SlideShare a Scribd company logo

IT Control Framework

Marc-Andre Heroux
Marc-Andre Heroux

Here are the core elements to consider while developing your IT Control Framework

Leadership & Management
1 of 1
Download to read offline
Cyber Governance Control Objective Statement - Controls provide reasonable assurance that the information system is adequately designed, implemented, administered and maintained by qualified I.T. personnel. Controls allow access to information based on clear and enforced policies to preserved integrity and protect informational resources and the network infrastructure from unauthorized access . Regulations (ex. PIPEDA, PCI DSS, SOX) Management Policy (ex. Information Protection) Example of statement we can find in this type of policy Statement: a subject or an object must only be granted access to Information he has the need to know/use according to its role or requirements (ex. Services). Adequate preventive, detective and corrective operational, management, technical and physical controls must be present, in good working order and verified periodically to ensure their effectiveness. Internal Requirements (ex. Business Continuity) Architecture According to the policy statement, a standard can be defined Process with role and responsibility (ex. employee, contractor, third party); Collaborate with IT Operation to develop standard practices; Objects accessing the organizational information system, internally and externally (ex. services); Network and security architecture (ex. segregation, zones); IT Security requirements to be followed by operation while implementing the control (ex. Detailed configuration of a solution). IT Control Framework Author: Marc-Andre Heroux Version 1.1 Date: 11/01/2016 Classified: public Document realized according to guidance from the following organizations: A control objective is a Governance statement setting the direction in regards to IT, security as well as other functions of the organization. They are mainly formulated according to internal requirements and regulations to comply with. Information Protection Policy Information protection policy is a document which expresses management direction and support for information security on the processing, storage and transmission of sensitive information. Main goal is to ensure information is adequately protected from modification or disclosure. **Recommended to be signed by every employee **Availability is usually under Business continuity management policy Procedures can describe step by step specific task to be executed (ex. firmware upgrade). Practices can describe how to conduct the operation, but are not step by step document such as procedures; it allows activities to be conducted in a similar way. Operation Implementation of a control according the architecture/standard defined IT Operation implement , operate, maintain and monitor the control.

Recommended

Information Assurance And Security - Chapter 2 - Lesson 1
Information Assurance And Security - Chapter 2 - Lesson 1Information Assurance And Security - Chapter 2 - Lesson 1
Information Assurance And Security - Chapter 2 - Lesson 1MLG College of Learning, Inc
 
Lesson 1 - Introduction
Lesson 1 - Introduction Lesson 1 - Introduction
Lesson 1 - Introduction MLG College of Learning, Inc
 
Information Assurance And Security - Chapter 1 - Lesson 1
Information Assurance And Security - Chapter 1 - Lesson 1Information Assurance And Security - Chapter 1 - Lesson 1
Information Assurance And Security - Chapter 1 - Lesson 1MLG College of Learning, Inc
 
Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2MLG College of Learning, Inc
 
Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4MLG College of Learning, Inc
 
Lesson 2
Lesson 2Lesson 2
Lesson 2MLG College of Learning, Inc
 
Lesson 3
Lesson 3Lesson 3
Lesson 3MLG College of Learning, Inc
 
Information Assurance And Security - Chapter 1 - Lesson 3
Information Assurance And Security - Chapter 1 - Lesson 3Information Assurance And Security - Chapter 1 - Lesson 3
Information Assurance And Security - Chapter 1 - Lesson 3MLG College of Learning, Inc
 

Recommended

Information Assurance And Security - Chapter 2 - Lesson 1
Information Assurance And Security - Chapter 2 - Lesson 1Information Assurance And Security - Chapter 2 - Lesson 1
Information Assurance And Security - Chapter 2 - Lesson 1MLG College of Learning, Inc
 
Lesson 1 - Introduction
Lesson 1 - Introduction Lesson 1 - Introduction
Lesson 1 - Introduction MLG College of Learning, Inc
 
Information Assurance And Security - Chapter 1 - Lesson 1
Information Assurance And Security - Chapter 1 - Lesson 1Information Assurance And Security - Chapter 1 - Lesson 1
Information Assurance And Security - Chapter 1 - Lesson 1MLG College of Learning, Inc
 
Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2MLG College of Learning, Inc
 
Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4MLG College of Learning, Inc
 
Lesson 2
Lesson 2Lesson 2
Lesson 2MLG College of Learning, Inc
 
Lesson 3
Lesson 3Lesson 3
Lesson 3MLG College of Learning, Inc
 
Information Assurance And Security - Chapter 1 - Lesson 3
Information Assurance And Security - Chapter 1 - Lesson 3Information Assurance And Security - Chapter 1 - Lesson 3
Information Assurance And Security - Chapter 1 - Lesson 3MLG College of Learning, Inc
 
Lesson 4
Lesson 4Lesson 4
Lesson 4MLG College of Learning, Inc
 
Lesson 2
Lesson 2Lesson 2
Lesson 2MLG College of Learning, Inc
 
Lesson 1 - Technical Controls
Lesson 1 - Technical ControlsLesson 1 - Technical Controls
Lesson 1 - Technical ControlsMLG College of Learning, Inc
 
Chapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.pptChapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.pptShruthi48
 
Information Security
Information Security Information Security
Information Security Alok Katiyar
 
Lesson 3
Lesson 3Lesson 3
Lesson 3MLG College of Learning, Inc
 
Introduction to information security - by Ivan Nganda
Introduction to information security - by Ivan NgandaIntroduction to information security - by Ivan Nganda
Introduction to information security - by Ivan NgandaSee You Rise Holdings
 
CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1Hamed Moghaddam
 
Network security policies
Network security policiesNetwork security policies
Network security policiesUsman Mukhtar
 
Lesson 2
Lesson 2Lesson 2
Lesson 2MLG College of Learning, Inc
 
Chapter 4 Risk Management.pptx
Chapter 4 Risk Management.pptxChapter 4 Risk Management.pptx
Chapter 4 Risk Management.pptxShruthi48
 
Lesson 2 Cryptography tools
Lesson 2 Cryptography toolsLesson 2 Cryptography tools
Lesson 2 Cryptography toolsMLG College of Learning, Inc
 
Lesson 3- Fair Approach
Lesson 3- Fair ApproachLesson 3- Fair Approach
Lesson 3- Fair ApproachMLG College of Learning, Inc
 
IT Governance Roles and Data Governance - Hernan Huwyler
IT Governance Roles and Data Governance - Hernan HuwylerIT Governance Roles and Data Governance - Hernan Huwyler
IT Governance Roles and Data Governance - Hernan HuwylerHernan Huwyler, MBA CPA
 
ISO_27001___2005_OASIS
ISO_27001___2005_OASISISO_27001___2005_OASIS
ISO_27001___2005_OASISDermot Clarke
 
Developing an Information Security Program
Developing an Information Security ProgramDeveloping an Information Security Program
Developing an Information Security ProgramShauna_Cox
 
Information security
Information securityInformation security
Information securitySanjay Tiwari
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practicesamiable_indian
 
Legal-Ethical-Professionalin-IS.pptx
Legal-Ethical-Professionalin-IS.pptxLegal-Ethical-Professionalin-IS.pptx
Legal-Ethical-Professionalin-IS.pptxShruthi48
 
Lesson 2
Lesson 2Lesson 2
Lesson 2MLG College of Learning, Inc
 
Protecting business interests with policies for it asset management it-tool...
Protecting business interests with policies for it asset management it-tool...Protecting business interests with policies for it asset management it-tool...
Protecting business interests with policies for it asset management it-tool...IT-Toolkits.org
 
Policy formation and enforcement.ppt
Policy formation and enforcement.pptPolicy formation and enforcement.ppt
Policy formation and enforcement.pptImXaib
 

More Related Content

What's hot

Chapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.pptChapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.pptShruthi48
 
Information Security
Information Security Information Security
Information Security Alok Katiyar
 
Introduction to information security - by Ivan Nganda
Introduction to information security - by Ivan NgandaIntroduction to information security - by Ivan Nganda
Introduction to information security - by Ivan NgandaSee You Rise Holdings
 
CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1Hamed Moghaddam
 
Network security policies
Network security policiesNetwork security policies
Network security policiesUsman Mukhtar
 
Chapter 4 Risk Management.pptx
Chapter 4 Risk Management.pptxChapter 4 Risk Management.pptx
Chapter 4 Risk Management.pptxShruthi48
 
