News Releases
InfoSecurus, Inc.
P.O. Box 205
Portland, ME 04112
email: info@infosecurus.com
Ph: (207) 514 0599
All RightReserved 2006-2009
InfoSecurus, Inc.
Main > Consulting
Security Management
There are many security-related tasks and challenges that face an organization. Day-to-day management of the security program requires constant focus on measuring, rating, and improving the effectiveness and efficiency of both the control environment and the security program itself. For a regulated industry many of these processes are mandatory. InfoSecurus specialists can assist you through development and support in creating the following security management processes.
- Risk Assessment
- Measurement and Metrics development
- Vendor management consulting
Vendor Management
Every organization relies on external vendors for providing such services… And in the process of providing these services, the vendor may have access to data that is not public in its nature. That’s why an organization must demonstrate due diligence in selecting its vendors and maintaining the relationship. In this process, the following rules apply:
- Your organization may delegate authority, but it may not abrogate responsibility
- The main concern is the data and process integrity and security
A vendor management practice must concentrate its attention around identifying and mitigating the risks associated with external access to data and external processes that may negatively affect the integrity or confidentiality of the company’s data. The regulations, such as the Gramm-Leach-Bliley Act (GLBA), Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) or California Senate Bill 1386, emphasize assurance that customer data is treated as private and any breaches are reported. For regulations such as the Sarbanes-Oxley Act (SOX) and the UK Companies Bill, the emphasis is on corporate governance, so the areas of concern are visibility and security of vendor processes that ultimately provide information used in corporate planning and reporting.
iSecurus Security Management specialists are well versed in current regulations requirements. We can be of assistance to your organization in any stage of the vendor management lifecycle, from program design and inception, to specific vendor evaluation. Please contact consulting@infosecurus.com for more information.