Transcript of "The importance of information security management in crisis prevention in the company"
The importance of informationsecurity management in crisis prevention in the company dr Sławomir Wawak, 2010
Information security management systempart of management system, based on a business riskapproach, to establish, implement, operate, monitor,review, maintain and improve information securityhelps to improve managementinformation system (MIS) Scope and policy definition Improvementcompatible with ISO 9001 Risk analysisprovides tools helpful in Information security management systemcrises prevention Feedback and analyses Controls development Work performance 2 dr Sławomir Wawak, 2010
Strategic levelISMS control areas Security policy Organization of information security Assets management Access control Compliance Human resources Physical and security environmental security Information systems deve- Communication and Business continuity lopment and maintenance operations management management Operational levelSource: Saint-Germain R., Information Security Management Best Practice Based onISO/IEC 17799, “The Information Management Journal” 2005, July/August 3 Organizational areas Technical/computer areas dr Sławomir Wawak, 2010
Tools of ISMS in crises preventionmanagement review gathering of information, comparisons and discussion provides better understanding of company situation enables more accurate problems detectioncorrective actions non-compliance and incidents causes removal reduces adverse effects of incidentspreventive actions prevents incidents and non-compliance 4 dr Sławomir Wawak, 2010
Tools of ISMS in crises preventionincident management provides information on incidents and problems increases workers’ awareness an sensitivity to problemsrisk assessment provides information about risks enables organisation to risk mitigationrisk treatment plans contain procedures for dealing with crisis situation allow to reduce impact of crisis triggers 5 dr Sławomir Wawak, 2010
Tools of ISMS in crises preventioncompliance metrics allow monitoring of the system allow early detection of problemsinternal audit comprehensive monitoring tool identifies problems in the system identifies opportunities to improve information system and its security 6 dr Sławomir Wawak, 2010
SummaryISMS supports crisis preventionthrough: improvement of information system effective monitoring system systematic risk assessment simple but powerful management tools top management engagement 7 dr Sławomir Wawak, 2010
Encyclopedia of ManagementGreat management articles databaseOver 3000 articles in Polish, over 180 in English100% freeGNU FDL licencehttp://mfiles.pl 8 dr Sławomir Wawak, 2010
A particular slide catching your eye?
Clipping is a handy way to collect important slides you want to go back to later.