1. Principles to avoid mistakes
One of the key organizational principles for information systems security is to have a dedicated ICT (information and communication technologies) risk management framework, a dedicated audit and testing plan, and a specific training and awareness program. This also takes into account the need to monitor risks via a dedicated dashboard. Figure 1 illustrates these principles, which concern the implementation of a global governance framework for the management of risks linked to information and communication technologies (ICT), the implementation of a dashboard enabling regular monitoring of these risks, the implementation and monitoring of information system security audit tests, and the monitoring of employee training in information security issues.
The Ultimate Scientific and Technical Reference
This article is included in
Security of information systems
This offer includes:
Knowledge Base
Updated and enriched with articles validated by our scientific committees
Services
A set of exclusive tools to complement the resources
Practical Path
Operational and didactic, to guarantee the acquisition of transversal skills
Doc & Quiz
Interactive articles with quizzes, for constructive reading
Principles to avoid mistakes
A few words on the technical side
Bibliography
Standards and regulations
- Management de la sécurité du système d'information - ISO 27001 -
- Mesure de la sécurité du système d'information - ISO 27002 -
- gestion des risques liés à la sécurité de l'information - ISO 27005 -
- Lead Cybersecurity Management - ISO 27032 -
- Sécurité des applications - ISO 27034 -
- Gestion des incidents de sécurité de l'information - ISO 27035 -
- Management de...
Directory
Organizations – Federations – Associations (non-exhaustive list)
ANSSI – French Information Systems Security Agency
CESIN – Club of information and digital security experts
...
The Ultimate Scientific and Technical Reference
