document hierarchy of information security corporate
play

Document Hierarchy of Information Security Corporate Security - PowerPoint PPT Presentation

Oct 09, 2022 •258 likes •355 views

Document Hierarchy of Information Security Corporate Security Policy Policy General commitment to Information Security General commitment to Information Security Installation of CorpSec Enabling CSO Installing Information Security Standard

  1. Document Hierarchy of Information Security Corporate Security Policy Policy General commitment to Information Security General commitment to Information Security Installation of CorpSec Enabling CSO Installing Information Security Standard Defining Assets, Objectives & Information Controls Controls Security Standard Security Standard For Information Security Detailed Implementation Detailed Implementation Technique, Processes, General Directive(s) Procedures, etc Specific Directive(s)

  2. I SMS Structure Overview • ISMS = Information Security Management System. • It consists of 3 types of documents, structured in 3 tiers. • Tier 1: Information Security Policy, general statement about information security, enabling security organisation, requires information security standard. • Tier 2: Information Security Standard, defining objectives and controls for information security, giving guidance for implementation. Consists of 15 chapters one for each main realm of information security chapters, one for each main realm of information security. • Tier 3: Information Security Directives, giving more detailed implementation guidance for certain areas.

  3. I nform ation Security Policy • High level document • Only abstract goals for information security • Defines security organisation and it’s duties • Defines the “corner pillars” • “Orders” a security standard document based on ISO 27002 • Defines security as a innate part of bwin’s business

  4. I nform ation Security Standard • Based on ISO 27002 • Adapted to the special needs of bwin • 15 chapters Introduction Scope Terms and definitions Structure of this standard Risk assessment and treatment Risk assessment and treatment Security policy Organisation of information security Asset management Human resources security Physical and environmental security Communications and operations management Access control Information systems acquisition, development and maintenance Information security incident management Business continuity management Compliance Compliance • Defining objectives and controls for information security based on international regulations and best practices • Leaving the decision to management not to implement and take the risk L i th d i i t t t t i l t d t k th i k

  5. Security Directives • Information Classification & Handling Defines templates and procedures for classification if information in the 3 dimensions, confidentiality, integrity and availability • Risk Management Defines how Risk management has to be done at bwin g • Directive on Worldwide Security Organization Internal organisation of CorpSec • Asset Management Defining assets, responsibility for assets, documentation, … • HR Directive Describing what HR has to consider when hiring personal and external resources • Physical & Environmental Directive Directive to handle premises of bwin, physical security, entry control, doors, windows, … • Access Control Directive Security directive for IT operations, defining operations management, logging, administration rules, … • System Acquisition / Development & Maintenance Directive • System Acquisition / Development & Maintenance Directive Security rules for architecture, software development and procurement of systems and software • Security Incident Management Directive How to log and report security events • Business Continuity Directive Rules to define and run required availability in IT and to handle critical services on failure q y • Audit Directive How to deal with internal and external auditors, provide correct data and evidence • Users Directiveto Information Security Rules for the users of bwin’s IT infrastructure • Privacy Protection Directive

  6. Principles for Security Directives • Derived from Information Security Standard or a more abstract Directive • Dedicated the a special task, region or audience • Only needed if Standard is not adequate or specific enough • Examples: • General HR Security Directive • General HR Security Directive • HR Security Directive for Austria/ Sveden/ … • General Security Directive for Data Centres • Security Directive for Data Centre A • Security Directive for Data Centres in USA • Security Directive for Webserver • Security Directive for IIS/ Apache/ …

  7. ToDos 1. CEOs sign and publish Corporate Security Policy 2. Workshops with Business Responsibles about their chapters (C-lvl, Head- Ofs) (Oliver Eckel) Ofs) (Oliver Eckel) 3. Release of accorded Information Security Standard by CSO 4. 4 Workshop with Business Experts about detailed Directives (MK+ CG) Workshop with Business Experts about detailed Directives (MK+ CG) 5. Gap Analysis 6 6. Budget and time estimation Budget and time estimation 7. Implementation considering priority

  8. Thank You Thank You

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

1 Basic use of caches Levels in the memory hierarchy When fetching an instruction, first

1 Basic use of caches Levels in the memory hierarchy When fetching an instruction, first

Memory Hierarchy Goal of a memory hierarchy Memory: hierarchy of components of various speeds and Keep close to the ALU the information that will be needed capacities now and in the near future Memory closest to ALU is fastest but

56 views • 5 slides
Corporate Presentation November 2015 Disclaimer The information contained in this document (the

Corporate Presentation November 2015 Disclaimer The information contained in this document (the

Corporate Presentation November 2015 Disclaimer The information contained in this document (the Corporate Presentation) has been prepared by Jersey Oil and Gas Plc (JOG) . JOG is a UK company quoted on AIM, a market operated by London

