Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Management
https://store.theartofservice.com/
The guidance in this Self-Assessment is based on Information Security
Management best practices and standards in business process
architecture, design and quality management. The guidance is also based
on the professional judgment of the individual collaborators listed in the
Acknowledgments.
Notice of rights
You are permitted to use the Self-Assessment contents in your presentations
and materials for internal use and customers without asking us - we are here
to help.
All rights reserved for the book itself: this book may not be reproduced or
transmitted in any form by any means, electronic, mechanical, photocopying,
recording, or otherwise, without the prior written permission of the publisher.
The information in this book is distributed on an As Is basis without warranty.
While every precaution has been taken in the preparation of he book, neither
the author nor the publisher shall have any liability to any person or entity
with respect to any loss or damage caused or alleged to be caused directly or
indirectly by the instructions contained in this book or by the products described
in it.
Trademarks
Many of the designations used by manufacturers and sellers to distinguish
their products are claimed as trademarks. Where those designations appear in
this book, and the publisher was aware of a trademark claim, the designations
appear as requested by the owner of the trademark. All other product names
and services identified throughout this book are used in editorial fashion only
and for the benefit of such companies with no intention of infringement of the
trademark. No such use, or the use of any trade name, is intended to convey
endorsement or other affiliation with this book.
1
Table of Contents
About The Art of Service 3
Acknowledgments 4
Complete Resources - how to access 4
Purpose of this Self-Assessment 4
How to use the Self-Assessment 5
Information Security Management
Scorecard Example 7
Information Security Management
Scorecard 8
BEGINNING OF THE
SELF-ASSESSMENT: 9
CRITERION #1: RECOGNIZE 11
CRITERION #2: DEFINE: 14
CRITERION #3: MEASURE: 17
CRITERION #4: ANALYZE: 21
CRITERION #5: IMPROVE: 24
CRITERION #6: CONTROL: 27
CRITERION #7: SUSTAIN: 31
Index 33
2
About The Art of Service
T
he Art of Service, Business Process Architects since 2000, is
dedicated to helping business achieve excellence.
Someone capable of asking the right questions and step back and
say, What are we really trying to accomplish here? And is there a
different way to look at it?
http://theartofservice.com
service@theartofservice.com
3
Acknowledgments
This checklist was developed under the auspices of The Art of
Service, chaired by Gerardus Blokdyk.
https://store.theartofservice.com
4
Security Management, based on best practices and standards in
business process architecture, design and quality management.
1 Strongly Disagree
2 Disagree
3 Neutral
4 Agree
5 Strongly Agree
5
Read the question and rate it with the following in front of mind:
In my belief,
the answer to this question is clearly defined.
There are two ways in which you can choose to interpret this
statement;
6
Information Security Management
Scorecard Example
7
Information Security Management
Scorecard
Your Scores:
8
BEGINNING OF THE
SELF-ASSESSMENT:
9
SELF-ASSESSMENT SECTION
START
10
CRITERION #1: RECOGNIZE
5 Strongly Agree
4 Agree
3 Neutral
2 Disagree
1 Strongly Disagree
11
3. Liability in the event sensitive information is
compromised?
<--- Score
Tr a n s f e r y o u r s c o re t o t h e I n f o r m a t i o n
Security Management Index at the
beginning of the Self-Assessment.
12
SELF-ASSESSMENT SECTION
START
13
CRITERION #2: DEFINE:
5 Strongly Agree
4 Agree
3 Neutral
2 Disagree
1 Strongly Disagree
1. Scope of application?
<--- Score
14
access program that is consistent with FISMA
requirements, policy, and applicable NIST
guidelines?
<--- Score
Tr a n s f e r y o u r s c o re t o t h e I n f o r m a t i o n
Security Management Index at the
beginning of the Self-Assessment.
15
SELF-ASSESSMENT SECTION
START
16
CRITERION #3: MEASURE:
5 Strongly Agree
4 Agree
3 Neutral
2 Disagree
1 Strongly Disagree
17
networks, using a vulnerability analysis tool, for
security exposures?
<--- Score
Tr a n s f e r y o u r s c o re t o t h e I n f o r m a t i o n
Security Management Index at the
18
beginning of the Self-Assessment.
19
SELF-ASSESSMENT SECTION
START
20
CRITERION #4: ANALYZE:
5 Strongly Agree
4 Agree
3 Neutral
2 Disagree
1 Strongly Disagree
21
analyzed?
