You are here: silicon.com > Resources > White Papers > Security > Security Administration > Security Standards

Security Standards White Papers

Information Security Governance: Guidance for Board of Directors and Executive Management

Overview The growth and success of nearly all enterprises rely on harnessing information technology (IT) for secure, profitable use. All enterprises benefit from an integrated and comprehensive approach to risk management, security and control.

As organisations continue to take advantage of the opportunities available through global networking, and need to comply with existing or new security laws and regulations, difficult decisions arise about how much money to invest in IT security and control. Enterprises must consider the best ways to offer flexibility to customers and trading partners, yet ensure security of critical information and systems for all its users.

While executive management has the responsibility to consider and respond to these issues, boards of directors will increasingly be expected to make information security an intrinsic part of governance, preferably integrated with the processes they have in place to govern IT.

In this regard, governing boards and executive management should review:
Â• The scale and cost of the current and future investments in information
Â• The potential for technologies to dramatically change organisations and business practices, create new opportunities, and reduce costs

They should also consider the associated ramifications:
Â• The increasing dependence on information and the systems and communications that deliver the information
Â• The dependence on entities beyond the direct control of the enterprise
Â• The impact on reputation and enterprise value resulting from IT failures

To exercise effective enterprise and IT governance, boards of directors and executive management must have a clear understanding of what to expect from their enterpriseÂ’s information security programme. They need to know how to implement an effective information security programme, how to evaluate their own status with regard to the security programme in place and how to decide what securit

Further White Paper Details
Publisher	International Systems Audit & Control Association & Foundation	File Format	PDF
Date Published	January 2001	Downloads	1
Format	White Papers
Topics	Security Standards, Security Management

Did you find this white paper useful? 3 out of 4 users found this white paper useful

NAC 2.0: A new model for a more secure future

Publisher:
Sophos

Reducing Total Cost of Security Ownership

Publisher:
SonicWALL

Take a holistic approach to business-driven security

Publisher:
IBM

Symantec Control Compliance Suite (CCS) 9.0 Sneak Peek

Publisher:
Symantec

Extending PCI Compliance to the Mobile Workforce

Publisher:
Fiberlink Communications

Kumar leaves CA altogether

Like Tyco, Enron and other companies that have captured headlines for financial irregularities, Computer Associates has hired outside directors to augment oversight of corporate governance. Computer Associates said it continues to comply with...

CIO Jury: Tech or exec - which makes the best CIO?

If CIO's or IT Directors aspire to executive board positions, they must be business leaders first, and functional heads second," he said. He said many IT failures are down to accountants posing as IT specialists "in order to supplement their CVs".

Channel:
CIO Jury

IT consulting: Compliance both complex and costly

More than ever, companies needing to comply with industry regulations have to ensure the consultants they hire are also compliant. The data controller is obliged to ensure that some sort of contract is in place obliging the data processor to comply...

Quocirca's Straight Talking: Coping with email overload

One area where many vendors have convinced themselves they will find traction is in helping their customers to comply with the recent raft of regulations introduced by governments at the industry, national and regional levels.

Time running out for Sarbanes-Oxley compliance

The law requires affected businesses to comply by the end of their respective financial year after 15 July, 2006. A lot of time is spent defining the policies and processes, before going into the use of technology and getting people to understand...

What price compliance?

Before any technology investments are made, companies need to perform an assessment of which regulations affect their business, as well as taking into account future regulations that are on the horizon, and what the provisions of those regulations...

Virtualisation: Architectual Considerations and other Evaluation Criteria

In the past several years, server virtualisation technology has moved quickly and firmly into the IT mainstream. Of the many approaches to system virtualisation available in the market today, VMware's hypervisor architecture has gained the greatest market acceptance. This paper examines the architectural issues, solution support, and enterprise readiness required when deploying such a virtualisation solution.

Publisher:
EMC

Getting Started with Master Data Management

Master data management forms part of an overall enterprise governance program that aims to establish trusted data throughout the enterprise. This white paper from Mike Ferguson of Intelligent Business Strategies defines master data, examines why it is needed, and explores methodologies for implementing master data management.

Publisher:
DataFlux

Optimising Storage with Global File Virtualisation

This white paper will provide an overview on how Rainfinity Global File Virtualisation virtualises unstructured data environments and moves data -including active, open files-without disruption to users or applications. Rainfinity is the only enterprise-class file virtualisation solution, and delivers complete NAS optimisation across geterogeneous environments, such as NAS, CAS, and file servers.

Publisher:
EMC

Also on silicon.com

Site Navigation:

Security Standards White Papers

Information Security Governance: Guidance for Board of Directors and Executive Management

Quick Sitemap Links:

About Us

Search

Blogs

Verticals

Advertising Features

CNET Networks in Europe

CNET Networks in the United States

CNET Networks in Asia Pacific