classic | mobile
Follow us on:
Follow us on Facebook  Share via Twitter  Share via LinkedIn
 
This Week's Editor's Pick
News
Conferences & Events
Training & Education
Associations
Access Control & Identity Management
Asset Management, EAS, RFID
CCTV, Surveillance & Remote Monitoring
Cyber Security
Fire & Safety
Integrated Solutions
IT infrastructure
Perimeter Security, Alarms & Intruder Detection
Security Services & Risk Management
Products
Handbooks
Search...
Hi-Tech Security Solutions Business Directory
Residential Estate Security Handbook 2017



Senior executives information security survival kit
March 2006, Cyber Security

Specific information security risks for senior executives

The following examples show how senior executives can be exposed to information security risks:

* Lack of appreciation of what risks are most significant.

* Failure to mandate the right security culture and control framework and set the right security example.

* Failure to embed responsibilities for risk management into the management team.

* Failure to detect where the most critical security weaknesses exist within the organisation.

* Failure to monitor risk management investments and/or be able to measure benefits realised.

* Failure to direct risk management and be in a position to know what residual risk remains.

Questions to ask

* How is the board kept informed of information security issues? When was the last briefing made to the board on security risks and status of security improvements?

* Is the enterprise clear on its position relative to IT and security risks? Does it tend toward risk avoidance or risk taking?

* How much is being spent on information security? On what? How were the expenditures justified? What projects were undertaken to improve security last year? Have sufficient resources been allocated?

* How many staff had security training last year? How many of the management team received security training?

* How does the organisation detect security incidents? How are they escalated and what does management do about them? Is management prepared to recover from a major security incident?

* Is management confident that security is adequately addressed in the organisation? Has the organisation ever had its network security checked by a third party?

* Is management aware of the latest IT security issues and best practices?

* What is industry best practice and how does the enterprise compare?

* Are IT security issues considered when developing business and IT strategy?

* Can the entity continue to operate properly if critical information is unavailable, corrupted or lost? What would be the consequences of a security incident in terms of lost revenues, customers and investor confidence? What would be the consequences if the infrastructure became inoperable?

* Are the information assets subject to laws and regulations? What has management instituted to assure compliance with them?

* Does the information security policy address the concern of the board and management on information security ('tone at the top'), cover identified risks, establish an appropriate infrastructure to manage and control the risks, and establish appropriate monitoring and feedback procedures?

* Is there a security programme in place that covers all of the above questions? Is there clear accountability about who carries it out?

* Is management aware that serious security breaches could result in significant legal consequences for which management may be held responsible?

Action list

* Establish a security organisation and function that assists management in the development of policies and assists the enterprise in carrying them out.

* Establish responsibility, accountability and authority for all security-related functions to appropriate individuals in the organisation.

* Establish clear, pragmatic enterprise and technology continuity programmes, which are then continually tested and kept up to date.

* Conduct information security audits based on a clear process and accountabilities, with management tracking the closure of recommendations.

* Include security in job performance appraisals and apply appropriate rewards and disciplinary measures.

* Develop and introduce clear and regular reporting on the organisation's information security status to the board of directors based on the established policies and guidelines and applicable standards. Report on compliance with these policies, important weaknesses and remedial actions, and important security projects.

This material is extracted from COBIT Security Baseline. Copyright (c) 2004 IT Governance Institute (ITGI). For additional information on COBIT and ITGI, visit www.itgi.org
Share: Share via email   Share via Twitter   Share via LinkedIn   Print  print  

Further reading:

  • DDoS detection and mitigation platform
    September 2017, Networks Unlimited, Cyber Security, Products
    Arbor Networks further automates DDoS attack mitigation for MSSPs and enterprise customers.
  • Back to the future
    September 2017, Adamastor Consulting, This Week's Editor's Pick, Cyber Security, Integrated Solutions, Residential Estate (Industry)
    The future is not what it used to be. Rob Anderson looks at estate security in 2027.
  • Are IP cameras vulnerable to ­cyber attacks?
    September 2017, Graphic Image Technologies, Cyber Security, CCTV, Surveillance & Remote Monitoring
    The Internet of Things (IoT) is currently on the rise and with the expansion of digitisation, the separation between physical security and network security is no longer clear.
  • Managing technology risks for effective estate security
    September 2017, Technews Publishing, Residential Estate (Industry), Cyber Security, Integrated Solutions, Conferences & Events
    Hi-Tech Security Solutions and Rob Anderson hosted the Residential Estate Security Conference 2017 in Johannesburg earlier this year.
  • Deepening the value of surveillance
    September 2017, Hikvision South Africa, Residential Estate (Industry), CCTV, Surveillance & Remote Monitoring, Cyber Security
    Deep Learning has swept through the IT industry, bringing benefits and better classifications to a number of applications. Now it’s changing security as well.
  • Don’t be a sitting duck against IoT threats
    September 2017, Cyber Security
    As the Internet of Things (IoT) continues to gain traction, organisations will have to reassess their security practices to accommodate the increase in security alerts.
  • Breaking the chain
    September 2017, This Week's Editor's Pick, Cyber Security
    How attackers hide a backdoor in software used by hundreds of large companies around the world.
  • Prevention is better, and cheaper
    August 2017, J2 Software, This Week's Editor's Pick, Cyber Security, Integrated Solutions, Healthcare (Industry)
    Securing healthcare data across the ecosystem will not only prevent fraud, it will also improve service delivery in the public and private sectors.
  • Only the paranoid survive
    August 2017, This Week's Editor's Pick, Cyber Security, Integrated Solutions, IT infrastructure
    Whether you’re a government, a hospital, a global corporation, a small business or an individual, you should be paranoid because they are out to get you.
  • Will artificial intelligence replace our jobs?
    August 2017, Integrated Solutions, Cyber Security, Security Services & Risk Management
    Many welcome the possibilities brought about by rapid advances in artificial intelligence, but there is also growing uncertainty about the long-term impact on jobs.
  • Cyber attacks to the left, ransomware to the right
    August 2017, This Week's Editor's Pick, Cyber Security, News
    We all need to be agile and responsive to the new unknowns; here are some tips for preventing future nasties like WannaCry and Petya.
  • Growing concern over global cybersecurity
    August 2017, News, Cyber Security
    The average cost of a security breach in the UK is R40,5 million, while DDoS attacks costs an average of R500 000 an hour to defend.
 
 
         
Contact:
Technews Publishing (Pty) Ltd
1st Floor, Stabilitas House
265 Kent Ave, Randburg, 2194
South Africa		 Publications by Technews
Dataweek Electronics & Communications Technology
Electronic Buyers Guide (EBG)

Hi-Tech Security Solutions
Hi-Tech Security Business Directory (HSBD)

Motion Control in Southern Africa
Motion Control Buyers’ Guide (MCBG)

South African Instrumentation & Control
South African Instrumentation & Control Buyers’ Guide (IBG)		 Other
Terms & conditions of use, including privacy policy
PAIA Manual
         
    Mobile | Classic

Copyright © Technews Publishing (Pty) Ltd. All rights reserved.