Security Governance & Compliance
Content Leader: Ismael Valenzuela - Last Updated: December 29, 2006
General information
Security is more than a technology issue. For information security to be properly addressed and implemented a clear understanding of business processes, business requirements, risks and risk-management alternatives is required. Therefore, Security Governance and Compliance services place special emphasis on providing an enterprise-wide approach for managing the process of protecting corporate information and information systems in accordance with standards, laws, regulations and business requirements.
That approach is based on a three step process:
-
A security assessment to identify the current exposure to security risks.
-
An in-depth gap analysis to measure the existent security posture against industry standards, best practices and regulatory compliance.
-
An implementation plan to effectively mitigate risks and provide a foundation for a corporate-wide security framework.
Resources
-
Articles, Papers & Presentations
-
-
-
-
-
-
-
Business Continuity Planning
-
-
Standards: ISO 27001:2005, HIPAA, SOX, Basel II
-
-
Best practices: ISO 17799, ISO 18043, ITIL, COBIT
-
-
-
-
Benchmarking and Balanced Score Card
-
-
-
-
ISMS, ISO 17799 and ISO 27001:2005
-
-
ISMS, ISO 27001:2005 and other ISO publications
-
-
-
-
-