345 views • 20 slides
CORPORATE PRESENTATION MARCH 2020 PTX CSE FORWARD LOOKING INFORMATION This document has

CORPORATE PRESENTATION MARCH 2020 PTX CSE FORWARD LOOKING INFORMATION This document has

CORPORATE PRESENTATION MARCH 2020 PTX CSE FORWARD LOOKING INFORMATION This document has been prepared by Platinex Inc. and should be read in conjunction with the final listing application to the TSX Venture Exchange (2005) and Canadian

367 views • 19 slides
Corporate Presentation June 2018 Disclaimer This document and the information contained herein

Corporate Presentation June 2018 Disclaimer This document and the information contained herein

Corporate Presentation June 2018 Disclaimer This document and the information contained herein have been prepared solely for the purpose of providing general information about Life Settlement Assets PLC (the " Company ") and its

452 views • 26 slides
FY20 Corporate Presentation Disclaimer The content and information of this document is only

FY20 Corporate Presentation Disclaimer The content and information of this document is only

FY20 Corporate Presentation Disclaimer The content and information of this document is only intended to provide users with financial and operational information about Jazeera Airways. No warrant or representation is made by Jazeera Airways for

756 views • 48 slides
Corporate Presentation 2019 Disclaimer The content and information of this document is only

Corporate Presentation 2019 Disclaimer The content and information of this document is only

Corporate Presentation 2019 Disclaimer The content and information of this document is only intended to provide users with financial and operational information about Jazeera Airways. No warrant or representation is made by Jazeera Airways for

705 views • 41 slides
CORPORATE PRESENTATION JULY 2019 DISCLAIMER The information contained in this document is

CORPORATE PRESENTATION JULY 2019 DISCLAIMER The information contained in this document is

GRUPO TRAXION CORPORATE PRESENTATION JULY 2019 DISCLAIMER The information contained in this document is strictly confidential and is subject to the provisions established in the Securities Market Law regarding the obligations of confidentiality

505 views • 17 slides
CORPORATE PRESENTATION March 2016 DISCLAIMER This document is for information purposes only

CORPORATE PRESENTATION March 2016 DISCLAIMER This document is for information purposes only

CORPORATE PRESENTATION March 2016 DISCLAIMER This document is for information purposes only without any binding effect; in case of any inaccuracies, incompleteness or inconsistency with other documents, only the Companys latest issued annual

607 views • 35 slides
CORPORATE PRESENTATION May 2016 This document and the information therein are the property of

CORPORATE PRESENTATION May 2016 This document and the information therein are the property of

CORPORATE PRESENTATION May 2016 This document and the information therein are the property of Safran. They must not be copied or communicated to a third party without the prior written authorization of Safran SAFRAN, a leading international

637 views • 25 slides
Annual General Meeting November 2019 Corporate Presentation DISCLAIMER This document is for

Annual General Meeting November 2019 Corporate Presentation DISCLAIMER This document is for

Annual General Meeting November 2019 Corporate Presentation DISCLAIMER This document is for information purposes only. It is not a prospectus, disclosure document or offering document under Australian law or under any other law and does not

408 views • 25 slides
Security 101 Definition of Information Security Information security is the protection of

Security 101 Definition of Information Security Information security is the protection of

Computing Services Information Security Office Security 101 Definition of Information Security Information security is the protection of information and systems from unauthorized access, disclosure, modification, destruction or disruption. The

469 views • 22 slides
CORPORATE OVERVIEW October 8, 2019 Information contained in this document is strictly

CORPORATE OVERVIEW October 8, 2019 Information contained in this document is strictly

CORPORATE OVERVIEW October 8, 2019 Information contained in this document is strictly confidential 1 CAUTIONARY STATEMENTS This presentation (Presentation), and the information contained herein, is not for release, distribution or

453 views • 31 slides
Corporate Presentation Sep 2019 June 2018 July 2020 Disclaimer This document and the

Corporate Presentation Sep 2019 June 2018 July 2020 Disclaimer This document and the

Corporate Presentation Sep 2019 June 2018 July 2020 Disclaimer This document and the information contained herein have been prepared solely for the purpose of providing general information about Life Settlement Assets PLC (the " Company

641 views • 25 slides
CORPORATE PRESENTATION May 2020 Disclaimer Forward-Looking Statements This document contains

CORPORATE PRESENTATION May 2020 Disclaimer Forward-Looking Statements This document contains

CORPORATE PRESENTATION May 2020 Disclaimer Forward-Looking Statements This document contains forward-looking statements and factual information that are current as of the date the document was originally created. Riverside Resources Inc.

