Monday, May 3, 2010

What are the CISO's most useful instruments ?

So you want to conduct a symphony of information security within your organisation? Well what are the instruments you will use in your orchestra? I suggest you might want to look for or plan the creation of the following:
- audit issue register (lead violin, sometimes a bit too screechy)
- enterprise risk register
- significant business unit risk registers
- compliance requirement register ( the timpani )
- mapping of compliance requirements to your Information Security Management System
- control testing Management reports and database
- management reporting template
- existing enterprise security plan and perhaps security plans of significant business units
- list of business units by criticality
- list of business processes by criticality within business units
- list of business applications by criticality with function descriptions
- current security budget
- business case template and submission procedures
- document map of ISMS with status of documents within it (approved, under review, drafted, not started)
- organisation chart
- list of security projects with budget and status
- list of business projects by criticality to business success
- enterprise security architecture ( well at least the "zone model" with zones mapped to examples in the existing environment )
- data classification scheme
Posted by Matthew Hackling at 8:33 PM

1 comments:

Shane said...

I'd add "delegation(s) of authority" which will allow decisive sanctioned action when you need to pull the plug on something to contain a problem. And the Business Continuity Plan (at least your section of it!).

May 10, 2010 12:49 PM

Post a Comment

Subscribe to: Post Comments (Atom)
Infamous Agenda © 2008. Design by :Yanku Templates Sponsored by: Tutorial87 Commentcute
This template is brought to you by : allblogtools.com Blogger Templates