Click here to load reader
Upload
itservconsulting
View
215
Download
0
Embed Size (px)
Citation preview
8/9/2019 Nine Steps to a Successful Information Security Strategy
http://slidepdf.com/reader/full/nine-steps-to-a-successful-information-security-strategy 1/2
Salman Akorede www.infosecurityauditcoaching.com/sq 1
NINE STEPS TO A SUCCESSFUL INFORMATION SECURITY STRATEGY
Security strategy refers to the overall plan to effectively identify and manage risks.
Why a Security Strategy?
Security strategy provides a roadmap to management for effective management of its risks. It is a systematicapproach to proactively anticipating a risk occurrence and implementing appropriate counter measures toeffectively mitigate the risk.
What is Risk ?
R isk is the probability of occurrence of an uncertain event that could have a negative impact on the business.
An information security strategy requires:
a. A definition of organizations information security goals to successfully support its specific businessoperations, financial, strategic and compliance objectives.
b. An evaluation of the organizations business environment to identify internal and external risk factors
that may negatively impact its business success.c. A compilation of the organizations entire risk universe and analysis to identify those with the highest
impact or rather identify areas of highest risk exposures.d. A consideration of alternative best practice risk management approaches for the high risk areas.e. An evaluation of existing practices to determine control activities gap.f. An implementation of benchmark controls to effectively remediate or mitigate risks.g. Periodic reviews to ensure continuous effectiveness of controls.h. Timely remediation and re-evaluation of identified control weaknesses.i. Setting metrics for evaluating continuous effectiveness of control actions.
In order to ensure appropriate coverage of the above requirements, an information security strategy mustintegrate all existing business practices operational, financial, personnel, technological, strategic and statutoryrequirements in order to ensure their effective optimization of processes and results towards the success of theorganizations overall business objectives.
Following is a suggested roadmap summarized into nine phases as a guide to the successful development of aninformation security strategy.
The Nine Steps Roadmap
1. Plan and Scope
2. Perform R isk Assessment
3. Identify Significant Accounts and Controls
4. Document Controls Design
5. Evaluate Controls Design
8/9/2019 Nine Steps to a Successful Information Security Strategy
http://slidepdf.com/reader/full/nine-steps-to-a-successful-information-security-strategy 2/2
Salman Akorede www.infosecurityauditcoaching.com/sq 2
6. Evaluate Operational Effectiveness
7. Identify and R emediate Deficiencies
8. Document Processes and R esults
9. Build Sustainability
To ensure the success of an information security strategy, respective organizations must effectively identify,characterize, establish ownership, analyze and continuously manage its risks to meet its specific needs on anongoing basis.
Salman Akorede is an information risk management consultant. www.infosecurityauditcoaching.com/sq ,