Topic: information security governance and risk management

IT Security Self Assessment Guide

This document provides guidance on applying the IT Security Assessment Framework – establishes five levels of standardized security status and criteria – by identifying 17 control areas, such as those pertaining to identification and authentication and contingency planning. In addition, the guide provides control objectives and techniques that can be measured for each area. (100 Pages)

Prioritizing IT Security Investments

This document provides guidance on integrating IT security and IT Investment Management processes. Applying funding towards high-priority security investments supports the objective of maintaining appropriate security controls, both at the enterprise-wide and system level, commensurate with levels of risk and data sensitivity. This paper introduces common criteria against which managers can prioritize security activities to ensure that corrective actions are incorporated into the capital planning process to deliver maximum security in a cost-effective manner. (70 Pages)

A Business Case Framework for Risk Management

This paper introduces a framework to create a business case for corporate risk management decisions – connecting risk management strategies with shareholder value.

Introduction to Common Criteria Scheme (CCS)

This presentation introduces the Common Criteria Evaluation and Certification Scheme, or CCS – an independent evaluation and certification service for measuring the security assurance and functionality claims of Information and Communications Technology (ICT) products and systems. What is it? Why is it important to you?

Security Risk Assessment

This paper discusses security risk analysis – what is security risk analysis? why perform a security risk assessment? how to conduct a security risk assessment? when to perform a security risk analysis?

Risk Analysis using the DuPont model

This whitepaper uses the DuPont Model for risk analysis because this model connects incidents with their potential impact on profitability. To use this model, the reader needs knowledge on accounting and financial reporting, experience with risk scenarios, and how IT is affected.

How Does Visa Secure its Payment System?

This presentation paints a picture of the emerging threats to the worldwide payment processing systems and discusses how a major payment processor – Visa – works to keep its payment network secure from increasingly sophisticated attacks.

Automating ISO 27002

This presentation discusses technologies for implementing ISO 27002 processes and controls – which technologies to use? where to start?

Editor's Picks

Sample IT Strategy Plan

A good IT Strategy Plan that you can use as a template to create your own.

IT Strategy Presentation

This in-depth – 78 pages – presentation goes into just about everything you would have wanted to know about IT Strategy aka business IT alignment (ICT Strategy, IS strategy, IS strategic alignment, IT Alignment, strategic information systems planning (SISP)…)

IT Strategy Example

This is an in-depth information technology strategic planning example that details the process and framework that CIOs can adapt to give direction to their own IT Organizations. Excellent Read!! (200 pages)

IT Strategy Template

Use this template to create an IT strategic plan for your organization – aligning business with IT strategy. IT Strategy Template can be downloaded for free by CIO Index members.

7 Steps to Business and IT Alignment

No business will ever reach the goal of “business and IT alignment”. Should this discourage you from pursuing business and IT alignment? NO! It is a worthy goal to pursue. Indeed, it is a critical one to pursue. You might never reach alignment but you can take steps to get ever closer. This requires a process. Often, we ignore the fact that business and IT alignment is a process. This process does not have a starting point nor does it have an end. It is a series of “learn and do” cycles that incrementally get towards alignment. Let me explain.

CIO Newsletters

Copyright ©  2020  CIO Portal. All rights reserved.