Informatique Stratégique - What you should know about security - Corporate Executive

Our work approach

Customer satisfaction survey

Our metaphor: Football

Organizational security services (governance)

Operational security services

Computer security mechanisms

Informatique Stratégique

		Corporate Executive

		IT Manager

		Programmer-Analyst and Network Manager

		Owners and users of informational assets



	Information security within an organization falls under its senior management's responsibility. Of course, the IT Department plays an important role in the implementation and maintenance of security mechanisms. However, information security is a strategic consideration which cannot be the exclusive responsibility of the IT Department, for the following reasons: Your IT team cannot, on its own, identify your informational assets, measure the degree of importance they have for the organization and decide which measures are appropriate to protect them. These considerations are strategic in the sense that they directly affect your organization's operational capacity. Senior management must also be involved in the development and implementation of organizational policies and guidelines in the matter of security. The protection of your informational assets does not only depend on technological tools but also on guidelines established for your employees, suppliers and clients, etc. There are an increasing number of laws and regulations that determine requirements regarding information security and for which your organization's senior management is accountable. The following are the most commonly known : An Act respecting Access to documents held by public bodies and the Protection of personal information, R.S.Q., chapter A-2.1 Public Administration Act, R.S.Q., 2005, chapter A-6.01 An Act to establish a legal framework for information technology, P.L.Q. 161, 2001, c.32 Civil Code of Québec, S.Q., 1991, c. 64 (art. 35 to 41) An Act to amend various legislative provisions as regards the disclosure of confidential information to protect individuals, L.Q. 2001, chap.78 Standards, approaches and methodologies: ISO 17799 TCSEC ITSEC NIST SO MÉHARI COBIT CMM EBIOS Octave ITIL Etc Considering the above, responsibilities pertaining to information security must be clearly defined: Your organization's senior management must take the lead regarding information security, in the broad sense of the word; As for your IT Department, it has the responsibility to implement the necessary technological tools to ensure information security, in compliance with the orientations set forth by management.

Informatique Stratégique © 2006

Web site design by Trafic