This survey tracks the adoption of common security frameworks in the enterprise – why do organizations use security frameworks? which security frameworks are preferred? what is the rate of adoption? A good discussion for the CIO to compare their own security framework and strategy.
Topic: IT Security
This presentation introduces information technology governance and information security governance and key concepts related to them – what is IT governance? what is IT security governance? what is the IT security Governance framework? what are some leading practices in implementing IT security governance?
This document provides guidance on applying the IT Security Assessment Framework – establishes five levels of standardized security status and criteria – by identifying 17 control areas, such as those pertaining to identification and authentication and contingency planning. In addition, the guide provides control objectives and techniques that can be measured for each area. (100 Pages)
This document provides guidance on integrating IT security and IT Investment Management processes. Applying funding towards high-priority security investments supports the objective of maintaining appropriate security controls, both at the enterprise-wide and system level, commensurate with levels of risk and data sensitivity. This paper introduces common criteria against which managers can prioritize security activities to ensure that corrective actions are incorporated into the capital planning process to deliver maximum security in a cost-effective manner. (70 Pages)
This document provides guidance on how an organization, through the use of metrics, identifies the adequacy of in-place security controls, policies, and procedures. It provides an approach to help management decide where to invest in additional security protection resources or identify and evaluate nonproductive controls. It explains the metric development and implementation process and how it can also be used to adequately justify security control investments. The results of an effective metric program can provide useful data for directing the allocation of information security resources and should simplify the preparation of performance-related reports. (100 pages)
This presentation introduces the Common Criteria Evaluation and Certification Scheme, or CCS – an independent evaluation and certification service for measuring the security assurance and functionality claims of Information and Communications Technology (ICT) products and systems. What is it? Why is it important to you?
This paper discusses security risk analysis – what is security risk analysis? why perform a security risk assessment? how to conduct a security risk assessment? when to perform a security risk analysis?
This presentation discusses information security and compliance risk management – what is it? why do it? – and introduces a framework to implement it in the healthcare industry.
This presentation discusses the imperatives for and the framework and process needed to setup an incident response program.
Arguing that in some organization boundaries between IT Governance, Accounting, BPM and Security Administration are blurring, the author highlights key mega trends driving this convergence and discusses some points to consider when making the move yourself.
A framework for business IT alignment.
A good IT Strategy Plan that you can use as a template to create your own.
This in-depth – 78 pages – presentation goes into just about everything you would have wanted to know about IT Strategy aka business IT alignment (ICT Strategy, IS strategy, IS strategic alignment, IT Alignment, strategic information systems planning (SISP)…)
This is an in-depth information technology strategic planning example that details the process and framework that CIOs can adapt to give direction to their own IT Organizations. Excellent Read!! (200 pages)
Use this template to create an IT strategic plan for your organization – aligning business with IT strategy. IT Strategy Template can be downloaded for free by CIO Index members.
CIOs can use this step-by-step guide to improve business IT alignment.
There are many definitions of IT Strategy. Which one is true?