IT Governance Roles and Data Governance - Hernan Huwyler
IT Governance Roles and Data Governance - Hernan HuwylerIT Governance Roles and Data Governance - Hernan Huwyler
IT Governance Roles and Data Governance - Hernan HuwylerHernan Huwyler, MBA CPA
 
ISO_27001___2005_OASIS
ISO_27001___2005_OASISISO_27001___2005_OASIS
ISO_27001___2005_OASISDermot Clarke
 
Developing an Information Security Program
Developing an Information Security ProgramDeveloping an Information Security Program
Developing an Information Security ProgramShauna_Cox
 
Information security
Information securityInformation security
Information securitySanjay Tiwari
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practicesamiable_indian
 
Legal-Ethical-Professionalin-IS.pptx
Legal-Ethical-Professionalin-IS.pptxLegal-Ethical-Professionalin-IS.pptx
Legal-Ethical-Professionalin-IS.pptxShruthi48
 

What's hot (20)

Lesson 4
Lesson 4Lesson 4
Lesson 4
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
Lesson 1 - Technical Controls
Lesson 1 - Technical ControlsLesson 1 - Technical Controls
Lesson 1 - Technical Controls
 
Chapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.pptChapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.ppt
 
Information Security
Information Security Information Security
Information Security
 
Lesson 3
Lesson 3Lesson 3
Lesson 3
 
Introduction to information security - by Ivan Nganda
Introduction to information security - by Ivan NgandaIntroduction to information security - by Ivan Nganda
Introduction to information security - by Ivan Nganda
 
CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1
 
Network security policies
Network security policiesNetwork security policies
Network security policies
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
Chapter 4 Risk Management.pptx
Chapter 4 Risk Management.pptxChapter 4 Risk Management.pptx
Chapter 4 Risk Management.pptx
 
Lesson 2 Cryptography tools
Lesson 2 Cryptography toolsLesson 2 Cryptography tools
Lesson 2 Cryptography tools
 
Lesson 3- Fair Approach
Lesson 3- Fair ApproachLesson 3- Fair Approach
Lesson 3- Fair Approach
 
IT Governance Roles and Data Governance - Hernan Huwyler
IT Governance Roles and Data Governance - Hernan HuwylerIT Governance Roles and Data Governance - Hernan Huwyler
IT Governance Roles and Data Governance - Hernan Huwyler
 
ISO_27001___2005_OASIS
ISO_27001___2005_OASISISO_27001___2005_OASIS
ISO_27001___2005_OASIS
 
Developing an Information Security Program
Developing an Information Security ProgramDeveloping an Information Security Program
Developing an Information Security Program
 
Information security
Information securityInformation security
Information security
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practices
 
Legal-Ethical-Professionalin-IS.pptx
Legal-Ethical-Professionalin-IS.pptxLegal-Ethical-Professionalin-IS.pptx
Legal-Ethical-Professionalin-IS.pptx
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 

Similar to IT Control Framework

Protecting business interests with policies for it asset management it-tool...
Protecting business interests with policies for it asset management it-tool...Protecting business interests with policies for it asset management it-tool...
Protecting business interests with policies for it asset management it-tool...IT-Toolkits.org
 
Policy formation and enforcement.ppt
Policy formation and enforcement.pptPolicy formation and enforcement.ppt
Policy formation and enforcement.pptImXaib
 
1chapter42BaseTech Principles of Computer Securit.docx
1chapter42BaseTech Principles of Computer Securit.docx1chapter42BaseTech Principles of Computer Securit.docx
1chapter42BaseTech Principles of Computer Securit.docxdurantheseldine
 
A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security ManagementMark Conway
 
Information security policy_2011
Information security policy_2011Information security policy_2011
Information security policy_2011codka
 
Information security policy_2011
Information security policy_2011Information security policy_2011
Information security policy_2011codka
 
Organizations rely heavily on the use of information technology (IT).docx
Organizations rely heavily on the use of information technology (IT).docxOrganizations rely heavily on the use of information technology (IT).docx
Organizations rely heavily on the use of information technology (IT).docxaman341480
 
11What is Security 1.1 Introduction The central role of co.docx
11What is Security 1.1 Introduction The central role of co.docx11What is Security 1.1 Introduction The central role of co.docx
11What is Security 1.1 Introduction The central role of co.docxmoggdede
 
Information Systems Security & Strategy
Information Systems Security & StrategyInformation Systems Security & Strategy
Information Systems Security & StrategyTony Hauxwell
 
Fundamentals of data security policy in i.t. management it-toolkits
Fundamentals of data security policy in i.t. management it-toolkitsFundamentals of data security policy in i.t. management it-toolkits
Fundamentals of data security policy in i.t. management it-toolkitsIT-Toolkits.org
 
Security management.pptx
Security management.pptxSecurity management.pptx
Security management.pptxAhmadUsman79
 
To meet the requirements for lab 10 you were to perform Part 1, S
To meet the requirements for lab 10 you were to perform Part 1, STo meet the requirements for lab 10 you were to perform Part 1, S
To meet the requirements for lab 10 you were to perform Part 1, STakishaPeck109
 
Security policy case study
Security policy case studySecurity policy case study
Security policy case studyashu6
 
Ise viii-information and network security [10 is835]-solution
Ise viii-information and network security [10 is835]-solutionIse viii-information and network security [10 is835]-solution
Ise viii-information and network security [10 is835]-solutionVivek Maurya
 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...abhichowdary16
 
A Practical Approach to Managing Information System Risk
A Practical Approach to Managing Information System RiskA Practical Approach to Managing Information System Risk
A Practical Approach to Managing Information System Riskamiable_indian
 
1.1 Data Security Presentation.pdf
1.1 Data Security Presentation.pdf1.1 Data Security Presentation.pdf
1.1 Data Security Presentation.pdfChunLei(peter) Che
 
Operationaland Organizational SecurityChapter 3Princ.docx
Operationaland Organizational SecurityChapter 3Princ.docxOperationaland Organizational SecurityChapter 3Princ.docx
Operationaland Organizational SecurityChapter 3Princ.docxamit657720
 

Similar to IT Control Framework (20)

Protecting business interests with policies for it asset management it-tool...
Protecting business interests with policies for it asset management it-tool...Protecting business interests with policies for it asset management it-tool...
Protecting business interests with policies for it asset management it-tool...
 
Policy formation and enforcement.ppt
Policy formation and enforcement.pptPolicy formation and enforcement.ppt
Policy formation and enforcement.ppt
 
Multi agents system service based platform in telecommunication security inci...
Multi agents system service based platform in telecommunication security inci...Multi agents system service based platform in telecommunication security inci...
Multi agents system service based platform in telecommunication security inci...
 
1chapter42BaseTech Principles of Computer Securit.docx
1chapter42BaseTech Principles of Computer Securit.docx1chapter42BaseTech Principles of Computer Securit.docx
1chapter42BaseTech Principles of Computer Securit.docx
 
A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security Management
 
Information security policy_2011
Information security policy_2011Information security policy_2011
Information security policy_2011
 
Information security policy_2011
Information security policy_2011Information security policy_2011
Information security policy_2011
 
Organizations rely heavily on the use of information technology (IT).docx
Organizations rely heavily on the use of information technology (IT).docxOrganizations rely heavily on the use of information technology (IT).docx
Organizations rely heavily on the use of information technology (IT).docx
 
11What is Security 1.1 Introduction The central role of co.docx
11What is Security 1.1 Introduction The central role of co.docx11What is Security 1.1 Introduction The central role of co.docx
11What is Security 1.1 Introduction The central role of co.docx
 
Information Systems Security & Strategy
Information Systems Security & StrategyInformation Systems Security & Strategy
Information Systems Security & Strategy
 
Ch06 Policy
Ch06 PolicyCh06 Policy
Ch06 Policy
 
Fundamentals of data security policy in i.t. management it-toolkits
Fundamentals of data security policy in i.t. management it-toolkitsFundamentals of data security policy in i.t. management it-toolkits
Fundamentals of data security policy in i.t. management it-toolkits
 
Security management.pptx
Security management.pptxSecurity management.pptx
Security management.pptx
 
