• Like

CyberSecurity Program Reference Model

  • 3,547 views
Uploaded on

CyberSecurity Program Reference Model

CyberSecurity Program Reference Model

More in: Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
3,547
On Slideshare
0
From Embeds
0
Number of Embeds
8

Actions

Shares
Downloads
143
Comments
0
Likes
3

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. The CyberSecurity Program Reference Model helps new CyberSecurity Program development and implementation by outlining the necessary annual program activities. These CyberSecurity Program processes are briefly described on page 2. This information has been shared freely by Mark E.S. Bernard. If you find it useful please acknowledge this contribution. If you would like additional information or assistance with the customization and implementation of a balanced risk management process for your security program then please contact Mark @ 604-349-6557 or mesbernard@gmail.com
  • 2. This information has been shared freely by Mark E.S. Bernard. If you find it useful please acknowledge this contribution. If you would like additional information or assistance with the customization and implementation of a balanced risk management process for your security program then please contact Mark @ 604-349-6557 or mesbernard@gmail.com • Governance: During this process the security program is aligned with organizational goals and objectives by the leaders that are responsible for assets like information and resources like people. • Risk Management: During this process the security program threats and vulnerabilities are balanced against existing controls and decisions are made to add or remove risk mitigation controls based on the importance of assets. • Compliance Management: During this process the security program identifies legal obligations defined in statutes, regulations, contract sand maps them to the master control deck providing real-time, continuous evidence. • Vulnerability Management: During this process the security program identifies and mitigates known vulnerabilities. In addition, the VM process also examines Enterprise Architecture for unknown vulnerabilities and treats those vulnerabilities. • Communication Management: During this process the security program identifies opportunities to share security related information by creating appropriate communication pieces and carefully selecting and leveraging channels. • Awareness Training: During this process we share tools and techniques used to apply security to daily roles and responsibilities within the organization raising awareness and influencing employees to become more security consciousness. • Access and Identity: During this process the security program ensures that persons accessing the organizations information and systems can be positively identified and that they have access to the information and resources required to fulfill their roles and responsibilities. • Asset Management: During this process the security program ensures that assets are identified and registered so that risk management, vulnerability management, change management, configuration management and availability management can be effective. • Document Control: During this process the security program identifies and controls documentation that is crucial to produce consistent and reproducible results. • Records Management: During this process the security program identifies records that are crucial to produce evidence of conformity with standards and compliance with legal obligations. • Internal /External Auditing: During this process the security program provides assurance by verifying and validating that the security program is operating effectively and makes recommendations where appropriate and necessary for the continuous improvement of the program. • Monitoring and Reporting: During this process the security program identifies security events and incidents for follow up action . These events can range from systems faulting to attempts to access unauthorized information or system resources potentially leading to a breach of security and activation of the security incident response process or business continuity plans. The following descriptions overview the CyberSecurity Program processes. The tasks within each process are formally documented within policies, procedures and standards and become part of the document control and records management process. Details of these documents can be requested as needed.