May 7, 2009 11:14 PM
Posted by: Robert Davis
Accountability,
Behavioral Management,
Benchmarking,
Goals,
IAP,
Information Asset Protection,
Information Security Governance,
Information Security Management,
ISG,
ISM,
Management by Objectives,
MBO,
Planning Committee,
Resource Allocation,
ResponsibilityA system for disseminating information security management objectives is considered fundamental to obtain employee commitment. One way to communicate entity-centric information security objectives is clear and concise policies. Information security...
May 4, 2009 6:32 PM
Posted by: Robert Davis
Accountability,
Behavioral Management,
Benchmarking,
Goals,
IAP,
Information Asset Protection,
Information Security Governance,
Information Security Management,
ISG,
ISM,
Management by Objectives,
MBO,
Planning Committee,
Resource Allocation,
ResponsibilityWithin behavioral management theory, entity leaders have alternative approaches available to accomplish information assets safeguarding objectives development -- including participative, consultative, free rein, and autocratic models....
April 14, 2009 1:08 AM
Posted by: Robert Davis
CE,
Control Environment,
Information Security Governance,
Information Security Management,
ISSM,
IT Security Program,
ITSM,
Key Performance Indicators,
KPI,
Safeguarding Investments,
Service Delivery and Support,
Service Level Agreement,
Service Management,
SLASelective measurement utility is realized when a critical few indicators permit accurate and timely information for decision-making and, by extension, appropriate information assets protection....
April 9, 2009 7:10 PM
Posted by: Robert Davis
CE,
Control Environment,
Information Security Governance,
Information Security Management,
ISSM,
IT Security Program,
ITSM,
Key Performance Indicators,
KPI,
Safeguarding Investments,
Service Delivery and Support,
Service Level Agreement,
Service Management,
SLAIT security maturity modeling can measure the established control environment and controls within processes. Typically, the defined maturity modeling scale addresses entity-centric processes from an ad hoc...
April 6, 2009 8:15 PM
Posted by: Robert Davis
Information Security Governance,
Information Security Management,
ISSM,
IT Security Program,
ITSM,
Key Performance Indicators,
KPI,
Safeguarding Investments,
Service Delivery and Support,
Service Level Agreement,
Service Management,
SLAFinancially-related information is generated to establish cost-oriented steering towards achieving entity-centric objectives and goals. Generally, aggressive expenses administration and accurate costs redistribution improve financial resources availability. However, the IT security financial...
April 3, 2009 7:22 PM
Posted by: Robert Davis
Information Security Governance,
Information Security Management,
ISSM,
IT Security Program,
ITSM,
Key Performance Indicators,
KPI,
Safeguarding Investments,
Service Delivery and Support,
Service Level Agreement,
Service Management,
SLAThough IT security service management can include a plethora of indicators, adequate service value measurement is not demonstrated in the sheer number of indicators considered. Practical IT security service delivery and support utilization...
March 31, 2009 9:36 PM
Posted by: Robert Davis
Assurance Services,
Control Self-assessment,
CSA,
IAP,
ICR,
Illegal Acts,
Information Asset Protection,
Information Security Management,
Internal Control Review,
IrregularitiesArguably, data security is the most significant domain supporting information reliability. Entity oversight committees should monitor control activities for on-going relevance and effectiveness as well as responses to information security...
March 28, 2009 8:20 PM
Posted by: Robert Davis
Assurance Services,
Control Self-assessment,
CSA,
IAP,
ICR,
Illegal Acts,
Information Asset Protection,
Information Security Management,
Internal Control Review,
IrregularitiesInformation security managers should prepare for audits utilizing control self-assessments to verify compliance with laws, regulations, policies and procedures. It is always a sound idea to strategically plan annual control self-assessments....
March 24, 2009 7:11 PM
Posted by: Robert Davis
Assurance Services,
Control Self-assessment,
CSA,
IAP,
ICR,
Illegal Acts,
Information Asset Protection,
Information Security Management,
Internal Control Review,
IrregularitiesManagement needs to understand the status of the entity's IT systems to decide what safeguarding mechanisms should be deployed to meet business requirements. When IAP monitoring is built into the entity's operating activities, and process performance is reviewed on a real-time basis; control...
