ISO/IEC 27000 – Information Security Management Toolkit Instant Access Here About ISO/IEC 27000: ISO/IEC 27000:2009 provides an overview of information security management systems, which form the subject of the information security management system (ISMS) family of standards, and defines related terms. As a result of implementing ISO/IEC 27000:2009, all types of organization (e.g. commercial enterprises, [...]
{ 0 comments }
Information security is more important than ever before. Globalization of the economy leads to a growing exchange of information between organizations (their employees, customers and suppliers) and a growing use of networks, such as the internal company network, connection with the networks of other companies and the Internet. Instant Access HERE Furthermore, activities of many [...]
{ 0 comments }
The execution of Access Management activities is normally triggered by: * Service Requests, taken by the Service Desk or submitted using automated and self help mechanisms * Requests from Human Resources personnel * Direct requests from department managers * Request for Changes (RFCs) involving modification of access rights * Requests for enabling restricted access to [...]
{ 0 comments }
Access Management’s primary objective is to provide capabilities for the granting of authorized users the right to use a service while preventing access to non-authorized users. In doing so, it helps to protect the confidentiality, integrity and availability (CIA) of the organization’s services, assets, facilities and information. In practice, Access Management is the operational enforcement [...]
{ 0 comments }
Service Level Management Considerations * SLR – detailed requirements that constitute the design criteria to be met e.g. secure, clear uninterrupted voice, real time video, accessible for novice users etc. * SLA structure – decision made to develop multi-level structure (based on decision of service level package used, as well as offering greater security and [...]
{ 0 comments }
Information Security Manager Responsibilities: * Manage the entire security process * Consult with senior management to agree on the Information Security Policy and gain support. Skills: Strategic, public relations, tactical. Security Officers Responsibilities: * Day to day operational duties to protect security levels * Advise staff on security policy & measures. Skills: Analytical, eye for [...]
{ 0 comments }
The set of security controls should be designed to support and enforce the Information Security Policy and to minimize all recognized and potential threats. The controls will be considerably more cost effective if included within the design of all services. This ensures continued protection of all existing services and that new services are accessed in [...]
{ 0 comments }
The activities of Information Security Management are involved in multiple phases of the Service Lifecycle, including the: * Development and maintenance of the Information Security Policy * Communication, implementation and enforcement of the security policies * Assessment and classification of all information assets and documentation * Implementation and continual review of appropriate security controls * [...]
{ 0 comments }
The ISMS contains the standards, management procedures and guidelines that support the Information Security Management policies. Using this in conjunction to an overall framework for managing security will help to ensure that the Four Ps of People, Process, Products, and Partners are considered as to the requirements for security and control. As a guide, standards [...]
{ 0 comments }
A consistent set of policies and supporting documents should be developed to define the organization’s approach to security, which is supported by all levels of management in the organization. These policies should be made available to customers and users, and their compliance should be referred to in all SLRs, SLAs, contracts and agreements. The policies [...]
{ 0 comments }
To align IT security with business security and ensure that information security is effectively managed in all service and IT Service Management activities. Security objectives are met when: * Information is available and usable when required, and the systems that provide it can appropriate resist attacks and recover from or prevent failures (availability) * Information [...]
{ 0 comments }
The processes included with the Service Design lifecycle phase are: Service Level Management Capacity Management Availability Management IT Service Continuity Management Information Security Management Supplier Management Service Catalog Management. It is important to note that many of the activities from these processes will occur in other lifecycle phases, especially Service Operation. Additionally, Service Level Management [...]
{ 0 comments }
Ignoring public frameworks and standards can needlessly place an organization at a disadvantage. Organizations should seek to cultivate their own proprietary knowledge on top of a body of knowledge developed from using public frameworks and standards. Public frameworks (ITIL®, COBIT, CMMI etc.): Frameworks are scaled and adapted by the organization when implemented, rather than following [...]
{ 0 comments }
The security management procedure of ITIL or Information Technology Infrastructure Library uses the information security management based from the…
{ 0 comments }
The security management procedure of ITIL or Information Technology Infrastructure Library uses the information security management based from the…
{ 0 comments }
Latest Products