Information Security Management
Information is the lifeblood of any business operation. Increasingly, vast amounts of sensitive, ‘mission-critical’ data are stored and communicated electronically.
As an experienced Chief Information Security Officer, I know the opportunities and pittfalls.
Unauthorised access or a lapse in security control can lead to serious consequences such as
- Leakage of confidential company or personal data;
- Disruption to critical business systems;
- Fraud and other financial losses;
- Serious damage to the organisation‘s reputation.
Managing IT security can be a time-consuming and expensive process. This is especially the case in complex, distributed IT environments, where maintaining appropriate levels of security can be very considerable in administrative and financial terms.
Managing IT security requires a blend of traditional management principles and common sense together with solid technical expertise. I bring this specialised combination of skills and experience to you. More specifically, I address the risk of unauthorised access by:
- defining clear management policy and direction;
- developing security solutions that deal with the highest priority risks to the business;
- standardising security processes wherever possible to avoid inefficiency, reliance on experts, and gaps in protection;
- using the most appropriate security technologies to protect sensitive systems; and
- building security into the IT and organisational infrastructure allowing risky new technology to be deployed quickly and safely.
While it is impossible to achieve 100% security, I help organisations set and obtain realistic objectives as cost-effectively as possible. My information security assessments enable you to devise practical action plans, set improvement targets, develop solid business justifications and win management support and involvement.Information security is a continuous process which needs constant improvement based on new business needs and risks identified. The output can be used as an input to initiate the Information Security Lifecycle, where organisational leaders can take further actions to implement, re-test and improve the maturity of information security management.
My information security management methodology has been developed to help organisations improve core information security management and associated processes that, if ineffective, may be the root cause of many of the identified security exposures. His approach accommodates the transfer of knowledge to professionals who will help to initiate and re-enforce good security practices during and after the engagement. His independence allows him the freedom to choose the best technology and resources available. Marc has developed a unique project strategy for information security management solutions. The success of his strategy is founded on four key elements—vision, team, process and technology. My information security policies, standards, procedures, guidelines, implementation, trainings are inspired amongst others on:
- ISO 27001 Information Security Management System requirements
- ISO 27002 Security Management Code of Practice
- NIST SP-800 security series
- SABSA security architecture model
- ISACA COBIT audit guidelines
- ISACA Information Security Governance 2nd edition (co writer)
- IIA GTAG series
- Identity & Access Management standard NIST SP800-103