<--- Score
Tr a n s f e r y o u r s c o re t o t h e I n f o r m a t i o n
Security Management Index at the
beginning of the Self-Assessment.
22
SELF-ASSESSMENT SECTION
START
23
CRITERION #5: IMPROVE:
5 Strongly Agree
4 Agree
3 Neutral
2 Disagree
1 Strongly Disagree
2. What is at Risk?
<--- Score
24
4. Outline the types of risk responses that are
acceptable to the organization (e.g., is risk
transfer/sharing feasible and acceptable at this
facility?
<--- Score
Tr a n s f e r y o u r s c o re t o t h e I n f o r m a t i o n
Security Management Index at the
beginning of the Self-Assessment.
25
SELF-ASSESSMENT SECTION
START
26
CRITERION #6: CONTROL:
5 Strongly Agree
4 Agree
3 Neutral
2 Disagree
1 Strongly Disagree
27
monitoring activities?
<--- Score
Tr a n s f e r y o u r s c o re t o t h e I n f o r m a t i o n
Security Management Index at the
beginning of the Self-Assessment.
28
SELF-ASSESSMENT SECTION
START
29
30
CRITERION #7: SUSTAIN:
5 Strongly Agree
4 Agree
3 Neutral
2 Disagree
1 Strongly Disagree
31
4. We have defined Information Security
Managements KPIs
<--- Score
Tr a n s f e r y o u r s c o re t o t h e I n f o r m a t i o n
Security Management Index at the
beginning of the Self-Assessment.
32
Index
acceptable 25
acceptance 28
access 2, 4, 11, 15
accomplish 3
achieve 3
activities 28
addition 4
advise 4
affecting 6
Against 27
agenda 25
alleged 1
alongside 18
analysis 5-6, 18
analyze 2, 21-22
analyzed 21-22
analyzing 18
answer 6, 11, 14, 17, 21, 24, 27, 31
answered 12, 15, 18, 22, 25, 28, 32
answering 5
appear 1
applicable 6, 11, 14-15, 28
Architect 3
Architects 3
arrive 18
asking 1, 3
assessment 4, 17, 25
assets 25
assistant 3
attention 6
auspices 4
author 1
Average 6, 12, 15, 18, 22, 25, 28, 32
background 5
barriers 21
beginning 2, 9, 12, 15, 19, 22, 25, 28, 32
belief 6, 11, 14, 17, 21, 24, 27, 31
benefit 1
benefits 31
better 3
33
Blokdyk 4
breaches 32
business 1, 3, 5, 14-15, 17, 25, 28
businesses 15
capable 3
caused 1
causes 21
chaired 4
challenge 3
Challenges 31
Champagne 4
change 11
changes 18
checklist 4
choose 6
claimed 1
clearly 6, 11, 14-15, 17, 21, 24, 27, 31
client 4
closely 5
collect 22
collection 18
companies 1, 4, 18
company 3
comparison 5
Complete 1-2, 4-5
completed 6
complex 3
comply 11
compute 6
concerns 21
confirm 6
consider 25
consistent 11, 14-15, 28
consultant 3
Contact 3
contacted 4
contained 1
containing 4
Contents 1-2
continuity 14, 28
CONTROL 2, 27
Controls 32
convey 1
34
conveyed 28
Copyright 1
correct 17, 27
correspond 5
covered 15
creating 3
criteria 5
CRITERION 2, 11, 14, 17, 21, 24, 27, 31
Critical 27, 31
crystal 6
current 17
customers 1
damage 1
decisions 24
dedicated 3
deeper 6
deepest 4
Define 2, 14-15, 21
defined 6, 11, 14-15, 17, 21, 24, 27, 31-32
Defining 3
department 3
described 1
design 1, 4-5
designed 3, 5
designing 3
determine 5
Develop 24
developed 4, 21, 28
devices 11
different 3
directly 1
directors 25
Disagree 5, 11, 14, 17, 21, 24, 27, 31
disaster 14, 28
Divided 12, 15, 18, 22, 25, 28, 32
document 5
documented 18, 21
documents 3, 27
editorial 1
Education 3
electronic 1
elements 4-5
employee 12
35
empower 3
enough 3
enterprise 17, 24
entity 1
establish 24
evaluation 17, 25
evidence 6
evolution 17
Example 2, 7
examples 3-4
excellence 3
excerpt 1
executive 3, 28
