ITSM的PPT--forum-guldentops.pptVIP

Benchmark Domains Security strength Message confidentiality Message integrity Information classification access rules System and software assurance Identity verification Single sign-on Network access control Good Practice Security policy, procedures standards Business risk assessment Business continuity planning Security architecture Security audit Security marketing Security administration Usability of the security system Security of the development process Trusted third party infrastructure Cryptographic key management Page * eg07/02 A case of best practice in IT security governance from the financial world Erik Guldentops, New York, 10 July 2002 IT Security Governance IT Value Delivery Stakeholder Value Drivers Performance Measurement Risk Management IT Strategic Alignment “control” “direct” erik.guldentops@itgi.org Value Delivery Stakeholder Value Drivers Performance Measurement Risk Management Strategic Alignment Value Drivers system reliability service trust information confidentiality financial responsibility and liability systemic risk reputation while extending connectivity, ease of implementation and ease of use being leader in secure financial communications What goes in ? IT Security Governance Value Delivery Stakeholder Value Drivers Performance Measurement Risk Management Strategic Alignment Reporting Security Audits Status of recommendations Strategy Strategy implementation Risk identification Status of risk mitigation Policy Compliance What comes out ? IT Security Governance Value Delivery Stakeholder Value Drivers Performance Measurement Risk Management Strategic Alignment audit closure strategy implementation risk mitigation policy compliance risk security policy major risk issues security audit reports security assurance approach security strategy direction security strategy implementation audit planning What happens inside ? IT Security Governance Strategy Develop and implement Progress reporting Assurance Approach Reporting a