Communiquez avec les autres et partagez vos connaissances professionnelles

Inscrivez-vous ou connectez-vous pour rejoindre votre communauté professionnelle.

Suivre

Why does a company need to establish & implement a Cybersecurity Program? whats the difference between Cybersecurity Program & ISMS?

user-image
Question ajoutée par Hemza ATOUB , Sr. CYBER SECUIRITY Consultant IT/OT Certified IBM QRadar| Arcsight SIEM | ISO 27k1 | ICS | 20 CSC , CONFIDENTIAL
Date de publication: 2017/08/08
Aamir Kundi
par Aamir Kundi , Senior Manager Risk & Compliance Mgt (Network & Information Security) , PAKISTAN TELECOMMUNICATION COMPANY LIMITED (PTCL)

Cyber Security Programs are needed to:

1. Manage Enterprise Risks, that involves assessing risks to the enterprise and scoping enterprise IT systems to contain those risks and deploy mitigating controls and capabilities.

2. Assess Security, that  involves evaluating the security that is currently deployed to assess its effectiveness and comprehensiveness compared to the negotiated

business need.

3. Make Improvements, that  involves planning improvements to enterprise cybersecurity by deploying or improving technologies and processes.

4. Security Capabilities, are what are delivered by cybersecurity technologies

and processes and what enable the enterprise to accomplish its cybersecurity

objectives.

5. Security Controls, apply those capabilities to address specific concerns,

providing prevention, detection, forensics, or audit of the behavior that is of

interest.

6. Operate Cybersecurity, involves operating cybersecurity technologies, processes, capabilities, and controls to deliver cybersecurity to the enterprise.

7. Assess Operations, involves measuring cybersecurity performance to understand what cybersecurity threats are occurring and how well defenses are serving to counter those threats.

8. Report Status, involves reporting cybersecurity status both internally according to internally negotiated frameworks and standards, and externally to regulators, insurers, and other interested parties.

Mostafa  El Shafei
par Mostafa El Shafei , Senior System Administrator , Futurecom

Cybersecurity program is one of alot of polices and procedurs in the ISMS (Information Security Managment System), but ISMS are set of policies and procedures managing the sensitive data in the organization to minimize risk and ensure business continuity by limiting the impact of a security breach.

More Questions Like This