Download - Compliance vs Continuous improvement
![Page 1: Compliance vs Continuous improvement](https://reader033.vdocuments.us/reader033/viewer/2022061223/54c55f324a7959b0658b4575/html5/thumbnails/1.jpg)
Zenobia Consulting
Compliance vs Continuous Improvement
Vicente Aceituno, October 2012
1
![Page 2: Compliance vs Continuous improvement](https://reader033.vdocuments.us/reader033/viewer/2022061223/54c55f324a7959b0658b4575/html5/thumbnails/2.jpg)
Zenobia Consulting
Semmelweis
2
![Page 3: Compliance vs Continuous improvement](https://reader033.vdocuments.us/reader033/viewer/2022061223/54c55f324a7959b0658b4575/html5/thumbnails/3.jpg)
Zenobia Consulting
Semmelweis
3
![Page 4: Compliance vs Continuous improvement](https://reader033.vdocuments.us/reader033/viewer/2022061223/54c55f324a7959b0658b4575/html5/thumbnails/4.jpg)
Zenobia Consulting
ComplianceContinuous ImprovementSecurity Objectives
4
![Page 5: Compliance vs Continuous improvement](https://reader033.vdocuments.us/reader033/viewer/2022061223/54c55f324a7959b0658b4575/html5/thumbnails/5.jpg)
Zenobia Consulting
•Represents Best Practices.
5
Compliance Advantages
![Page 6: Compliance vs Continuous improvement](https://reader033.vdocuments.us/reader033/viewer/2022061223/54c55f324a7959b0658b4575/html5/thumbnails/6.jpg)
Zenobia Consulting
•Easy to justify «It is what you are supposed to do».
6
Compliance Advantages
![Page 7: Compliance vs Continuous improvement](https://reader033.vdocuments.us/reader033/viewer/2022061223/54c55f324a7959b0658b4575/html5/thumbnails/7.jpg)
Zenobia Consulting
•One size fits all: It doesn’t always meet the changing needs of the business.
7
Compliance Disadvantages
![Page 8: Compliance vs Continuous improvement](https://reader033.vdocuments.us/reader033/viewer/2022061223/54c55f324a7959b0658b4575/html5/thumbnails/8.jpg)
Zenobia Consulting
•The use of resources might be higher that necessary.
8
Compliance Disadvantages
![Page 9: Compliance vs Continuous improvement](https://reader033.vdocuments.us/reader033/viewer/2022061223/54c55f324a7959b0658b4575/html5/thumbnails/9.jpg)
Zenobia Consulting
•Slow improvement cycle• Between Audits• Between updates of the Standard.
9
Compliance Disadvantages
![Page 10: Compliance vs Continuous improvement](https://reader033.vdocuments.us/reader033/viewer/2022061223/54c55f324a7959b0658b4575/html5/thumbnails/10.jpg)
Zenobia Consulting
•It is difficult to turn business needs into security requirements using traditional concepts.•…but that doesn’t stop you from implementing compliance.
10
Continuous Improvement Disadvantages
![Page 11: Compliance vs Continuous improvement](https://reader033.vdocuments.us/reader033/viewer/2022061223/54c55f324a7959b0658b4575/html5/thumbnails/11.jpg)
Zenobia Consulting
•It is difficult to turn business needs into security requirements using traditional concepts.•…but that doesn’t stop you from implementing compliance.•…and that is why compliance is so popular.
11
Continuous Improvement Disadvantages
![Page 12: Compliance vs Continuous improvement](https://reader033.vdocuments.us/reader033/viewer/2022061223/54c55f324a7959b0658b4575/html5/thumbnails/12.jpg)
Zenobia Consulting
•It is a brake for innovation.
12
Compliance Disadvantages
![Page 13: Compliance vs Continuous improvement](https://reader033.vdocuments.us/reader033/viewer/2022061223/54c55f324a7959b0658b4575/html5/thumbnails/13.jpg)
Zenobia Consulting
Compliance For compliance you need:
• Perform Gap Analysis between what you do and what the standard says.
• Action plan to fill the gaps.
Incidents are seen as a failure…but management is not to blame….We are compliant!
Improvement comes through better compliance
![Page 14: Compliance vs Continuous improvement](https://reader033.vdocuments.us/reader033/viewer/2022061223/54c55f324a7959b0658b4575/html5/thumbnails/14.jpg)
Zenobia Consulting
ComplianceContinuous ImprovementSecurity Objectives
14
![Page 15: Compliance vs Continuous improvement](https://reader033.vdocuments.us/reader033/viewer/2022061223/54c55f324a7959b0658b4575/html5/thumbnails/15.jpg)
Zenobia Consulting
•You can still use Best Practices.
15
Continuous Improvement Advantages
![Page 16: Compliance vs Continuous improvement](https://reader033.vdocuments.us/reader033/viewer/2022061223/54c55f324a7959b0658b4575/html5/thumbnails/16.jpg)
Zenobia Consulting
•It meets the changing needs of the business.
16
Continuous Improvement Advantages
![Page 17: Compliance vs Continuous improvement](https://reader033.vdocuments.us/reader033/viewer/2022061223/54c55f324a7959b0658b4575/html5/thumbnails/17.jpg)
Zenobia Consulting
•It uses an appropiate amount of resources.
17
Continuous Improvement Advantages
![Page 18: Compliance vs Continuous improvement](https://reader033.vdocuments.us/reader033/viewer/2022061223/54c55f324a7959b0658b4575/html5/thumbnails/18.jpg)
Zenobia Consulting
•Fast improvement cycle:• Between Follow-up reports.
