The Information Security Management & Leadership Team is responsible for managing the organization’s risk-based Information Security Management Program, designed to protect the confidentiality, integrity, and availability of the organization’s information.
The Information Security Management & Leadership Team is also responsible for organizational leadership in creating a cybersecurity culture.
The Information Security Management & Leadership Team has seven goals.
- Ethical Responsibility: Manage the security of Information with the recognition that it is the lives and fortunes of our clients and customers, our people, and our community.
- Proportionate Risk: Manage the security of Information proportionate to the harm that its loss of confidentiality, integrity, or availability could cause the organization, its clients and customers, its people, and the community.
- Commercial Reasonableness: Manage the security of information in a manner that is commercially reasonable for the organization’s particular circumstances: industry, size, nature of information at risk, etc.
- Organizational Completeness: Manage information risk across the entire organization, to also include 3rd-parties and vendors.
- Minimize Operational Impact: Manage the security of Information in ways that minimize the impact on operations and staff productivity.
- Cost-Effectiveness: Manage the security of information to minimize the organization’s Total Cost of Information Security. SM
- Continuous Improvement: Continuously improve the organization’s ability identify and respond to (i) changes in the organization’s risk profile resulting from changes in the threat environment, laws and regulations, and contracts; (ii) the availability of new and improved countermeasures; and (iii) discovered weaknesses in existing countermeasures.
The Information Security Management & Leadership Team is to
- Establish and maintain Information Security Policies and Standards to guide the organization in securing information.
- Ensure staff are provided awareness training, education and organizational leadership in creating a cybersecurity culture.
- Ensure IT security management conforms to organizational standards and commercially-reasonable practices.
- Maintain commercially reasonable assurance that vendors and 3rd-parties with whom information is shared properly protect that information.
- Ensure information resilience: the organization’s ability to detect and recover from security incidents and interruptions, and its ability to restore normal operations.
- Provide staff with information security tools (e.g., password management tools).
- Work with the Finance Department to manage the risk of online bank fraud.
- Ensure the organization is in compliance with laws, regulations and contractual agreements.
- Coordinate the organization’s use of cyber-insurance as a risk management vehicle.
- Support business development, primarily in response to inquiries from prospects and clients about our information security management program.
Contributed by Citadel Information Group
© Copyright 2017. Citadel Information Group. All Rights Reserved.