 |
|
||||
 |
|
||
|
OUR SERVICES |
|
Informational asset security management framework |
||
|
||
Informational asset security management framework We will never insist enough on the importance of establishing the right strategies to ensure daily availability and protection of the information the organization owns and handles. Nowadays, companies very much rely on information technologies in order to achieve most of their activities. More than ever, it is senior management’s responsibility to introduce and maintain a security program based on a management framework adapted to the organization’s business reality. In order to facilitate the enhancement and maintenance of good practices in terms of informational assets security and protection, IS relies on a flexible and proven management framework. This generic management framework provides a lot of flexibility since it takes into consideration the organization’s strengths. It is also easy to add to this framework a variety of other tools depending on the trends and the best security practices you are looking for. This exercise will also facilitate the implementation of a security program that will take into account the organization’s human, financial and material resources. IS’s management framework is comprised of the following modules: Module 1 – Current situation assessment This module consists in assessing the current situation in terms of informational asset protection and to define the scope of the complementary interventions required to implement the security program that the organization is looking for. Module 2 – Security organization This module is designed to identify the security objectives based on the organization’s mission. It consists, among other things, in classifying the organization’s informational assets according to their characteristics and relative importance, and will eventually serve to elaborate a coherent security policy. This module is used to validate the safety of a technological environment and to highlight the flaws or weaknesses, of a technological or human nature, that may impair the security process. Module 3b – Risk analysis This module consists in evaluating the organization’s strengths and weaknesses regarding its capacity to face certain risks. This exercise is performed using the recognized methodology or standard that is best suited to the organization’s needs. Module 4 – Risk management This module provides for the development of a plan for the implementation of business and operations continuity measures that takes into account the value of the information that needs protection, and that is in accordance with the organization’s mission. The recommended corrective measures will take into consideration the organization’s human, financial, material and technical constraints. Module 5 – Control and evaluation This last module contains various efficiency tests, along with scoreboards that enable managers to perform an efficient analysis of the situation. |
||
|
||