Strategy and Governance

Information Security Strategy

Simply put, it is the plan to secure and protect the information and data used and generated by the organization’s business processes. The extent of the security strategy however is dependent on what business processes, information or data are defined as important from a business perspective. Our team will work with your organization to ensure the Information Security strategy satisfies the organization’s regulatory compliance requirements and the business stance or position on security.

Information Security Governance

governanceInformation Security governance is the process of establishing and maintaining a framework to provide assurance that information security plans are aligned with and support business objectives. Our team will work with your organization to establish a proper governance structure and framework that not only supports the business objectives but also one that adheres with applicable laws and regulations through adherence to policies and internal controls, and provide assignment of responsibility, all in an effort to manage risk.

The key security governance areas are:

  1. Govern the operations of the organization and protect its critical assets
  2. Govern the conduct of employees (educational and other policies that may apply to use of technology resources, data handling, etc.)
  3. Protect the reputation of the organization
  4. Ensure security and privacy compliance requirements are met to safeguard a national and international customer base

The view on the characteristics of effective security governance

  1. It is an institution-wide issue
  2. Leaders are accountable
  3. It is viewed as an institutional requirement (cost of doing business)
  4. It is risk-based
  5. Roles, responsibilities and segregation of duties are defined
  6. It is addressed and enforced in policy
  7. Adequate resources are committed
  8. Staff are aware and trained
  9. Information Security is addressed in the technology and application development life cycle
  10. It is planned, managed, measureable and measured
  11. It is reviewed and audited