Information Security Management ResourceKit

A Public Service of SecureTheVillage

Team Mission, Goals, and Objectives

Team Mission

The Information Security Management & Leadership Team is responsible for managing the organization’s risk-based Information Security Management Program, designed to protect the confidentiality, integrity, and availability of the organization’s information.

The Information Security Management & Leadership Team is also responsible for organizational leadership in creating a cybersecurity culture.

Team Goals

The Information Security Management & Leadership Team has seven goals.

  1. Ethical Responsibility: Manage the security of Information with the recognition that it is the lives and fortunes of our clients and customers, our people, and our community.
  2. Proportionate Risk: Manage the security of Information proportionate to the harm that its loss of confidentiality, integrity, or availability could cause the organization, its clients and customers, its people, and the community.
  3. Commercial Reasonableness: Manage the security of information in a manner that is commercially reasonable for the organization’s particular circumstances: industry, size, nature of information at risk, etc.
  4. Organizational Completeness: Manage information risk across the entire organization, to also include 3rd-parties and vendors.
  5. Minimize Operational Impact: Manage the security of Information in ways that minimize the impact on operations and staff productivity.
  6. Cost-Effectiveness: Manage the security of information to minimize the organization’s Total Cost of Information Security. SM
  7. Continuous Improvement: Continuously improve the organization’s ability identify and respond to (i) changes in the organization’s risk profile resulting from changes in the threat environment, laws and regulations, and contracts; (ii) the availability of new and improved countermeasures; and (iii) discovered weaknesses in existing countermeasures.

Team Objectives

The Information Security Management & Leadership Team is to

  1. Establish and maintain Information Security Policies and Standards to guide the organization in securing information.
  2. Ensure staff are provided awareness training, education and organizational leadership in creating a cybersecurity culture.
  3. Ensure IT security management conforms to organizational standards and commercially-reasonable practices.
  4. Maintain commercially reasonable assurance that vendors and 3rd-parties with whom information is shared properly protect that information.
  5. Ensure information resilience: the organization’s ability to detect and recover from security incidents and interruptions, and its ability to restore normal operations.
  6. Provide staff with information security tools (e.g., password management tools).
  7. Work with the Finance Department to manage the risk of online bank fraud.
  8. Ensure the organization is in compliance with laws, regulations and contractual agreements.
  9. Coordinate the organization’s use of cyber-insurance as a risk management vehicle.
  10. Support business development, primarily in response to inquiries from prospects and clients about our information security management program.

 

Contributed by Citadel Information Group
© Copyright 2017. Citadel Information Group. All Rights Reserved.