Information Security Management

From Boosting Performance
Jump to: navigation, search

What is Information Security Management?

The process that ensures customer security requirements are reflected in IT Services offered

What does good look like?

Based on ISO 27001

  • Control - Organize the framework
  • Plan - Design policies
  • Implement - Create awareness
  • Evaluate - Perform audits
  • Maintain - Learn and improve

Video of ITIL Information Security Management

Orientation workshop for your organisation

  • Who is the Information Security Manager? Several?
  • Where is an overview of the Information Security policies?
  • How/Where am I involved in this area of work?
  • What deviations do I know about?
  • What can be improved?

Simple as possible work description for a Service Portfolio Manager

  • Plan preventive measures (eg. Access Management)
  • Plan reductive measures (how to limit the impact)
  • Plan detective measures (monitoring)
  • Plan repressive measures (blocking)
  • Plan corrective measures (Rollback and learning)