Fri Apr 8 06:51:39 PDT 2016

Management: How does the enterprise manage the information protection program?


Option 1: Use the enterprise security management approach shown in the depiction.
Option 2: Use an externally mandated approach.


IF External requirement MANDATE another approach,
THEN Use the externally mandated approach.
OTHERWISE Use the identified security management approach shown in the depiction..

Security Management
Uses Power and Influence
to Control the Protection Program.
Organizational Governance
Business Processes
Human Actuators & Sensors
Management Processes Elements
Act Management Obs
Yes Policy
Yes Standards
Yes Procedures Yes
Yes Documentation Yes
Auditing Yes
Testing Yes
Yes Technology
Yes Personnel Yes
Incidents Yes
Yes Legal Yes
Yes Physical Yes
Yes Knowledge
Yes Training Yes
Yes Awareness Yes
Yes Organization Yes
Security managed business processes


Enterprises manage by structures involving people with power and influence and organizational elements.

Copyright(c) Fred Cohen, 1988-2015 - All Rights Reserved