Security Mgt U10, world class security infrastructure

1. business partner trust
2. customer confidence
3. leverage for security programmes
4. mgt attention for deficiencies
5. public recognition
6. efficient, low cost
7. more control for external auditors

1. increasing threats
2. increasing expectations
3. increasing exposure

1. kinds
   1. espionage
   2. sabotage
   3. deception
2. knowledge has become power
   1. power struggles over control of information
3. information has become increasingly available
   1. growth in information brokering

1. growth of diversity
   1. growth in extreme advocates
2. globalisation of IT
   1. terrorists acquire IT capability
   2. terrorism becomes transnational

1. vendors' intrinsic security
2. interoperability, manageability, scalability

1. anticipates problesm
2. avoids single points of failure
3. extends across enterprise
4. flexible
5. continuous improvement
6. long-lasting infrastructure

1. technology
   1. applications
   2. architecture
   3. infrastructure
   4. adopted standards

      Attachments:

      • Security Mgt U10, Be pragmatic about technology standards (chart)
2. people

   Attachments:

   • Security Mgt U10, select appropriate style of guidance (chart)
   1. org structure
   2. roles and responsibilities
   3. culture & attitutdes
   4. skills & training
3. processes
   1. compliance
   2. procedures

1. project
2. value chain
3. asset

Attachments:

• Security Mgt U10, Scope of Incident Response (chart)

1. industry standards
2. assurance processes that build trust across boundaries
3. agreed protocols & strength of mechanisms
4. reconized classification schemes for data, systems and connections
5. consistent user authentication standard
6. common security policy definition language