To meet the requirements for lab 10 you were to perform Part 1, S
To meet the requirements for lab 10 you were to perform Part 1, STo meet the requirements for lab 10 you were to perform Part 1, S
To meet the requirements for lab 10 you were to perform Part 1, S
 
Security policy case study
Security policy case studySecurity policy case study
Security policy case study
 
Ise viii-information and network security [10 is835]-solution
Ise viii-information and network security [10 is835]-solutionIse viii-information and network security [10 is835]-solution
Ise viii-information and network security [10 is835]-solution
 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
 
A Practical Approach to Managing Information System Risk
A Practical Approach to Managing Information System RiskA Practical Approach to Managing Information System Risk
A Practical Approach to Managing Information System Risk
 
1.1 Data Security Presentation.pdf
1.1 Data Security Presentation.pdf1.1 Data Security Presentation.pdf
1.1 Data Security Presentation.pdf
 
Operationaland Organizational SecurityChapter 3Princ.docx
Operationaland Organizational SecurityChapter 3Princ.docxOperationaland Organizational SecurityChapter 3Princ.docx
Operationaland Organizational SecurityChapter 3Princ.docx
 

More from Marc-Andre Heroux

Enterprise Security Critical Security Functions version 1.0
Enterprise Security Critical Security Functions version 1.0Enterprise Security Critical Security Functions version 1.0
Enterprise Security Critical Security Functions version 1.0Marc-Andre Heroux
 
Monitoring your organization against threats - Critical System Control
Monitoring your organization against threats - Critical System ControlMonitoring your organization against threats - Critical System Control
Monitoring your organization against threats - Critical System ControlMarc-Andre Heroux
 
Frame - MAC Address Threats & Vulnerabilities
Frame - MAC Address Threats & VulnerabilitiesFrame - MAC Address Threats & Vulnerabilities
Frame - MAC Address Threats & VulnerabilitiesMarc-Andre Heroux
 
Modèle de sécurité organisationnelle
Modèle de sécurité organisationnelleModèle de sécurité organisationnelle
Modèle de sécurité organisationnelleMarc-Andre Heroux
 
Méthodologie - adoption d'une norme en 7 étapes
Méthodologie - adoption d'une norme en 7 étapesMéthodologie - adoption d'une norme en 7 étapes
Méthodologie - adoption d'une norme en 7 étapesMarc-Andre Heroux
 
BUSINESS MATURITY LIFE CYCLE
BUSINESS MATURITY LIFE CYCLEBUSINESS MATURITY LIFE CYCLE
BUSINESS MATURITY LIFE CYCLEMarc-Andre Heroux
 
Assurance compliance management system
Assurance compliance management systemAssurance compliance management system
Assurance compliance management systemMarc-Andre Heroux
 

More from Marc-Andre Heroux (9)

Linux encrypted container
Linux encrypted containerLinux encrypted container
Linux encrypted container
 
Enterprise Security Critical Security Functions version 1.0
Enterprise Security Critical Security Functions version 1.0Enterprise Security Critical Security Functions version 1.0
Enterprise Security Critical Security Functions version 1.0
 
Online Authentication
Online AuthenticationOnline Authentication
Online Authentication
 
Monitoring your organization against threats - Critical System Control
Monitoring your organization against threats - Critical System ControlMonitoring your organization against threats - Critical System Control
Monitoring your organization against threats - Critical System Control
 
Frame - MAC Address Threats & Vulnerabilities
Frame - MAC Address Threats & VulnerabilitiesFrame - MAC Address Threats & Vulnerabilities
Frame - MAC Address Threats & Vulnerabilities
 
Modèle de sécurité organisationnelle
Modèle de sécurité organisationnelleModèle de sécurité organisationnelle
Modèle de sécurité organisationnelle
 
Méthodologie - adoption d'une norme en 7 étapes
Méthodologie - adoption d'une norme en 7 étapesMéthodologie - adoption d'une norme en 7 étapes
Méthodologie - adoption d'une norme en 7 étapes
 
BUSINESS MATURITY LIFE CYCLE
BUSINESS MATURITY LIFE CYCLEBUSINESS MATURITY LIFE CYCLE
BUSINESS MATURITY LIFE CYCLE
 
Assurance compliance management system
Assurance compliance management systemAssurance compliance management system
Assurance compliance management system
 

