Information Security Risk Management Cornerstones
Enterprises must determine how their security controls and architecture align with relevant regulations, business risk and security requirements from partners or customers. However, most regulations do not offer detailed guidance on what security controls are necessary, but they do require "best practices" and also require partners or providers to have appropriate security practices. Clauses are typically too vague to be adequate.
Key Issue: What are the best practices of a successful information security program?
To be effective, five cornerstones are needed for any information security risk management program:
Note: ISO 17799 is a comprehensive set of guidelines offering a code of practice for security management. The objectives of ISO 17799 are to provide a basis for organizational security standards and to enable the establishment of mutual trust among networked sites. Many information security service providers offer services associated with ISO 17799.
As many of five cornerstone components as possible should be implemented to make the most effective use of limited funding in the information security and business continuity area.