Governance is the set of responsibilities and practices exercised by the board and executive Management with the goal of providing strategic direction, ensuring that objectives are achieved, ascertaining that risks are managed appropriately and verifying that the enterprise’s resources are used responsibly.
Information security governance consists of the leadership, organizational structures and processes that safeguard information.
IT governance is critical due to a number of factors:
- Business Managers and Boards demanding a better return from IT investments.
- Concern over the increasing level of IT expenditure.
- The need to meet regulatory requirements for IT controls.
- IT governance initiatives that include adoption of control frameworks and good practices to help monitor and improve critical IT activities to increase business value and reduce business risk.
- New sourcing practices: Sourcing practices relate to the way in which your organization obtains the Information Security functions required to support the business. Delivery of information can include: Insourced, outsourced (e.g. cloud computing) and Hybrid.
Security is a relatively new area of governance for most organizations. It can be complicated for newcomers to IT. Our objective is to help you make well-informed decisions about many important components of security governance, such as developing policies and procedures, risk management,
CKSS serves as trusted advisor and works alongside your internal team to develop policies, procedures and processes such as:
- High level information Security Policy: This is a high level document that represents the corporate philosophy of an organization. The policy includes statements on confidentiality, integrity and availability.
- Acceptable Usage Policy: This is a comprehensive policy that includes information for all information resources (Hardware/Software, networks, Internet, etc.) and describes the organizational permissions for the usage of IT and information related resources.
- Mobile and Bring Your Own Device (BYOD) Policies: These policies describe the parameters and usage of mobile devices.
- Well-defined Risk Management framework. CKSS solicits input from all departments of the enterprise regarding the type of data, hardware, software, services, documents and personnel. This aids in data classification and establishment of baseline controls/safeguards to protect company data. Additionally, CKSS assists in creating a Plan of Action and milestones to address residual risks.
- Business Resumption Services: CKSS develops process guidelines and deliverables based on industry standards such as NIST SP 800-34, Contingency Planning Guide for Information Technology Systems. Our Personnel conducts Business Impact Analysis (BIA); develops Continuity of Operations Plans (COOP)/Business Continuity Plan (BCP); Contingency Plans / Disaster Recovery Plans (DRP); tests business resumption process to include test plans and lessons learned reports. Testing includes: table top exercises, simulated exercises and operational exercises.
- Incident Response plan and testing plans: Our security consultant works with you to develop an effective Incident Response Plan based on best practices.
- Cloud Assessment: This offering will help guide decisions regarding outsourcing and third party services. We clear the misperception about cloud computing to ensure you are working with the best cloud service providers.
CKSS helps put structure around how your association aligns IT strategy with business strategy, guaranteeing that you stay on track to achieve your strategies and goals, and actualizing great approaches to measure IT’s execution.