90 likes | 284 Views
IT Governance, Policy, Procedure and all that stuff….. We don’t need to bother with it do we?. ICTF Conference – Workshop – 2010 Sarah Lawson – IT Coordinator, NPEU Sarah.lawson@npeu.ox.ac.uk. A mind map of thoughts around IT Governance. IT Governance.
E N D
IT Governance, Policy, Procedure and all that stuff….. We don’t need to bother with it do we? ICTF Conference – Workshop – 2010 Sarah Lawson – IT Coordinator, NPEU Sarah.lawson@npeu.ox.ac.uk
A mind map of thoughts around IT Governance IT Governance
IT Governance – Why Bother ?– some contentious statements Information Security is one of the most important parts of an IT Professionals job – we are the gate keepers of the information held on the systems we support. As IT professionals it is our job to be aware of and adhere to all necessary regulations and good practice relating to the IT systems we support. The risk associated with security incidents concerning data stored on IT systems is so great that all IT staff should be trained in Risk management and audit control. Over the coming years there will be an increasing number of regulations, laws and rules that will govern the use of IT. The IT professional will have to be able to know them all!
Some Possible Regulations you may like to – or HAVE to follow • BS ISO/IEC 27001 – Information Technology – Security Techniques – Information Security Management Systems - Requirements. • BS EN ISO 9000:2005 – Quality Management Systems – Fundamentals and vocabulary • NISCC (National Infrastructure Security Co-ordination Centre)- Forensic Readiness planning • CESG (Information Assurance arm of GCHQ) - The National Technical Authority for Information Assurance • Data Protection Act 1998 • Freedom of Information Act 2000 • Environmental Information Regulations 2004 • Human Rights Act 1998 • All common law – contract, tort etc. • Cabinet Office HMG Security Policy Framework • Regulations required by your funding body or sponsor – NHS, MRC, DIMS etc • Good practice guidelines and regulations for your institution.