Question

The book identifies a basic information security manager’s checklist (page 30). Please locate and identify an information security manager’s checklist, which is more in-depth and detailed than the one found in the textbook.

• Why is a well defined information security manager's checklist an asset to an organization?

Answer 1

Why a well-defined information security manager's checklist an asset to an organization:

It in general and overall, helps the busy security managers to complete their projects, processes, daily tasks, activities, responsibilities, assigned job, etc, quickly, easily, effectively, and efficiently. The daily checklist sets a basis for the rest of the reoccurring action items and problems identifying them over time and calls for diagnostic service, do a root cause analysis figuring out what happened, how long this been happening, and when it even started. It is a document set as a record indicating and supporting due diligence actions. This is required as an asset for the organization's safety, as a proof in case the organization is brought to court, or filed for a lawsuit to have been failed to maintain data- its, its employees', its clients', and customers' data properly.

It in general, helps information security manager, the IT Support team's operations or specifically the information security team in the organization to see if they run their operations and functions without any glitches, be resilient in the case of incidents and events, prevent, detect, repair, and restore from incidents and events in its daily operations for business.

It helps the information security manager to strategically monitor daily actions frequently requesting for status reports from the systems in the organization such as- total number of users logged on to their machines, systems, services, network, etc; resource load on applications, network, servers, etc; audit log size, etc. It also helps the organization's business to identify, assess, and manage information security risks. Based on this, it helps the security team to choose the security measures appropriate for the organization's business requirements.

It in general, helps the management and organizational information security to be in place. From the information security policy perspective, it ensures the organization's business has approved and published information security policies guiding and providing support for information security abiding their business requirements and relevant laws and regulations and these policies are regularly reviewed for updates, changes, and ensuring they are followed and requirements are met.

From the organization's information security responsibility perspective, it ensures the company's business has defined and allocated information security responsibilities and has a framework established coordinating and reviewing the implementation of information security.

From an outsourcing perspective, it ensures the organization's business has written agreements in place with all of its third party service providers, vendor companies, partners, and processors ensuring the personal data they hold and access, and process on the organization's behalf is protected and secure.

From the organization's staff and information security awareness perspective, it ensures they are provided with proper training and awareness for the same. It ensures the organization's business conducts regular information security awareness training for all staff, including temporary, substitute employees or workers, or contracted employees, ensuring everyone related are aware of and fulfill their respective responsibilities.