The CyberSecurity Program must be built on a solid proven and tested control
framework with international acceptance. The ...
Upcoming SlideShare
Loading in …5
×

CyberSecurity Program Mandatory and Discretionary Control Points

1,109 views

Published on

CyberSecurity Program Mandatory and Discretionary Control Points

Published in: Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,109
On SlideShare
0
From Embeds
0
Number of Embeds
9
Actions
Shares
0
Downloads
39
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

CyberSecurity Program Mandatory and Discretionary Control Points

  1. 1. The CyberSecurity Program must be built on a solid proven and tested control framework with international acceptance. The information security standard framework of choice would be ISO/IEC 27001:2013. This framework has been used by many countries to create regulations and statutes designed to protect information assets. This is a benchmark set of security controls that can be added to depending on the nature of the business and its risk exposure. The standard has two sets of controls, one considered to be mandatory outlined in ISO/IEC 27001:2013 provides the overarching management system. The second set of controls can be risk justified in or out of scope for the CyberSecurity Program. These controls are outlined in Annex ‘A’. More details describing these control points are available is supplementary standard documents like ISO/IEC 27002:2013. Below I have provided a high-level summary of each section and the total control points. These control points are important to identify as each one has been designed to mitigate a specific known risk that is common within all business environments that utilize technology to process and safeguard information. This information has been shared freely by Mark E.S. Bernard. If you find it useful please acknowledge this contribution. If you would like additional information or assistance with the customization and implementation of a balanced risk management process for your security program then please contact Mark @ 604-349-6557 or mesbernard@gmail.com

×