existing 5
Expert 4
explained 5
exposures 18
extent 5
facilitate 5
facility 5, 25
Factors 31
fashion 1
feasible 25
finalized 7
follow 17, 25
following 5-6
format 5
formula 6
Formulate 14
function 28
future 3, 21
Gather 6, 17
Gerardus 4
getting 15
graphs 4
gratitude 4
guidance 1
guidelines 11, 14-15, 28
happens 3
helpful 18
helping 3
humans 3
hypotheses 21
36
identified 1, 18, 22
identifies 11
identify 5, 21-22
Identity11
impact 17, 22
impacts 18
Implement 27
IMPROVE 2, 4-5, 24
Imputs 32
incident 12
incidents 32
Included 4
includes 4
in-depth 6
indicators 22
indirectly 1
individual 1
informed 12
initiative 5
Innovate 24
intended 1
INTENT 11, 14, 17, 21, 24, 27, 31
intention 1
interests 22
interfaces 32
internal 1
interpret 6
invaluable 4
involved 24
issued 12
issues 12
itself 1
judgment 1
knowledge 5
Liability 1, 12
limited 5
listed 1
losses 21
Maintain 27
managed 3
Management 1-2, 4-8, 11-12, 15, 17-18, 21-22, 24-25, 27-28, 31-
32
manager 3, 5
37
marketer 3
materials 1
mature 31
measure 2, 5, 17, 22, 24
mechanical 1
mediate 17
meetings 25
monitoring 28
monitors 28
nearest 6
necessary 22
neither 1
network 11
networks 18
Neutral 5, 11, 14, 17, 21, 24, 27, 31
Notice 1
number 12, 15, 18, 22, 25, 28, 32-33
objective 3
objectives 14
obtained 21
obviously 6
official 28
one-time 3
ongoing 27
Operation 18, 31
operations 5
otherwise 1
outcome 6
outcomes 21
Outline 25
Outputs 32
overall 5-6
particular 18
people 3, 12
performed 17
permission 1
permitted 1
person 1
planning 4
points 12, 15, 18, 22, 25, 28, 32
policy 11-12, 14-15, 28
position 24
possible 18, 27
38
potential 21
practical 24, 27
practice 31
practices 1, 5
precaution 1
prevent 21
printing 4
prioritize 17
probably 18
problem 11, 14
procedures 5
process 1, 3, 5, 17, 28
processes 21
product 1
products 1
program 11, 14-15, 28
project 3-4
protected 27
protection 27
provide 27
provided 4, 6
publisher 1
Purpose 2, 4
quality 1, 5, 18, 21
question 5-6, 11, 14, 17, 21, 24, 27, 31
questions 3-5
quickly 5
really 3
recognise 12
RECOGNIZE 2, 11-12
recording 1
recovery 14, 28
references 33
reflect 28
regular 25
regularly 17
relative24
remedial 21
remote 14
rephrased 5
report 22
reported 25
reporting 31
39
reproduced 1
request 25
requested 1
Research 3
reserved 1
Resources 2, 4, 27
respect 1
responded 6
responses 25
result 18
Resulting 18
results 24-25, 28
Retain 31
review 5
reviewed 25
rights 1
roadmaps 15
Scorecard 2, 6-8
Scores 8
scoring 5
second 6
section 6, 12, 15, 18, 22, 25, 28, 32
Security 1-2, 4-8, 12, 15, 17-18, 21-22, 24-25, 28, 31-32
selected 18
sellers 1
sensitive 12
series 5
Service 1-4, 31
services 1, 4
several 4
sharing 25
should 3
single-use 3
situation 17
skills 22
solution 24, 27
Someone 3
standard 3
standards 1, 5
started 4
starting 5
statement 6, 12
statements 6, 12, 15, 18, 22, 25, 28, 32
40
strategy 28
Strongly 5, 11, 14, 17, 21, 24, 27, 31
subject 25
Success 31
support 3, 25
Surveys 4
SUSTAIN 2, 31
symptom 11
system 5, 15, 18
systems 15, 17
talking 3
templates 3
thankful 4
through 15, 25
throughout 1
Toolkits 3
tracks 28
trademark 1
trademarks 1
Transfer 6, 12, 15, 18, 22, 25, 28, 32
Triggers32
trying 3
Unless 3
update 17
updating 27
usefully 5
valuable 3
variation 11
Version 33
warranty 1
weaknesses 28
whether 3
within 3, 31
without1, 6
written 1
41