Recently uploaded

internship thesis pakistan aeronautical complex kamra
internship thesis pakistan aeronautical complex kamrainternship thesis pakistan aeronautical complex kamra
internship thesis pakistan aeronautical complex kamraAllTops
 
International Ocean Transportation p.pdf
International Ocean Transportation p.pdfInternational Ocean Transportation p.pdf
International Ocean Transportation p.pdfAlejandromexEspino
 
W.H.Bender Quote 62 - Always strive to be a Hospitality Service professional
W.H.Bender Quote 62 - Always strive to be a Hospitality Service professionalW.H.Bender Quote 62 - Always strive to be a Hospitality Service professional
W.H.Bender Quote 62 - Always strive to be a Hospitality Service professionalWilliam (Bill) H. Bender, FCSI
 
Gautam Buddh Nagar Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Gautam Buddh Nagar Call Girls 🥰 8617370543 Service Offer VIP Hot ModelGautam Buddh Nagar Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Gautam Buddh Nagar Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNitya salvi
 
Information Technology Project Management, Revised 7th edition test bank.docx
Information Technology Project Management, Revised 7th edition test bank.docxInformation Technology Project Management, Revised 7th edition test bank.docx
Information Technology Project Management, Revised 7th edition test bank.docxssuserf63bd7
 
The Psychology Of Motivation - Richard Brown
The Psychology Of Motivation - Richard BrownThe Psychology Of Motivation - Richard Brown
The Psychology Of Motivation - Richard BrownSandaliGurusinghe2
 
digital Human resource management presentation.pdf
digital Human resource management presentation.pdfdigital Human resource management presentation.pdf
digital Human resource management presentation.pdfArtiSrivastava23
 
Safety T fire missions army field Artillery
Safety T fire missions army field ArtillerySafety T fire missions army field Artillery
Safety T fire missions army field ArtilleryKennethSwanberg
 
Siliguri Escorts Service Girl ^ 9332606886, WhatsApp Anytime Siliguri
Siliguri Escorts Service Girl ^ 9332606886, WhatsApp Anytime SiliguriSiliguri Escorts Service Girl ^ 9332606886, WhatsApp Anytime Siliguri
Siliguri Escorts Service Girl ^ 9332606886, WhatsApp Anytime Siligurimeghakumariji156
 
Beyond the Codes_Repositioning towards sustainable development
Beyond the Codes_Repositioning towards sustainable developmentBeyond the Codes_Repositioning towards sustainable development
Beyond the Codes_Repositioning towards sustainable developmentNimot Muili
 
Marketing Management 16th edition by Philip Kotler test bank.docx
Marketing Management 16th edition by Philip Kotler test bank.docxMarketing Management 16th edition by Philip Kotler test bank.docx
Marketing Management 16th edition by Philip Kotler test bank.docxssuserf63bd7
 
How Software Developers Destroy Business Value.pptx
How Software Developers Destroy Business Value.pptxHow Software Developers Destroy Business Value.pptx
How Software Developers Destroy Business Value.pptxAaron Stannard
 
Persuasive and Communication is the art of negotiation.
Persuasive and Communication is the art of negotiation.Persuasive and Communication is the art of negotiation.
Persuasive and Communication is the art of negotiation.aruny7087
 

Recently uploaded (14)

internship thesis pakistan aeronautical complex kamra
internship thesis pakistan aeronautical complex kamrainternship thesis pakistan aeronautical complex kamra
internship thesis pakistan aeronautical complex kamra
 
International Ocean Transportation p.pdf
International Ocean Transportation p.pdfInternational Ocean Transportation p.pdf
International Ocean Transportation p.pdf
 
W.H.Bender Quote 62 - Always strive to be a Hospitality Service professional
W.H.Bender Quote 62 - Always strive to be a Hospitality Service professionalW.H.Bender Quote 62 - Always strive to be a Hospitality Service professional
W.H.Bender Quote 62 - Always strive to be a Hospitality Service professional
 
Gautam Buddh Nagar Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Gautam Buddh Nagar Call Girls 🥰 8617370543 Service Offer VIP Hot ModelGautam Buddh Nagar Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Gautam Buddh Nagar Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Information Technology Project Management, Revised 7th edition test bank.docx
Information Technology Project Management, Revised 7th edition test bank.docxInformation Technology Project Management, Revised 7th edition test bank.docx
Information Technology Project Management, Revised 7th edition test bank.docx
 