533 views • 24 slides
CORPORATE SECURITY IMPROVED SECURITY FOR THE MID-MARKET 1 SYNERGIES ACROSS SEGMENTS Privacy

CORPORATE SECURITY IMPROVED SECURITY FOR THE MID-MARKET 1 SYNERGIES ACROSS SEGMENTS Privacy

Jens Thonke, EVP, Cyber Security Services Jyrki Rosenberg, EVP, Corporate Cyber Security CORPORATE SECURITY IMPROVED SECURITY FOR THE MID-MARKET 1 SYNERGIES ACROSS SEGMENTS Privacy Family Connected home 2 F-Secure Capital Markets Day 2017

736 views • 19 slides
Corporate Presentation Diggers & Dealers, 2018 This document is for information purposes

Corporate Presentation Diggers & Dealers, 2018 This document is for information purposes

TSX-V: NVO / OTCQX: NSRPF Corporate Presentation Diggers & Dealers, 2018 This document is for information purposes only and is not an offer to sell, nor a solicitation of an offer August 8, 2018 to purchase, any securities. It does not

892 views • 31 slides
CS 5412: LECTURE 6 Ken Birman TIMESTAMPED DATA Spring, 2019

CS 5412: LECTURE 6 Ken Birman TIMESTAMPED DATA Spring, 2019

CS 5412: LECTURE 6 Ken Birman TIMESTAMPED DATA Spring, 2019 HTTP://WWW.CS.CORNELL.EDU/COURSES/CS5412/2019SP 1 TODAY: DRILL DOWN ON TIME Last time we discussed time more as an active aspect of a coordinated system (one of a few dimensions in

611 views • 42 slides
FY 2019 Q2 Earnings Call May 7, 2019 Agenda TransDigm Overview and Highlights Nick Howley

FY 2019 Q2 Earnings Call May 7, 2019 Agenda TransDigm Overview and Highlights Nick Howley

FY 2019 Q2 Earnings Call May 7, 2019 Agenda TransDigm Overview and Highlights Nick Howley Executive Chairman Operating Performance, Market Review, Kevin Stein Outlook and Esterline Integration President and CEO Financial Results

504 views • 21 slides
Fourth Quarter 2016 Earnings Call February 9, 2017 Dis iscla laim imers Non on-GAAP P

Fourth Quarter 2016 Earnings Call February 9, 2017 Dis iscla laim imers Non on-GAAP P

Fourth Quarter 2016 Earnings Call February 9, 2017 Dis iscla laim imers Non on-GAAP P Fina nancial Mea easures To supplement Bats consolidated financial statements prepared in accordance with accounting principles generally accepted

291 views • 25 slides
Nomura Conference New York - 23 May 2012 LexisNexis Risk Solutions Jim Peck CEO, LexisNexis

Nomura Conference New York - 23 May 2012 LexisNexis Risk Solutions Jim Peck CEO, LexisNexis

Nomura Conference New York - 23 May 2012 LexisNexis Risk Solutions Jim Peck CEO, LexisNexis Risk Solutions Bill Madison CEO, Insurance Solutions FORWARD LOOKING STATEMENTS This presentation contains forward-looking statements within the

294 views • 7 slides
The New Security Frontier: Threat Hunting, Augmented Intelligence, and Automated Response

The New Security Frontier: Threat Hunting, Augmented Intelligence, and Automated Response

The New Security Frontier: Threat Hunting, Augmented Intelligence, and Automated Response Michael Melore, CISSP IBM Cyber Security Advisor @MichaelMelore June 2018 May 2018 May 2018 Threat Hunting Workflow Cognitive Advanced Analytics

443 views • 15 slides
Policy Based Security Management for IPSec Luis A. Sanchez August 25, 1998 Page 1 Page 1

Policy Based Security Management for IPSec Luis A. Sanchez August 25, 1998 Page 1 Page 1

Policy Based Security Management for IPSec Luis A. Sanchez August 25, 1998 Page 1 Page 1 Outline Problems Requirements A Solution Next Step Page 2 Page 2 Problems Need a common security policy specification language

201 views • 6 slides
How to set up a CSIRT in an ITIL driven organization Christian Proschinger Raiffeisen Informatik

How to set up a CSIRT in an ITIL driven organization Christian Proschinger Raiffeisen Informatik

How to set up a CSIRT in an ITIL driven organization Christian Proschinger Raiffeisen Informatik GmbH Introduction R-IT CERT Idea Introduction to ITIL Example Vulnerability Management Lessons Learned How to set up a CSIRT in

380 views • 16 slides
EUDAT AND SECURITY Urpo Kaila, EUDAT Security Officer urpo.kaila@csc.fi, security@eudat.eu WISE W

EUDAT AND SECURITY Urpo Kaila, EUDAT Security Officer urpo.kaila@csc.fi, security@eudat.eu WISE W

EUDAT AND SECURITY Urpo Kaila, EUDAT Security Officer urpo.kaila@csc.fi, security@eudat.eu WISE W orkshop for I nformation S ecurity for E -infrastructures 2015-10-20, Barcelona This work is licensed under the Creative Commons CC-BY 4.0

563 views • 30 slides

More recommend