18
Continuous Improvement Advantages
![Page 19: Compliance vs Continuous improvement](https://reader033.vdocuments.us/reader033/viewer/2022061223/54c55f324a7959b0658b4575/html5/thumbnails/19.jpg)
Zenobia Consulting
•It is difficult to turn business needs into security requirements using traditional concepts.
•…but there is a solution: O-ISM3 Security Objectives.
19
Continuous Improvement Disadvantages
![Page 20: Compliance vs Continuous improvement](https://reader033.vdocuments.us/reader033/viewer/2022061223/54c55f324a7959b0658b4575/html5/thumbnails/20.jpg)
Zenobia Consulting
•It requires a high level of maturity, including the use of metrics.
•…but there is a solution: O-ISM3 Metrics.
20
Continuous Improvement Disadvantages
![Page 21: Compliance vs Continuous improvement](https://reader033.vdocuments.us/reader033/viewer/2022061223/54c55f324a7959b0658b4575/html5/thumbnails/21.jpg)
Zenobia Consulting
Continuous Improvement For compliance you need:
• A thorough understanding for the security needs of the organization.
• A high level or maturity to deliver those needs.
Incidents are an opportunity for improvement. Management is to blame if improvements are not introduced.
Improvement comes through meeting the needs better or with fewer resources.
![Page 22: Compliance vs Continuous improvement](https://reader033.vdocuments.us/reader033/viewer/2022061223/54c55f324a7959b0658b4575/html5/thumbnails/22.jpg)
Zenobia Consulting
ComplianceContinuous ImprovementSecurity Objectives
22
![Page 23: Compliance vs Continuous improvement](https://reader033.vdocuments.us/reader033/viewer/2022061223/54c55f324a7959b0658b4575/html5/thumbnails/23.jpg)
Zenobia Consulting
Use of services and physical and logical access to repositories and systems is restricted to authorized users;
Access Control
![Page 24: Compliance vs Continuous improvement](https://reader033.vdocuments.us/reader033/viewer/2022061223/54c55f324a7959b0658b4575/html5/thumbnails/24.jpg)
Zenobia Consulting
Secrets (industrial, trade) are accessible to authorized users only;
Access Control
![Page 25: Compliance vs Continuous improvement](https://reader033.vdocuments.us/reader033/viewer/2022061223/54c55f324a7959b0658b4575/html5/thumbnails/25.jpg)
Zenobia Consulting
Personal information of clients and employees is accessible for a valid purpose to authorized users only, preserves their anonymity if necessary, and is held for no longer than required.
Access Control
![Page 26: Compliance vs Continuous improvement](https://reader033.vdocuments.us/reader033/viewer/2022061223/54c55f324a7959b0658b4575/html5/thumbnails/26.jpg)
Zenobia Consulting
Intellectual property (licensed, copyrighted, patented and trademarks) is accessible to authorized users only;
Third party services and repositories are appropriately licensed and accessible only to authorized users;
Access Control
![Page 27: Compliance vs Continuous improvement](https://reader033.vdocuments.us/reader033/viewer/2022061223/54c55f324a7959b0658b4575/html5/thumbnails/27.jpg)
Zenobia Consulting
Users are accountable for the repositories and messages they create or modify;
Users are accountable for their acceptance of contracts and agreements.
Users are accountable for their use of services.
Access Control
![Page 28: Compliance vs Continuous improvement](https://reader033.vdocuments.us/reader033/viewer/2022061223/54c55f324a7959b0658b4575/html5/thumbnails/28.jpg)
Zenobia Consulting
Accurate time and date is reflected in all records;
Access Control
![Page 29: Compliance vs Continuous improvement](https://reader033.vdocuments.us/reader033/viewer/2022061223/54c55f324a7959b0658b4575/html5/thumbnails/29.jpg)
Zenobia Consulting
Availability of repositories, services and channels exceeds Customer needs;
Reliability and performance of services and channels exceeds Customer needs;
Volatility of services and channels within Customer needs;
Priority Objectives
![Page 30: Compliance vs Continuous improvement](https://reader033.vdocuments.us/reader033/viewer/2022061223/54c55f324a7959b0658b4575/html5/thumbnails/30.jpg)
Zenobia Consulting
Repositories are retained at least as long as Customer requirements;
Expired or end of life-cycle repositories are permanently destroyed;
Durability Objectives
![Page 31: Compliance vs Continuous improvement](https://reader033.vdocuments.us/reader033/viewer/2022061223/54c55f324a7959b0658b4575/html5/thumbnails/31.jpg)
Zenobia Consulting
Precision, relevance (up-to-date), completeness and consistency of repositories exceeds Customer needs;
Quality Objectives
![Page 32: Compliance vs Continuous improvement](https://reader033.vdocuments.us/reader033/viewer/2022061223/54c55f324a7959b0658b4575/html5/thumbnails/32.jpg)
Zenobia Consulting
Technical Objectives
* Keep systems free of weaknesses.* Keep systems that need to be visible from not trusted systems the least visible possible.* Have systems run trusted services only.* Keep electricity, temperature and humidity within controlled limits.
Press Any Key to Continue
![Page 33: Compliance vs Continuous improvement](https://reader033.vdocuments.us/reader033/viewer/2022061223/54c55f324a7959b0658b4575/html5/thumbnails/33.jpg)
Zenobia Consulting
Learn to implement High Performance Security Management Processes http://cli.gs/ism3
Web www.inovement.esVideo Blog youtube.com/user/vaceitunoBlog ism3.comTwitter twitter.com/vaceitunoPresentationsslideshare.net/vaceituno/presentations
Articles slideshare.net/vaceituno/documents
![Page 34: Compliance vs Continuous improvement](https://reader033.vdocuments.us/reader033/viewer/2022061223/54c55f324a7959b0658b4575/html5/thumbnails/34.jpg)
Zenobia Consulting