classic | mobile
Follow us on:
Follow us on Facebook  Share via Twitter  Share via LinkedIn
 

Search...
Hi-Tech Security Solutions Business Directory


Senior executives information security survival kit
March 2006, Cyber Security

Specific information security risks for senior executives

The following examples show how senior executives can be exposed to information security risks:

* Lack of appreciation of what risks are most significant.

* Failure to mandate the right security culture and control framework and set the right security example.

* Failure to embed responsibilities for risk management into the management team.

* Failure to detect where the most critical security weaknesses exist within the organisation.

* Failure to monitor risk management investments and/or be able to measure benefits realised.

* Failure to direct risk management and be in a position to know what residual risk remains.

Questions to ask

* How is the board kept informed of information security issues? When was the last briefing made to the board on security risks and status of security improvements?

* Is the enterprise clear on its position relative to IT and security risks? Does it tend toward risk avoidance or risk taking?

* How much is being spent on information security? On what? How were the expenditures justified? What projects were undertaken to improve security last year? Have sufficient resources been allocated?

* How many staff had security training last year? How many of the management team received security training?

* How does the organisation detect security incidents? How are they escalated and what does management do about them? Is management prepared to recover from a major security incident?

* Is management confident that security is adequately addressed in the organisation? Has the organisation ever had its network security checked by a third party?

* Is management aware of the latest IT security issues and best practices?

* What is industry best practice and how does the enterprise compare?

* Are IT security issues considered when developing business and IT strategy?

* Can the entity continue to operate properly if critical information is unavailable, corrupted or lost? What would be the consequences of a security incident in terms of lost revenues, customers and investor confidence? What would be the consequences if the infrastructure became inoperable?

* Are the information assets subject to laws and regulations? What has management instituted to assure compliance with them?

* Does the information security policy address the concern of the board and management on information security ('tone at the top'), cover identified risks, establish an appropriate infrastructure to manage and control the risks, and establish appropriate monitoring and feedback procedures?

* Is there a security programme in place that covers all of the above questions? Is there clear accountability about who carries it out?

* Is management aware that serious security breaches could result in significant legal consequences for which management may be held responsible?

Action list

* Establish a security organisation and function that assists management in the development of policies and assists the enterprise in carrying them out.

* Establish responsibility, accountability and authority for all security-related functions to appropriate individuals in the organisation.

* Establish clear, pragmatic enterprise and technology continuity programmes, which are then continually tested and kept up to date.

* Conduct information security audits based on a clear process and accountabilities, with management tracking the closure of recommendations.

* Include security in job performance appraisals and apply appropriate rewards and disciplinary measures.

* Develop and introduce clear and regular reporting on the organisation's information security status to the board of directors based on the established policies and guidelines and applicable standards. Report on compliance with these policies, important weaknesses and remedial actions, and important security projects.

This material is extracted from COBIT Security Baseline. Copyright (c) 2004 IT Governance Institute (ITGI). For additional information on COBIT and ITGI, visit www.itgi.org


  Share via Twitter   Share via LinkedIn      

Further reading:

  • Accessing cyber security
    November 2016, Tyco Security Products, This Week's Editor's Pick, Access Control & Identity Management, Cyber Security, Security Services & Risk Management
    Tyco Security Products is taking a proactive role in securing its range of physical security products by developing its Cyber Protection Programme.
  • Control your own privacy
    November 2016, Technews Publishing, Cyber Security
    Whether you know it or not, or whether you care or not, everything you do online is being tracked. TrackOFF protects you digital identity from fingerprinting and other nefarious online spies.
  • The app effect on security
    November 2016, Cyber Security
    While security teams focus on patching operating systems and web browsers, vulnerabilities in those two types of software typically account for a small amount of publicly disclosed vulnerabilities.
  • Datacentrix revamps Security Operations Centre
    November 2016, News, Cyber Security, Security Services & Risk Management
    Datacentrix, a provider of high performing and secure ICT solutions, has officially launched its overhauled Security Operations Centre (SOC), unveiling a highly intelligent service that provides actionable information to help organisations respond to attacks faster and more efficiently.
  • IT security drives business growth
    November 2016, This Week's Editor's Pick, Access Control & Identity Management, Cyber Security
    South African businesses highlight a 30% percent increase in revenue from new business, while almost three-quarters agree identity-centric security is critical to the business.
  • King IV looks at your data
    November 2016, J2 Software, Cyber Security, Security Services & Risk Management
    The launch of the King IV Report on Corporate Governance by the Institute of Directors in Southern Africa on 1 November provides a wake-up call for South African organisations.
  • Multi-modal security best for registered financial service providers
    October 2016, Technews Publishing, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring, Access Control & Identity Management, Cyber Security, Integrated Solutions, Financial (Industry)
    The financial sector faces a number of security challenges that range from outright banking hall robberies, through theft of money at ATMs, internal and external fraud, as well as phishing and similar cyber threats.
  • After the data breach
    October 2016, This Week's Editor's Pick, Cyber Security, Security Services & Risk Management, Financial (Industry)
    Lifars and Fortress Strategic Communications outline steps companies need to take after they contain the data breach and initiate the process of normalising business operations.
  • Biometric skimmers are here
    October 2016, News, Cyber Security
    According to a Kaspersky Lab investigation into underground cybercrime, there are already at least twelve sellers offering skimmers capable of stealing victims’ fingerprints.
  • Great cyber security needs great people
    October 2016, This Week's Editor's Pick, Cyber Security, IT infrastructure, Training, Conferences & Events
    Solutions are not reaching their full potential thanks to a dire shortage of cyber security professionals to harness them.
  • Tyco strengthens reader-to-panel communications
    October 2016, Tyco Security Products, Access Control & Identity Management, Cyber Security
    C•CURE 9000 v2.50 event management platform now supports Open Supervised Device Protocol (OSDP), developed by the Security Industry Association (SIA) to allow for enhanced interoperability among security devices.
  • New Milestone VMS
    October 2016, Milestone Systems, CCTV, Surveillance & Remote Monitoring, Cyber Security, Integrated Solutions, Products
    Milestone XProtect 2016 R3 Advanced VMS announced with focus on total cost of ownership, performance and cyber security – making video solutions more cost-effective through innovative new features.

 
 
         
Contact:
Technews Publishing (Pty) Ltd
1st Floor, Stabilitas House
265 Kent Ave, Randburg, 2194
South Africa
Publications by Technews
Dataweek Electronics & Communications Technology
Electronic Buyers Guide (EBG)

Hi-Tech Security Solutions
Hi-Tech Security Business Directory (HSBD)

Motion Control in Southern Africa
Motion Control Buyers’ Guide (MCBG)

South African Instrumentation & Control
South African Instrumentation & Control Buyers’ Guide (IBG)
Other
Terms & conditions of use, including privacy policy
PAIA Manual
         
    Mobile | Classic

Copyright © Technews Publishing (Pty) Ltd. All rights reserved.