This book presents a framework to model the main activities of information security management and governance. The same model can be used for any security sub-domain such as cybersecurity, data protection, access rights management, business continuity, etc.
Table of Contents
Introduction. 1. Governance and Management. 2. Control Framework. 3. Using the Control Framework. 4. Strategy. 5. Policy and Guidelines. 6. Organization. 7. Risk Management. 8. Security Program Management. 9. Reporting. 10. Asset Inventory. 11. Compliance. 12. Metrics and KPI.
Andrej Volchkov is an independent consultant in the field of information security governance and program management. He has more than 30 years of experience as a security program manager and responsible for new technologies and IT change management at Pictet Group, a major financial institution based in Geneva, Switzerland. Within Pictet he was also in charge of compliance projects in the field of data privacy and data protection. Previously, he served as head of information security, compliance, and internal solutions in IT. He was also a project leader likewise responsible for IT architecture and new technologies at Pictet.Andrej is a lecturer at Geneva University in the domain of security governance and management, and invited speaker at some major international conferences. He graduated in Mathematics and IT Technology, holds an MBA from the Geneva School of Economics and Management, and is member of major international IT and security associations.