Documentos de Académico
Documentos de Profesional
Documentos de Cultura
Information accessible only to those authorised Safeguarding accuracy/completeness of information & processing methods Ensuring authorised users can access information and associated assets when required Confidentiality and integrity of information relating to individuals Ability to verify that information is used correctly and that security measures are effective Confidentiality Integrity
Objectives Terminology
Compliance with privacy legislation/insurance policies/SLAs To create a secure environment regardless of external requirements
Availability
Privacy
Benefits
Higher availability of Information Increased quality information going outside the business
Verifiability Is security aspect of services covered in the SLAs? Do SLAs, OLAs & UCs have necessary security aspects covered?
Notification of security breaches/concerns Security Policy and guidance Reports of security breach incidents Security Policy and guidance Notification of resolution of security problems and known errors Security Policy and guidance RFCs for security evaluation RFCs Release notification Security Policy and guidance classification of CIs by availability, integrity and confidentiality Security Policy and guidance SLAs, OLAs, UCs & Service Catalogue Security Policy cosiderations for service specifications Capacity reporting and planning Security Policy and guidance Availability reporting and planning Security Policy and guidance ITSCM Planning awareness & training Security Policy Actual costs of security measures Estimnted costs of security measures
In Out In Out In Out In Out In Out In Out In Out In Out In Out In Out In Out Financial Management IT Service Continuity Management Availability Management Capacity Management Service Level Management Configuration Management Release Management Change Management Problem Management Incident Management Service Desk
KPIs
Is there improvement in Security levels? Are actual Security Levels measured? Is perception of IT organisation improving?
Roles
Security Manager Input to SLAs Plan Input to OLAs Input to UCs Policy Statements Training & awareness Classification & Registration Implement Personnel Security Physical Security IT Infrastructure security Incident handling Internal Audits Evaluate External Audits Self Assessments Security Incidents Maintenance Reporting (see metrics)
Security Management
Activities Relationships
Control
Problems
Risks of security issues caused by human errors not commonly known Lack of security measure verification Security aspect of changes not considered Lack of security awareness in organisation