16.06.2009
* How would you describe the different types of information you work with
* Which types of information do you rely on to make decisions
* Are there any information types that are more of a concern to keep private than others
From these questions, an information classification system can be developed (e.g. customer info, financial info, marketing info, etc), and appropriate handling procedures for each can be described at the business process level. (Editor's note: See also Jason Stradley's provocative take on data classification and related issues.)
Of course, a seasoned security professional will also have advice on how to mold the management opinions with respect to security into a comprehensive organizational strategy. Once it is clear that the security professional completely understands management's opinions, it should be possible to introduce a security framework that is consistent with it. The framework will be the foundation of the organization's Information Security Program, and thus will service as a guide for creating an outline of the information security policy.
» Android » Blackberry » Cloud Computing » iPad » iPhone
» Linkedin » Office 365 » Projektmanagement
» Rolle des CIO » SaaS » Scrum » SWOT-Analyse
Newsletter von CIO.de
