Information Security Governance &
Compliance
Security Governance
"Governance" is the set of policies, processes and
structures by which organization are directed and controlled. It ensures
good behaviour and protects the interests of stakeholders and the
community at large. Good governance requires an integrated framework for
internal control that includes a suitable risk management framework.
An organization's governance framework must ensure
that it is able to adhere both to laws and regulations, and to its own
policies and structures for control and management of risk. We
can help you ensure you have an appropriate security governance
structure for your organization. We can help you create a security
governance structure, evaluate your current governance model, or help
you execute a security governance strategy.
Compliance
SOX audits, NERC audits, PCI-DSS audits, privacy audits, corporate policy
audits, etc. .... What is actually mandatory and isn't it possible set out what
has to be measured and recorded in a way that lets it be done once? Or is
"Measure once; satisfy many" just a dream?
An integrated security compliance framework can
integrate and harmonize internal and regulatory requirements into one
framework of common controls. This results in a consolidated view of
risk, standardized metrics, and and integrated monitoring and compliance
processes, i.e. "Do once; satisfy many." |
