Managerial Primer for Ensuring Information Security

Duration 60 Mins
Level Basic & Intermediate
Webinar ID IQW19B0233

  • ISG social responsibility
  • Data protection management
  • Alternative ISG frameworks
  • Organizational structure considerations
  • ISG effectiveness measurement
  • Information security culture

Overview of the webinar

Usually, a formal ISG program is required to promote information assets safeguarding. ISG programs should ensure the Control Objectives for Information and related Technology (COBIT) framework confidentiality, integrity, availability, compliance, and reliability information criteria compromise does not occur through gaps in controls. Therefore, the information security program and associated systems, processes, and activities need regular quality and compliance assessments. Monitoring and evaluating information security drives assurances provided or obtained through due care and due diligence as well as enables managerial fiduciary oversight expectations fulfilment. Planning and organizing are essential to organizational cohesiveness.

ISG usually occurs at different organizational strata, with team leaders reporting to and receiving direction from their managers, with managers reporting up to an executive, and the highest-level executive conferring with and receiving instruction from the entity's oversight committee. Information that indicates deviation from targets will usually include recommendations for action requiring endorsement by the entity's oversight layer. Transparently, this approach is ineffective unless strategies, objectives, and goals development and deployment occur first within the entity's organizational structure.

Within an enterprise's organizational structure, providing acceptable service delivery necessitates the installation of an effective support system. Information security service delivery and support may range from operational protection deployment to crisis response training. However, assessing changes in, and maintenance of, existing systems are critical security service components contributing to delivering value. Required information protection changes and maintenance inducement can occur through various problems encountered by users or deliberate attacks on the established information security architecture.

Who should attend?

  • Audit committee members
  • Risk management managers
  • External auditors
  • Internal auditors
  • Chief Executive Officers
  • Chief Information Officers
  • Compliance managers
  • Chief Information Security Officers
  • Information technology professionals
  • Control Self-Assessment personnel

Why should you attend?

Instituting and sustaining information security governance (ISG) requires comprehensive planning and organizing; robust acquisitions and implementations; effective delivery and support; as well as continuous monitoring and evaluation to address the myriad of managerial, operational, and technical issues that can thwart satisfying an enterprise’s declared mission. Consequently, information security requires an adaptive balance between sound management and applied technology. Sound management enables assuring adequate asset safeguarding while applied technology can introduce efficiencies for addressing potential external or internal threats. Information security design, deployment, and assurance require dedication to continuous improvement to ensure optimum effectiveness and efficiency. Whereby, confirmation of compliance with legislation, regulations, policies, directives, procedures, standards, and rules enable asserting superior ISG. Nonetheless, monitoring and evaluating the current state of implemented controls may take a variety of forms; including control self-assessments and information technology (IT) audits. Furthermore, an IT auditor may not be the individual who executes an organization’s information security internal control review (ICR). However, an IT auditor may subsequently assess an ICR for effectiveness and/or efficiency. In the regulatory arena, a negative finding, coupled with prompt corrective actions can mitigate civilly and criminal enforcement penalties, thereby potentially reducing or avoiding legal risks.

Faculty - Mr. Robert E. Davis

Dr. Robert E. Davis, CISA, CICA (an invited Golden Key and Delta Mu Delta member) obtained a Bachelor of Business Administration degree in Accounting and Business Law and a Master of Business Administration degree in Management Information Systems from Temple and West Chester University; respectively. In addition, during his twenty years of involvement in education, Robert acquired Postgraduate and Professional Technical licenses in Computer Science and Computer Systems Technology. Robert also obtained the Certified Information Systems Auditor (CISA) certificate — after passing the 1988 Information Systems Audit and Control Association’s rigorous three hundred and fifty multiple-choice questions examination; and was conferred the Certified Internal Controls Auditor (CICA) certificate by the Institute for Internal Controls. Robert was awarded the Doctor of Business Administration degree specializing in Information Systems Management by Walden University. 
Since starting his career as an information systems (IS) auditor, Robert has provided data security consulting and IS auditing services to the United States Securities and Exchange Commission, United States Enrichment Corporation, Raytheon Company, United States Interstate Commerce Commission, Dow Jones & Company and Fidelity/First Fidelity (Wells Fargo) corporations as well as other organizations; in staff through management positions.
 

For group or any booking support, contact: