Information Security Management

As key risks are identified, the inevitable question is usually asked:

What do I need in order to improve information security?

Our answer to this question is the Information Security Management Framework.

This framework includes a conceptual architecture for information security. The framework is a based on a multiple layer, defence-in-depth model. A model, that aligns all activities from governance to technical architecture development. It is built on sound risk management practices and is aligned with external & regulatory requirements.

Each section of the framework contains at least two parts. Key Components are listed together with Key Considerations. This way we highlight not only what has to be included, but also some of the best approaches one might want to take.

The diagram below depicts these two aspects:


Please click on the image for a larger version.

The conceptual architecture can be used effectively in conjuction with other frameworks. It can provide valuable input to initial strategy development and serves as the base for implementation planning.

<back to top>

The diagram below presents a conceptual architecture component:


Please click on the image for a larger version.

The component color coding on this diagram reflects the priority given to the specific component. Such priority is established in discussion with management, and serves as an input to implementation planning.

Such an approach and framework is beneficial because it

For relevant capabilities please read the Security Architecture and Business Process (Re)Design sections in the Design category here, and the Security Awareness section in the Document Development category here.

If we can assist you in any ways please feel free to contact us for further information. Our consultants will be happy to assist you with your enquiry.

<back to top>