Page 44 - Cyber Defense eMagazine June 2020 Edition

P. 44

• ISACA: Information Security “Management Maturity Model”

Managing the Security of Critical Information Assets

Information Security Control Objectives

While the prevailing ‘consumer perspective” of information security is that it is concerned with protecting
the confidentiality of sensitive information.

The control objectives recognize that it is not enough to put all of one’s security resources on protecting
information. Information is under stealth attack and it is only prudent to commit resources to detecting
attacks and to be sure that one can recover from attacks. And while compliance is linked to protect, detect
and recovery controls, it requires management oversight and corporate resources as well.

Information Security Critical Success Factors

Information security has seven Critical Success Factors which must be implemented if an organization is
to meet its information security control objectives.

1. Executive Management Responsibility: Senior management has responsibility for the firm’s information
security program, and this program is managed in accordance with the enterprise’s information security
policies.

2. Information Security Policies: The enterprise has documented its management approach to security in
a way that complies with its responsibilities and duties to protect information.

3. User Awareness Training & Education: Information users receive regular training and education in the
enterprise’s information security policies and their personal responsibilities for protecting information.

4. Computer and Network Security: IT staff and IT vendors are securely managing the technology
infrastructure in a defined and documented manner that adheres to effective industry information security
practices.

5. Physical and Personnel Security: The enterprise has appropriate physical access controls, guards,
and surveillance systems to protect the work environment, server rooms, phone closets, and other areas

39 40 41 42 43 44 45 46 47 48 49