2003
  • Major driver for info security spending is risk
    reduction
  • Regulatory compliance and legal/contract
    requirements ranked high
  • Maintaining business reputation and trust was
    another important factor

14
Global Info Survey 2003
  • Spending is primarily directed to technology
  • Employee training and awareness captured a
    relatively small share of info security spending

15
Global Info Survey 2003
  • Viruses and worms continue to be the major
    concern of info security managers
  • Increasingly, internal threats from employees and
    others are being recognized as significant
Write a Comment
User Comments (0)
About PowerShow.com