Home > IT Blogs > IT Governance, Risk, and Compliance/

IT Governance, Risk, and Compliance:

ISM

123
September 14, 2009  6:19 PM

Supporting ISG Deployment – Part IV



Posted by: Robert Davis
Benchmarking, Budgeting, Framework, Gap Analysis, Governance Tree, Information Security Governance, Information Security Management, Information Security Processes, Internal Control System, ISG, ISM, ITG, Maturity Modeling, Methodology, Objectives

If, however, you assume ISG provides financial and/or reputational benefits, potential stakeholders are presumed to rely upon governance elements prior to investing their time, talent, and/or money. Therefore, ascertaining the effectiveness and efficiency of entity-centric information security...

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

September 10, 2009  9:01 PM

Supporting ISG Deployment – Part III



Posted by: Robert Davis
Framework, Governance Tree, Information Security Governance, Information Security Management, Information Security Processes, Internal Control System, ISG, ISM, ITG, Methodology

Alternatively, if you perceive ISG as a descriptive prescription for achieving managerial objectives, the adopted ISG methodology should provide security assessments defining strategic, tactical, and operational risks. Management usually is...

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

September 8, 2009  6:56 PM

Supporting ISG Deployment – Part II



Posted by: Robert Davis
Framework, Governance Tree, Information Security Governance, Information Security Management, Information Security Processes, ISG, ISM, ITG, Methodology

If you envision ISG as a framework servicing entity and 'IT governance', then structurally, ISG should be implemented as an organizational program with objectives,...

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

September 3, 2009  8:04 PM

Supporting ISG Deployment – Part I



Posted by: Robert Davis
Framework, Governance Tree, Information Security Governance, Information Security Management, Information Security Processes, ISG, ISM, ITG, Methodology

Traversing to and aligning with potential 'Governance Tree' third-tier abstraction levels; information security governance (ISG) can be viewed as a framework, methodology, or technique. Framing ISG enables a...

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

August 17, 2009  8:26 PM

Preserving Electronically Encoded Evidence – Part IV



Posted by: Robert Davis
Boot, Configuration, Data Acquisition, Electronic Discovery, Event Management, Forensic Imaging Software, Illegal Acts, Incident Handling, Incident Response, Information Security Management, Irregularities, ISM, Law Enforcement

Whether target data is in transit or at rest, it is critical that measures are in place to prevent the sought information from being destroyed, corrupted or becoming unavailable for forensic investigation. When evidence is at rest, adequate procedures should be followed to ensure evidential

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

August 13, 2009  9:04 PM

Preserving Electronically Encoded Evidence – Part III



Posted by: Robert Davis
Boot, Configuration, Data Acquisition, Electronic Discovery, Event Management, Forensic Imaging Software, Illegal Acts, Incident Handling, Incident Response, Information Security Management, Irregularities, ISM, Law Enforcement

Creating evidential copies through routine backup procedures will only permit replicating specific files while none of the files with delete indicators are recovered, nor the designated 'free space' between files. To remediate this limitation, a

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

August 10, 2009  7:59 PM

Preserving Electronically Encoded Evidence – Part II



Posted by: Robert Davis
Boot, Configuration, Data Acquisition, Electronic Discovery, Illegal Acts, Incident Handling, Incident Response, Information Security Management, Irregularities, ISM, Law Enforcement

Conditionally, if the target system is turned off, simply turning the technology on and permitting a 'boot' can introduce content changes to files directly or indirectly connected through

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

August 6, 2009  8:39 PM

Preserving Electronically Encoded Evidence – Part I



Posted by: Robert Davis
Electronic Discovery, Illegal Acts, Incident Handling, Incident Response, Information Security Management, Irregularities, ISM

Seeking to preserve electronically encoded evidence implies an incident or event has occurred that will require facts extrapolation for presentation as...

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

May 12, 2009  3:25 PM

Developing Objectives – Part IV



Posted by: Robert Davis
Accountability, Behavioral Management, Benchmarking, Goals, IAP, Information Asset Protection, Information Security Governance, Information Security Management, ISG, ISM, Management by Objectives, MBO, Planning Committee, Resource Allocation, Responsibility

MBO is a participative behavioral approach to managing employees. One of the primary MBO assumptions is that employees prefer to work hard once they are provided with employer expectations. Intuitively, sustaining accepted expectations...

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

May 7, 2009  11:14 PM

Developing Objectives – Part III



Posted by: Robert Davis
Accountability, Behavioral Management, Benchmarking, Goals, IAP, Information Asset Protection, Information Security Governance, Information Security Management, ISG, ISM, Management by Objectives, MBO, Planning Committee, Resource Allocation, Responsibility

A system for disseminating information security management objectives is considered fundamental to obtain employee commitment. One way to communicate entity-centric information security objectives is clear and concise policies. Information security...

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

123