Your answer was selected as Best Answer
Your Public Answer:
“Hi ...., For a refined category list of information security controls, I do recommend ISO 27001 Global Information Security Framework: Here is the list of domains: 1. Security Policy 2. Organization of Information Security 3. Asset Management 4. Human Resources Security 5. Physical and Environmental Security 6. Communications and Operations Management 7. Access Control 8. Information Systems Acquisition, Development and Maintenance 9. Information Security Incident Management 9. Business Continuity Management 10. Compliance 11. Measurement of Metrics Of course there are more controls under each domain. If you like to have predefined controls instead of risk based ones, PCI framework offers a good list of security controls as well. And as an answer to your main question, which one is more important... I do believe (like many others posted on this topic) that the importance is directly related with risks and the business requirements, and there is no single "list". If you define a specific vertical (e.g. health, financial) it might be possible to make some assumptions for a simplified list, but in general it is a very difficult task. Here is a quick methodology to detect which IT Controls are more important than the others... 1- Find out what the information assets are, and determine their value 2- Run a risk assessment with your choice of methodology. Determine threats, vulnerabilities, impact, probability etc, so get the risk 3- Run business requirements analysis, and find out what is important for business, what are the shortcomings of current systems, compliance requirements, budgets, which systems are desired/in the pipeline etc. 4- Run a Gap Analysis with the inputs from Risk Assessment and the Business Requirements Analysis, this should generate a correct priority list for you. Let me know if you have any specific questions, Regards, - yinal”
Sunday, August 26, 2007
What is the most important IT Controls of organizations?
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment