Information Security, Risk Management
Governance and Audit.

BRIEF

“Information is your organizations most valuable asset so why not protect it in the same you way you protect your physical assets?
Yew Tree Services can help you make the most of your information by making sure it is there when you need it and managed in line with international standards and legislation.”

www.yewtreeservices.co.uk

What is Governance?

The process of Information Security Governance establishes and maintains a framework to provide assurance that information security strategies are aligned with business objectives and consistent with applicable laws and regulations.

By undertaking a series of tasks businesses can ensure that their governance processes meet the requirements of their business objectives. These tasks can include:

Developing an information security strategy to support business strategy and direction.
Obtaining senior management commitment and support for information security throughout the enterprise.
Ensure that information security activities are included in the roles and responsibilities of staff throughout the enterprise.
Ensuring that information security activities are supported by reporting and communication channels that are both effective and clearly understood.
Identifying current and potential legal and regulatory issues affecting information security and assess their impact on the enterprise.
Establishing and maintaining information security policies that support business goals and objectives.
Developing and implementing procedures and guidelines that support information security policies.
Ensuring that information security program investments are supported by sound business case and enterprise value analysis.

Carrying out these tasks requires considerable knowledge, not just about the business itself but about the wider environment in which it operates and about the key concepts of Information Security Management. Concepts at the heart of information security management cover a wide range of business and security issues including:

The relationship between information security and business operations
Methods of integrating information security governance into the overall enterprise governance framework
Information security steering group function
Information security management roles, responsibilities and organizational structure
Other areas of governance (for example, risk management, data classification management, network security, system access)
Centralized and decentralized approaches to coordinating information security
Legal and regulatory issues associated information management.
Common insurance policies and imposed conditions (for example, crime or fidelity insurance, business interruptions)
Requirements for the content and retention of business records and compliance
Process for linking policies to enterprise business objectives
Function and content of essential elements of an information security program(me) (for example, policy statements, procedures and guidelines)
Techniques for developing an information security process improvement model for sustainable and repeatable information security policies and procedures
Information security process improvement and its relationship to traditional process management
Information security process improvement and its relationship to security architecture development and modeling
Information security process improvement and its relationship to security infrastructure
Generally accepted international standards for information security management and related process improvement models
Key components of cost benefit analysis and enterprise transformation/migration plans (for example, architectural alignment, organizational positioning, change management, benchmarking, market/competitive analysis)

Methodology for business case development and computing enterprise value proposition.