Managerial Primer for Ensuring Information Security

Duration: 60 Minutes
Most enterprises actively seek maximizing stakeholder return on investments and fostering superior customer relations to sustain creation justification. With information technologies considered indispensable to providing processing efficiency, communication expediency and information reliability for stakeholders, organizations need to safeguard adequately information assets because they have measurable value. Management typically requires a governance framework that enables organizational alignments, judicious resource allotments, risk management, value delivery and performance measurements to accomplish this security necessity.
Information Security Governance
Instructor: Robert E. Davis
Product ID: 505562
Objectives of the Presentation
  • Forces affecting ISG
  • Information security principles
  • Information security practices
  • Sound strategic and tactical information risk considerations
  • Three tiers of enterprise governance examination
  • Effectiveness measurement techniques
Why should you Attend
Instituting and sustaining information security governance (ISG) requires comprehensive planning and organizing; robust acquisitions and implementations; effective delivery and support; as well as continuous monitoring and evaluation to address the myriad of managerial, operational, and technical issues that can thwart satisfying an enterprise's declared mission. Consequently, information security requires an adaptive balance between sound management and applied technology. Sound management enables assuring adequate asset safeguarding while applied technology can introduce efficiencies for addressing potential external or internal threats.

Information security design, deployment, and assurance require dedication to continuous improvement to ensure optimum effectiveness and efficiency. Whereby, confirmation of compliance with legislation, regulations, policies, directives, procedures, standards, and rules enable asserting superior ISG. Nonetheless, monitoring and evaluating the current state of implemented controls may take a variety of forms; including control self-assessments and information technology (IT) audits. Furthermore, an IT auditor may not be the individual who executes an organization's information security internal control review (ICR). However, an IT auditor may subsequently assess an ICR for effectiveness and/or efficiency. In the regulatory arena, a negative finding, coupled with prompt corrective actions can mitigate civilly and criminal enforcement penalties, thereby potentially reducing or avoiding legal risks.

At the end of this session, the speaker will handle your specific questions and address any challenges you have/had regarding assuring information security.

Areas Covered
  • ISG social responsibility
  • Data protection management
  • Alternative ISG frameworks
  • Organizational structure considerations
  • ISG effectiveness measurement
  • Information security culture
Who will Benefit
  • Audit Committee Members
  • Risk Management Managers
  • External Auditors
  • Internal Auditors
  • Chief Executive Officers
  • Chief Information Officers
  • Compliance Managers
  • Chief Information Security Officers
  • Information Technology Professionals
  • Control Self-Assessment Personnel
Topic Background
Planning and organizing are essential to organizational cohesiveness. ISG usually occurs at different organizational strata, with team leaders reporting to and receiving direction from their managers, with managers reporting up to an executive, and the highest-level executive conferring with and receiving instruction from the entity's oversight committee. Information that indicates deviation from targets will usually include recommendations for action requiring endorsement by the entity's oversight layer. Transparently, this approach is ineffective unless strategies, objectives, and goals are first developed and deployed within the entity's organizational structure.

Acquisitions and implementations are necessary for adequate information security. There is a need for information security solution identification, development or acquisition, as well as implementation and integration of business, and IT processes seamlessly to realize the information security strategy. During an information security product or service acquisition and implementation cycle, changes and maintenance may be required to sustain continued service quality for impacted systems or processes.

Within an enterprise's organizational structure, providing acceptable service delivery necessitates the installation of an effective support system. Information security service delivery and support may range from operational protection deployment to crisis response training. However, assessing changes in, and maintenance of, existing systems are critical security service components contributing to delivering value. Required information protection changes and maintenance inducement can occur through various problems encountered by users or deliberate attacks on the established information security architecture.

Usually, a formal ISG program is required to promote information assets safeguarding. ISG programs should ensure the Control Objectives for Information and related Technology (COBIT) framework confidentiality, integrity, availability, compliance, and reliability information criteria compromise does not occur through gaps in controls. Therefore, the information security program and associated systems, processes and activities need to be regularly assessed for quality and compliance with defined requirements. Monitoring and evaluating information security drives assurances provided or obtained through due care and due diligence as well as enables managerial fiduciary oversight expectations fulfillment.

Whether ISG is considered a distinct governance classification that supports entity governance or a subset of information technology governance (ITG), safeguarding IT normally mandates addressing responsibilities separation and ‘protection-of-information-assets' to ensure managerial due diligence. Typically, safeguarding information assets translates into ensuring resources are acquired, utilized and disposed of by proper procedures and approvals. If ISG misalignment exists among entity governance and ITG; financial, legal, operational and reputational risks can escalate beyond demarcated tolerance levels. In fact, a functional entity's very existence may be dependent on how well it safeguards assets utilized in achieving the adopted organizational mission.
Recorded Session for one participant
Get life time access with download option!
Book this course
Pay Now
  $450.00 Training CD
Free shipment within 4 Working Days of placing the order. Get life time access for unlimited participants.
  $550.00 Training USB Flash Drive
Free shipment within 4 Working Days of placing the order. Get life time access for unlimited participants.
For multiple location please contact our customer care team +1-510-857-5896.
How it works
Live Session - How it works
  • Login to onlinecompliancepanel with your registered username and password
  • The webinar joining link, username and password for joining the webinar will be updated on your OCP Account 24 hours prior to the webinar
  • Presentation handouts in Downloadable PDF format will be updated on your OCP Account 24 hours prior to the live session
  • Login to the audio conference on the scheduled date and time
  • Get answers to your queries through interactive Q&A sessions via chat at the end of the session
  • Download the Certificate of Attendance and Purchase Invoice from your OCP Account 24 hours after the completion of the session
  • Please let us know your thoughts and views at the end of the webinar, your valuable feedback will help us improve
Recorded Session - How it works
  • Login to onlinecompliancepanel with your registered username and password
  • Upon purchase of the recorded session a link will be updated on your OCP Account within 24 hours
  • Please click on the link to access the Recorded Session
  • Presentation handouts in downloadable PDF format will be updated on your OCP Account within 24 hours of the purchase of the product
  • Download the Certificate of Attendance and Purchase Invoice from your OCP Account after 48 hours of the product Purchase
  • Please share your valuable Feedback at the end of the session
Instructor Profile:
Dr. Robert E. Davis obtained a Bachelor of Business Administration in Accounting and Business Law, a Master of Business Administration in Management Information Systems, and a Doctor of Business Administration in Information Systems Management from Temple, West Chester, and Walden University; respectively. Moreover, during his twenty years of involvement in education, Dr. Davis acquired Postgraduate and Professional Technical licenses in Computer Science and Computer Systems Technology. Dr. Davis also obtained the Certified Information Systems Auditor (CISA) certificate - after passing the 1988 Information Systems Audit and Control Association's rigorous three hundred and fifty multiple-choice questions examination; and was conferred the Certified Internal Controls Auditor (CICA) certificate by the Institute for Internal Controls.

Since starting his career as an information systems (IS) auditor, Robert has provided data security consulting and IS auditing services to corporations as well as other organizations; in staff through management positions. Before engaging in the practice of IS auditing and information security consulting; Robert (as a corporate employee) provided inventory as well as general accounting services to Philip Morris, USA, and general accounting services to Philadelphia National Bank (Wells Fargo). Furthermore, he has prior experience as a freelance writer of IT audit and information security training material.
View More