Abstract – Managing Information Security (InfoSec) within an organization is becoming a very complex task. Currently, InfoSec Assessment is performed by using frameworks, methodologies or standards which consider separately the elements related to security. Unfortunately this is not necessarily effective because it does not take into consideration the necessity of having a global and systemic, multidimensional approach to ICT Security evaluation. This is mainly because the overall security level is only as strong as the weakest link. This chapter proposes a model aiming to holistically assess all dimensions of security in order to minimize the likelihood that a given threat takes advantage of the weakest link. Then a formalized structure taking into account all security elements is presented. The proposed model is based on, and integrates, a number of security best practices and standards that permit the definition of a reliable InfoSec framework. At this point an assessment process should be undertaken, the result of which will be the assurance that InfoSec is adequately managed within the organization. The added value of this model is that it is simple to implement and responds to concrete needs in terms of reliance upon efficient and dynamic evaluation tools and through a coherent evaluation system.
The URI to TrackBack this entry is: https://iglitashi.wordpress.com/2010/04/11/a-security-assurance-model-to-holistically-assess-the-information-security-posture/trackback/