ISAAM - an evaluation model to holistically assess the information security posture & PwC Global Information Security Survey

ISAAM

With Igli Tashi, Ph.D., CISA, PricewaterhouseCoopers / Risk Assurance

Abstract:

Information systems have become a critical element of every organization’s structure. A malfunction of the information and communication technology (ICT) infrastructure can paralyses the whole organization and have disastrous consequences at many levels (e.g., finances and reputation, to name just two). On the other hand, modern businesses and organizations collaborate increasingly with companies, customers, and other stakeholders by technological means. This emphasizes the need for a reliable and secure ICT infrastructure for companies whose principal asset and added value is information. This evaluation model proposes a global and systemic multidimensional integrated approach to the holistic evaluation of the information security posture of an organization. The Information Security Assurance Assessment Model (ISAAM) is based on, and integrates, a number of information security best practices, standards, methodologies and sources of research expertise, in order to provide a generic model that can be implemented in organizations of all kinds as part of their efforts towards better governing their information security.

This approach will contribute to improving the identification of security requirements, measures and controls. At the same time, it provides a means of enhancing the recognition of evidence related to the assurance, quality and maturity levels of the organization's security posture, thus driving improved security effectiveness and efficiency.

The value added by this evaluation model is that it is easy to implement and operate, and that through a coherent system of evaluation it addresses concrete needs in terms of reliance on an efficient and dynamic evaluation tool.

Short Bio:

Igli tashi holds a Ph.D. in Information Systems and a Master of Advanced Studies in Legal Issues, Crime and ICT Security, both from the University of Lausanne. During this period he was involved as an external expert in several projects for public and private organizations and presented lectures on Information Security and Risk for different institutions of higher education. He has authored several research papers published in specialized journals and internationally recognized conferences. He has co-written “Information Security Evaluation: a holistic approach” published by EPFL Press and internationally distributed by CRC press. Igli joined PwC in September 2010 and he has spent most of his time working on IT Security Audits and information security engagements as an active member of PwC’s OneSecurity initiative.

Date: Monday December 12th, 2011, 6:15 pm

Location: Battelle bât A, auditorium ground floor

2 novembre 2011

À la Une