The Psychology Of Motivation - Richard Brown
The Psychology Of Motivation - Richard BrownThe Psychology Of Motivation - Richard Brown
The Psychology Of Motivation - Richard Brown
 
digital Human resource management presentation.pdf
digital Human resource management presentation.pdfdigital Human resource management presentation.pdf
digital Human resource management presentation.pdf
 
Safety T fire missions army field Artillery
Safety T fire missions army field ArtillerySafety T fire missions army field Artillery
Safety T fire missions army field Artillery
 
Siliguri Escorts Service Girl ^ 9332606886, WhatsApp Anytime Siliguri
Siliguri Escorts Service Girl ^ 9332606886, WhatsApp Anytime SiliguriSiliguri Escorts Service Girl ^ 9332606886, WhatsApp Anytime Siliguri
Siliguri Escorts Service Girl ^ 9332606886, WhatsApp Anytime Siliguri
 
Abortion pills in Jeddah |• +966572737505 ] GET CYTOTEC
Abortion pills in Jeddah |• +966572737505 ] GET CYTOTECAbortion pills in Jeddah |• +966572737505 ] GET CYTOTEC
Abortion pills in Jeddah |• +966572737505 ] GET CYTOTEC
 
Beyond the Codes_Repositioning towards sustainable development
Beyond the Codes_Repositioning towards sustainable developmentBeyond the Codes_Repositioning towards sustainable development
Beyond the Codes_Repositioning towards sustainable development
 
Marketing Management 16th edition by Philip Kotler test bank.docx
Marketing Management 16th edition by Philip Kotler test bank.docxMarketing Management 16th edition by Philip Kotler test bank.docx
Marketing Management 16th edition by Philip Kotler test bank.docx
 
How Software Developers Destroy Business Value.pptx
How Software Developers Destroy Business Value.pptxHow Software Developers Destroy Business Value.pptx
How Software Developers Destroy Business Value.pptx
 
Persuasive and Communication is the art of negotiation.
Persuasive and Communication is the art of negotiation.Persuasive and Communication is the art of negotiation.
Persuasive and Communication is the art of negotiation.
 

IT Control Framework

  • 1. Cyber Governance Control Objective Statement - Controls provide reasonable assurance that the information system is adequately designed, implemented, administered and maintained by qualified I.T. personnel. Controls allow access to information based on clear and enforced policies to preserved integrity and protect informational resources and the network infrastructure from unauthorized access . Regulations (ex. PIPEDA, PCI DSS, SOX) Management Policy (ex. Information Protection) Example of statement we can find in this type of policy Statement: a subject or an object must only be granted access to Information he has the need to know/use according to its role or requirements (ex. Services). Adequate preventive, detective and corrective operational, management, technical and physical controls must be present, in good working order and verified periodically to ensure their effectiveness. Internal Requirements (ex. Business Continuity) Architecture According to the policy statement, a standard can be defined Process with role and responsibility (ex. employee, contractor, third party); Collaborate with IT Operation to develop standard practices; Objects accessing the organizational information system, internally and externally (ex. services); Network and security architecture (ex. segregation, zones); IT Security requirements to be followed by operation while implementing the control (ex. Detailed configuration of a solution). IT Control Framework Author: Marc-Andre Heroux Version 1.1 Date: 11/01/2016 Classified: public Document realized according to guidance from the following organizations: A control objective is a Governance statement setting the direction in regards to IT, security as well as other functions of the organization. They are mainly formulated according to internal requirements and regulations to comply with. Information Protection Policy Information protection policy is a document which expresses management direction and support for information security on the processing, storage and transmission of sensitive information. Main goal is to ensure information is adequately protected from modification or disclosure. **Recommended to be signed by every employee **Availability is usually under Business continuity management policy Procedures can describe step by step specific task to be executed (ex. firmware upgrade). Practices can describe how to conduct the operation, but are not step by step document such as procedures; it allows activities to be conducted in a similar way. Operation Implementation of a control according the architecture/standard defined IT Operation implement , operate, maintain and monitor the control.