Security management in organizations with Leonardo Huertas.
April 21, 2016. Chapter 6 of ElevenPaths Talks is about one of the most topical issues in security. Organizations have an increasing number of assets exposed online and a greater need to protect and secure their resources. Leonardo Huertas, CSA of ElevenPaths in Colombia, tells you how to manage corporate security. Find out how!
Corporate insecurity is a topical issue since we are exposed to information security risks on a daily basis. Ideally, we should minimize the risk the organization is exposed to in order to preserve the “security triad” (information confidentiality, integrity and availability).
Most incidents derive from human “oversights.” Efforts must be focused on preventing security incidents by using an Information Security Management System (ISMS). This system consists of a series of management activities that must be carried out through systematic, documented processes which are known by the organization or entity.
Since there is “no 100% secure system,” a security management system seeks to ensure that security risks are known, assumed, managed and minimized by the organization, and that adaptation to organizational changes is allowed for.
Continuous improvement of corporate security is only possible if any possible risks are identified and, subsequently, a series of countermeasures is implemented to attain a continuous improvement process. Whenever the budget is a concern, correct security management helps to find the right cost/benefit balance by neutralizing threats. This is possible with advance and appropriate assessment which identifies risks and implements efficient countermeasures and controls.
This Talk addresses the following aspects among others:
- Basic/general concepts of an ISMS
- PDCA cycle (plan, do, check, act)
- Aspects handled by an ISMS
- Relationship with other regulations
You may be interested in the following article by our expert: