Advertisement
Promo

Security threats Toolkit

Download now

Information Security Governance: Guidance for Board of Directors and Executive Management

PublisherInternational Systems Audit & Control Association & Foundation
Format244.0KB PDFDate added01 Jan 2001
Topics Security Standards, Security Management
Downloads168

The growth and success of nearly all enterprises rely on harnessing information technology (IT) for secure, profitable use. All enterprises benefit from an integrated and comprehensive approach to risk management, security and control.

As organisations continue to take advantage of the opportunities available through global networking, and need to comply with existing or new security laws and regulations, difficult decisions arise about how much money to invest in IT security and control. Enterprises must consider the best ways to offer flexibility to customers and trading partners, yet ensure security of critical information and systems for all its users.

While executive management has the responsibility to consider and respond to these issues, boards of directors will increasingly be expected to make information security an intrinsic part of governance, preferably integrated with the processes they have in place to govern IT.

In this regard, governing boards and executive management should review:
• The scale and cost of the current and future investments in information
• The potential for technologies to dramatically change organisations and business practices, create new opportunities, and reduce costs

They should also consider the associated ramifications:
• The increasing dependence on information and the systems and communications that deliver the information
• The dependence on entities beyond the direct control of the enterprise
• The impact on reputation and enterprise value resulting from IT failures

To exercise effective enterprise and IT governance, boards of directors and executive management must have a clear understanding of what to expect from their enterprise’s information security programme. They need to know how to implement an effective information security programme, how to evaluate their own status with regard to the security programme in place and how to decide

Download now

Did you find this white paper useful?
27 out of 50 users found this white paper useful


  • Trackback
  • Clip Link

Related white papers

Achieving compliance with GSi Code Of Connection (CoCo)

In November 2005, The Government published 'Transformational Government - Enabled by Technology' which documents the steps necessary to achieve effective delivery of technology for Government. To develop the necessary trust...


Messagelabs - IT Security Threats of Today and Tommorrow Webcast Supporting Doc

This document supports th silicon.com webcast which discusses some of the security threats to IT systems that organisations have to face on a daily basis - and what do about...


Botnets and your Business

This MessageLabs White Paper looks at the botnet threat and how it has evolved into a serious danger to business. It also gives a snapshot of botnet activity based on...


MessageLabs - The Dark Art of Spam

Quite simply, MessageLabs anti-spam solution provides businesses with the quality of protection they urgently need if they are to stay a step ahead of the spammers - and the increasingly...


Maximising site vistors trust using extended validation SSL

Web business faces a crisis in confidence. Trust in site security is decling, resulting in consumers scaling back on web transactions or just opting out altogether. This white paper address...


What every E-buisness should know about SSL security and customer trust

Fear of fraud is well founded, Gartner reports nearly 2 million Americans were victims of fraud over the internet during a recent 12 month period. Gaining the trust of online...


Compliance with Data Handling Procedures in UK Government

The UK Data Handling Procedures in Government Report set out clear and mandatory procedures to be followed by all government employees that have access to and responsibility for citizen data....


Broadband Deals? Powered by Top 10 Broadband

150+ broadband packages

Compare 30+ mobile broadband deals

Mobile Broadband »
White Paper

Featured White Paper

Technical Description: IBMXIV Storage System

The IBMXIV® Storage System offers a new level of high-end disk system performance and reliability. It is a core component of theIBMInformation Infrastructure which helps clients address their needs for availability, security, compliance and retention of information. The XIVsystem provides consistency under all conditions, immunity to hotspots, ...

Download Now

Other White Papers

Best Practices for Translating Customer Satisfaction into Revenue

Today's support organisations are focused on two top-level metrics: financial results and customer...

Data Quality Considerations for a Master Data Management Structure

Companies acquiring companies. Human Resources sharing information with Finance. Businesses...

See All White Papers


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

Newsletters