 Security management involves the identification of an organization's information assets and the development, documentation and implementation of its policies, standards, procedures and guidelines.
It includes managing risks and practicing an appropriate standard of care as defined by the security policy, legal and regulatory policies. The organisation's management is responsible for the security of all personnel, information and supporting systems, and for addressing the risks imposed by connections to other systems
Management principles such as data classification, risk assessment and risk analysis are used to identify threats, classify assets and to rate system vulnerabilities so that effective controls can be implemented and risks mitigated.
The organisation's management should ensure that information security risks are clearly identified and efficiently managed as they are ultimately responsible for identifying the resources to be protected and the measures to be used.
Information security staff are responsible for articulating policy, providing expert guidance and direction, measuring compliance, noting variances, and recommending corrective action.
Effective security awareness programs should be in place to adequately communicate management expectation to employees. These programs should emphasise employee's significance to the organisation policies and standards, guidelines management's rationale behind adopting it. It should also make clear the value established by compliance and the consequences of non compliance.
Our Security management services include:
- Reviewing information security strategies
- Assisting in defining the information security management hierarchy
- Information security project management
- Information security staff skill requirements
- Information security awareness dissemination
- Information asset and system classification
|
