IN TODAY’S CORPORATE ENVIRONMENT,
CIOs and security managers need to protect information assets such as intellectual property (IP) and personally identifiable information (PII). Key business drivers for data protection include:
- Regulatory compliance;
- Competition in the market;
- Legal and recovery costs associated with breaches; and
- Brand risk.
So how do risk managers address these issues?
A CORPORATE POLICY CAN BE DEVELOPED
once the data classification and regulatory assessments are complete. This information security policy is a high level document describing the organization’s governance of data, including executive sponsorship. This policy is then communicated to the employees and training is conducted to educate everyone on how to comply with the policy.
The ISO 27002 standard is an internationally recognized standard that provides guidance on how organizations can protect IT assets. This standard is often considered a benchmark that can enable an organization to meet many, if not all, security and compliance goals. Other useful standards include ITIL, COBIT, and NIST. These standards, along with detailed procedures, can enhance an organization’s high level security and compliance policy.
Read more about ensuring security and compliance in your organization. Download the eBook today.