Information Security Management ResourceKit

A Public Service of SecureTheVillage

Information Security Management & Governance

Team Authority, Accountability, and Governance

Team Authority

  • In coordination with the Chief Executive, the Team has the authority to establish information security policies, standards and other materials and to hold staff accountable for compliance.
  • In coordination with the Chief Financial Officer, the Team has the authority to establish budgets, commit resources and direct expenditure of organizational resources.

Accountability and Governance

  • The Team will be held accountable by the Chief Executive (and Board) for implementing the organization’s Information Security Management Program.
  • The Team will meet quarterly with the Chief Executive to review the Information Security Management Program: plans; accomplishments; outcomes; and challenges.

 

Contributed by Citadel Information Group
© Copyright 2017. Citadel Information Group. All Rights Reserved.

A Few Quotes about High Performance Teams

Trust is knowing that when a team member does push you, they’re doing it because they care about the team. … Patrick Lencioni

Talent wins games, but teamwork and intelligence wins championships. … Michael Jordan

Coming together is a beginning. Keeping together is progress. Working together is success. … Henry Ford

Perfection is not attainable, but if we chase perfection we can catch excellence. … Vince Lombardi

No one is as smart as everyone. … Tom Petzinger

There is no “I” in Team … Anonymous

If everyone is moving forward together, then success takes care of itself. … Henry Ford

 

Contributed by Citadel Information Group

 

Information Security Management — Seven Critical Success Strategies

 

Information Security Success Strategies — The Critical Seven

The following seven critical success strategies are vital in implementing a successful formal risk-driven Information Security Management Program.

  1. Put someone in-charge. Establish leadership. Information Security Manager / Chief Information Security Officer.
    1. C-Suite and Board Governance
    2. Independent Perspective from CIO or Technology Director
    3. Supported by Cross-Functional Leadership Team
    4. Supported with Subject-Matter Expertise
  2. Implement formal risk-driven information security policies and standards.
  3. Identify, document and control sensitive information.
  4. Train and educate personnel. Change culture.
  5. Manage 3rd-party security.
  6. Manage IT Infrastructure from an “information security point of view” in accordance with standards at least as strong as SecureTheVillage’s Code of Basic Information Security Management Practices.
  7. Be prepared. Incident response. Business continuity planning.

Contributed by Citadel Information Group
© Copyright 2017. Citadel Information Group. All Rights Reserved.

A Few Quotes about Information Security and Privacy

Distrust and Caution Are the Parents of Security … Benjamin Franklin

The secret of success lies in managing risk, not avoiding it. … Merryle Rukeyser, Financial Journalist / Educator

The number one thing at the Board level and CEO level is to take cybersecurity as seriously as you take business operations and financial operations. It’s not good enough to go to your CIO and say “are we good to go.” You’ve got to be able to ask questions and understand the answers. … Major Gen Brett Williams, U.S. Air Force (Ret) … This Week with George Stephanopoulos, December 2014

Information security is a team sport. … Citadel Information Group

 

Contributed by Citadel Information Group