The document discusses governance frameworks for managing corporate information security. It describes drivers for security governance like legislation and risk mitigation. Several frameworks are mentioned, including ISO27001, AS133, and ISF best practices. Adopting a governance framework provides advantages like not needing to reinvent processes and having auditable best practices. The impact of internal and external influences on information is explored. Leading security governance frameworks and relevant legislation are also summarized.

1. W IKEPEDI A Governance makes decisions that define expectations, grant power , or verify performance . It consists either of a separate process or of a specific part of management or leadership processes. Security Governance as a model for the management of corporate information Security Risk Management Australasia 2007

2. Drivers sox, basel II, national legislation, IT accountability, risk mitigation Derivatives IT management framework, provisioning framework, information security framework Direction unified management systems standards PAS99 & other initiatives Security Governance as a model for the management of corporate information Security Risk Management Australasia 2007 IT governance

3. Security Governance as a model for the management of corporate information Security Risk Management Australasia 2007 advantages of a governance framework? No reinvention required Excellent signposting tool Encapsulates best practices Knowledge sharing Auditable

4. Security Governance as a model for the management of corporate information Security Risk Management Australasia 2007 Management cycle from 4 different governance frameworks Governance frameworks

5. Security Governance as a model for the management of corporate information Security Risk Management Australasia 2007 The impact of governance on information

6. Security Governance as a model for the management of corporate information Security Risk Management Australasia 2007 The impact of internal & external influences on information

7. Security Governance as a model for the management of corporate information Security Risk Management Australasia 2007 The impact of internal & external influences on information

8. Security Governance as a model for the management of corporate information Taken from the ISO Guide 72 on justification and drafting of management system standards, http://www.tc176.org/PDF/News_Articles/2002/2002_7.pdf Security Risk Management Australasia 2007

9. ISO/IEC27001 ACSI33 ISF – Best Practices ISM3 Security Governance as a model for the management of corporate information Security Risk Management Australasia 2007 Some leading frameworks

10. Cybercrime Act 2001 Information Confidentiality Telecommunications act 1997 Tax act 1999 Security Governance as a model for the management of corporate information Security Risk Management Australasia 2007 Legislation

11. Governance & the advantages of a framework We discussed the various IT governance frameworks and the commonalities between frameworks We then looked at information security and the different types of Information security governance frameworks available and the impact standards and legislation had on corporate information Security Governance as a model for the management of corporate information Security Risk Management Australasia 2007 Summary

12. Questions? Security Governance as a model for the management of corporate information Security Risk Management Australasia 2007