SBIC Enterprise Information Security Strategic Technologies
The Business Of Information Security V2.0
1. The Business of Information Security: Theo Nassiokas APAC regional head of IT risk, audit & regulatory – Investment banking sector 2006 National Executive Chair – Australian Information Security Association (AISA) Version 2.0 Information Security 2010 Regulatory, business and cultural alignment is critical
7. Who are the stakeholders? Security Convergence Physical IT Legal, Regulatory Industry codes IP Data Protection Act (UK) Sarbanes Oxley S302, 404, 409 USA PATRIOT Act ISO 27001 California Senate Bill 1386 BCP failure Phishing Cyber crime Basel II ISO 27002 Virus incidents Physical Theft Of Info Unauthorised Software Usage System Access Control License Breach Staff screening Checks Outsourced Service Provider Control Information Access Control Network domain access Unauthorised Physical access Targeted Attack – Mass Extinction Event Privacy laws
Methodology: From April 25 to May 7, 2006 a total of 1,037 surveys were completed in the U.S. and 1,203 in Europe (UK 235; France 238; Germany 242; Spain 245; Italy 243). The statistical confidence interval for the U.S. and the European results is plus or minus 3% at a 95% level of significance.
Methodology: From April 25 to May 7, 2006 a total of 1,037 surveys were completed in the U.S. and 1,203 in Europe (UK 235; France 238; Germany 242; Spain 245; Italy 243). The statistical confidence interval for the U.S. and the European results is plus or minus 3% at a 95% level of significance.
Methodology: From April 25 to May 7, 2006 a total of 1,037 surveys were completed in the U.S. and 1,203 in Europe (UK 235; France 238; Germany 242; Spain 245; Italy 243). The statistical confidence interval for the U.S. and the European results is plus or minus 3% at a 95% level of significance.
As mentioned earlier, Security Governance has emerged to become a key component of Corporate Governance. Googling “security governance” returns 39,000 hits (@July 31 2005). The number of hits that are not a subset of IT Governance a far fewer. On the first 10 pages of Google hits, less that 10 of these was non-IT centric Security Governance.
Let’s consider the Trade Practices Act 1974 (Cth)… Sec. 74 – Warranties Implied in the Provision of a Service, requires certain warranties to be in place, e.g. When money is deposited into a bank branch, and the branch is held up by an armed robber, the money is not debited from customer accounts. However, in a hypothetical situation where an internet banking account is compromised, although money stolen could be replaced, how are identities replaced, where the customer’s name and address are stolen from the compromised account?
Let’s consider the Trade Practices Act 1974 (Cth)… Sec. 74 – Warranties Implied in the Provision of a Service, requires certain warranties to be in place, e.g. When money is deposited into a bank branch, and the branch is held up by an armed robber, the money is not debited from customer accounts. However, in a hypothetical situation where an internet banking account is compromised, although money stolen could be replaced, how are identities replaced, where the customer’s name and address are stolen from the compromised account?
Building stakeholder relationships to leverage synergies Vision, mission and strategy formation, planning and implementation that is aligned to business objectives Security capabilities developed in the context of business need to provide a clear value proposition
Raising Your Return on Innovation Investment By Alexander Kandybin and Martin Kihn 5/11/04 Each company has an intrinsic innovation effectiveness curve. Here are three ways to lift it. Pillar One: Understand Your Innovation Effectiveness Curve Pillar Two: Master the Entire Innovation Value Chain Pillar Three: Don’t Do It All Yourself
Raising Your Return on Innovation Investment By Alexander Kandybin and Martin Kihn 5/11/04 Each company has an intrinsic innovation effectiveness curve. Here are three ways to lift it. Pillar One: Understand Your Innovation Effectiveness Curve Pillar Two: Master the Entire Innovation Value Chain Pillar Three: Don’t Do It All Yourself