| Publisher | International Systems Audit & Control Association & Foundation | ||
|---|---|---|---|
| Format | 244.0KB PDF | Date added | 01 Jan 2001 |
| Topics | Security Standards, Security Management | ||
| Downloads | 168 | ||
The growth and success of nearly all enterprises rely on harnessing information technology (IT) for secure, profitable use. All enterprises benefit from an integrated and comprehensive approach to risk management, security and control.
As organisations continue to take advantage of the opportunities available
through global networking, and need to comply with existing or new security
laws and regulations, difficult decisions arise about how much money to
invest in IT security and control. Enterprises must consider the best ways to
offer flexibility to customers and trading partners, yet ensure security of critical
information and systems for all its users.
While executive management has the responsibility to consider and
respond to these issues, boards of directors will increasingly be expected
to make information security an intrinsic part of governance, preferably
integrated with the processes they have in place to govern IT.
In this regard, governing boards and executive management should review:
• The scale and cost of the current and future investments in information
• The potential for technologies to dramatically change organisations and
business practices, create new opportunities, and reduce costs
They should also consider the associated ramifications:
• The increasing dependence on information and the systems and
communications that deliver the information
• The dependence on entities beyond the direct control of the enterprise
• The impact on reputation and enterprise value resulting from IT failures
To exercise effective enterprise and IT governance, boards of directors and
executive management must have a clear understanding of what to expect
from their enterprise’s information security programme. They need to know
how to implement an effective information security programme, how to evaluate
their own status with regard to the security programme in place and how
to decide
Did you find this white paper useful?
27 out of 50 users found this white paper useful
Related white papers
Achieving compliance with GSi Code Of Connection (CoCo)
In November 2005, The Government published 'Transformational Government - Enabled by Technology' which documents the steps necessary to achieve effective delivery of technology for Government. To develop the necessary trust...
Messagelabs - IT Security Threats of Today and Tommorrow Webcast Supporting Doc
This document supports th silicon.com webcast which discusses some of the security threats to IT systems that organisations have to face on a daily basis - and what do about...
Botnets and your Business
This MessageLabs White Paper looks at the botnet threat and how it has evolved into a serious danger to business. It also gives a snapshot of botnet activity based on...
MessageLabs - The Dark Art of Spam
Quite simply, MessageLabs anti-spam solution provides businesses with the quality of protection they urgently need if they are to stay a step ahead of the spammers - and the increasingly...
Maximising site vistors trust using extended validation SSL
Web business faces a crisis in confidence. Trust in site security is decling, resulting in consumers scaling back on web transactions or just opting out altogether. This white paper address...
What every E-buisness should know about SSL security and customer trust
Fear of fraud is well founded, Gartner reports nearly 2 million Americans were victims of fraud over the internet during a recent 12 month period. Gaining the trust of online...
Compliance with Data Handling Procedures in UK Government
The UK Data Handling Procedures in Government Report set out clear and mandatory procedures to be followed by all government employees that have access to and responsibility for citizen data....
