the importance of information security management in crisis prevention in the company
DESCRIPTION
Presentation from conference in Karvina, Czech Republic, May 2010TRANSCRIPT
dr Sławomir Wawak, 2010dr Sławomir Wawak, 2010
The importance of information The importance of information security management in crisis security management in crisis
prevention in the companyprevention in the company
dr Sławomir Wawak, 2010dr Sławomir Wawak, 2010
22
Information security management systemInformation security management systempart of management system, based on a business risk approach, to establish, implement, operate, monitor, review, maintain and improve information security
helps to improve managementinformation system (MIS)
compatible with ISO 9001
provides tools helpful incrises prevention
Riskanalysis
Controlsdevelopment
Feedbackand
analyses
Workperformance
Improvement
Scope and policydefinition
Information securitymanagement system
dr Sławomir Wawak, 2010dr Sławomir Wawak, 2010
33
ISMS control areasISMS control areas
Information systems deve-lopment and maintenance
Communication andoperations management
Business continuitymanagement
Human resourcessecurity
Physical and environmental security
Compliance
Assets management Access control
Organization ofinformation security
Security policy
Strategic level
Operational level
Organizational areas Technical/computer areas
Source: Saint-Germain R., Information Security Management Best Practice Based on ISO/IEC 17799, “The Information Management Journal” 2005, July/August
dr Sławomir Wawak, 2010dr Sławomir Wawak, 2010
44
Tools of ISMS in crises preventionTools of ISMS in crises preventionmanagement review
gathering of information, comparisons and discussion provides better understanding of company situationenables more accurate problems detection
corrective actionsnon-compliance and incidents causes removalreduces adverse effects of incidents
preventive actionsprevents incidents and non-compliance
dr Sławomir Wawak, 2010dr Sławomir Wawak, 2010
55
Tools of ISMS in crises preventionTools of ISMS in crises preventionincident management
provides information on incidents and problemsincreases workers’ awareness an sensitivity to problems
risk assessmentprovides information about risksenables organisation to risk mitigation
risk treatment planscontain procedures for dealing with crisis situationallow to reduce impact of crisis triggers
dr Sławomir Wawak, 2010dr Sławomir Wawak, 2010
66
Tools of ISMS in crises preventionTools of ISMS in crises preventioncompliance metrics
allow monitoring of the system allow early detection of problems
internal auditcomprehensive monitoring toolidentifies problems in the systemidentifies opportunities to improve information system
and its security
dr Sławomir Wawak, 2010dr Sławomir Wawak, 2010
77
SummarySummaryISMS supports crisis preventionthrough:
improvement of information systemeffective monitoring systemsystematic risk assessmentsimple but powerful management toolstop management engagement
dr Sławomir Wawak, 2010dr Sławomir Wawak, 2010
88
Encyclopedia of ManagementEncyclopedia of ManagementGreat management articles databaseOver 3000 articles in Polish, over 180 in English
100% free GNU FDL licence
http://mfiles.pl