---

Security Governance & Compliance

Content Leader: Ismael Valenzuela - Last Updated: December 29, 2006

---

General information

Security is more than a technology issue. For information security to be properly addressed and implemented a clear understanding of business processes, business requirements, risks and risk-management alternatives is required. Therefore, Security Governance and Compliance services place special emphasis on providing an enterprise-wide approach for managing the process of protecting corporate information and information systems in accordance with standards, laws, regulations and business requirements.

That approach is based on a three step process:

1. A security assessment to identify the current exposure to security risks.
2. An in-depth gap analysis to measure the existent security posture against industry standards, best practices and regulatory compliance.
3. An implementation plan to effectively mitigate risks and provide a foundation for a corporate-wide security framework.

Resources

• Articles, Papers & Presentations

• Security Strategy

• Implementing Enterprise Security: A Case Study -- Part 1
• Implementing Enterprise Security: A Case Study -- Part 2
• Information Security Governance: Guidance for Boards of Directors and Executive Management
• Focus on Resiliency: A Process Oriented Approach to Security

• Risk Management

• Risk Analysis for HIPPA Compliancy

• Policy Development

• Developing Effective Security Policies
• 6 Myths about Security Policies: Write Policies that Work in the Real World

• Business Continuity Planning

• Coming soon...

• Standards: ISO 27001:2005, HIPAA, SOX, Basel II

• ISO 27001 Introductory Briefing
• What to do after BS 7799 (ISO 27001) certification
• The evolution of BS7799 to ISO27001 and ISMS certifications
• Compliance with Sarbanes-Oxley & COBIT 4.0 Controls Whitepaper

• Best practices: ISO 17799, ISO 18043, ITIL, COBIT

• ISO 17799:2005 cheklist by SANS
• Aligning COBIT, ITIL and ISO 17799 for Business Benefit
• HIPAA to 17799 crosswalk
• Mapping ISO/IEC 17799:2000 With COBIT
• An Introductory Resource Guide for Implementing the HIPAA Security Rule
• Cómo ITIL puede mejorar la seguridad de su información - Infosecurity Iberia 2006 - Spanish
• ISO 18043 - Selection, Deployment and Operations of Intrusion Detection Systems

• Data Protection

• Coming soon...

• Benchmarking and Balanced Score Card

• Coming soon...

• Books

• Security Awareness

• Security Awareness: Best Practices to Secure Your Enterprise - eBook

• ISMS, ISO 17799 and ISO 27001:2005

• Are You Ready for an ISMS audit based on BS ISO/IEC 27001?
• IT Governance, a managers’ guide to data security and BS 7799 / ISO 17799
• Information security based on ISO 27001 / ISO 17799 - a Management Guide
• Implementing Information Security based on ISO 27001 / ISO 17799 - a Management Guide

• Internet Links

• ISMS, ISO 27001:2005 and other ISO publications

• The ISMS International User Group
• Information on ISO 17799 and ISO 27001 from Angelica Plate, one of those involved in developing the standards
• You can purchase ISO Standards and publications directly from ISO Store

• Compliance

• IT Compliance Institute
• OMG Regulatory Compliance Alliance
• Privacy International
• OCEG - Governance, Risk Management and Compliance

• Mailing Lists

• ISO 27001 implementers’ discussion forum
• BS 7799/ISO 17799 Security Focus mailing list

• Online Magazines

• Security Managament Magazine
• CSO Magazine