Organizational Processes and their impact to security

Security governance is a process which defines how a decision is made within an organization. This task is accomplished in different ways as per organization culture, management style and other variety of factors.

Inn large organizations the task is much more organized and at times can be more complicated as there are multiple levels of decision makers which are required to be involved. IN small private business and or organizations the decision making process may be as simple as one or two person, who at the end of the day make a decision based on consultation or derived from a personal experience of the decision makers.

In government or public organizations there is a chartered legislative body or a corporation which makes strategic decision based defined policies, procedures, board of directors etc.

Each organization will have its own process for making decision, based on a defined structure, goals, nature of the industry, regulations.

Some companies/organizations create a governance committee, which is a formal body of personnel who recommends and or decisions. Governance committees are mostly required for most non-profit organizations as well. The governance committee recruits and selects board members and determines if the board as a whole and or an individual member(s) are perform in an optimum fashion.

Comments

Post a Comment

Popular posts from this blog

Security Control Frameworks with full details

Image
Security Control Frameworks In formalizing its security governance, an organization might implement a security control framework ; this is a notional construct outlining the organization’s approach to security, including a list of specific security processes, procedures, and solutions used by the organization. The framework is often used by the organization to describe its security efforts, for both internal tracking purposes and for demonstration to external entities such as regulators and auditors. There are a variety of security frameworks currently popular in the industry, each offering benefits and capabilities, usually designed for a certain industry, type of organization, or approach to security. The following list of framework examples is by no means exhaustive or intended to be exclusive; the security practitioner should have a working familiarity with the frameworks on this list, as well as whatever framework is used by their own organization (if any). Some of these framewor...
Read more

Concepts of (CIA) confidentiality, integrity and availability

Image
  CIA Triad explanation: As a security professional or a trainee you need to know CIA (Confidentiality, integrity and availability) down to its core. We will focus on the three key principles as we will now refer them as CIA triad. In the field of information security , we have assets which can be tangible (something you can touch) for example your organization computers, servers, employees, data etc. and non-tangible (something you cannot touch) for example your reputation, your market share, your share or stock value etc. all of these assets requires security and the first thing as a security practitioner you will do is to utilize the CIA principle to assess what level of security you need to apply as per your business, security and compliance requirements. This is true even for data that is stored in any form, be it electronically or in printed hardcopy. It also applies to any systems, mechanisms, techniques used to process/manipulate/store/transmits that data. For CIA examples...
Read more