1 / 4

IT Governance, Policy, Procedure and all that stuff….. We don’t need to bother with it do we?

IT Governance, Policy, Procedure and all that stuff….. We don’t need to bother with it do we?. ICTF Conference – Workshop – 2010 Sarah Lawson – IT Coordinator, NPEU Sarah.lawson@npeu.ox.ac.uk. A mind map of thoughts around IT Governance. IT Governance.

shiri
Download Presentation

IT Governance, Policy, Procedure and all that stuff….. We don’t need to bother with it do we?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IT Governance, Policy, Procedure and all that stuff….. We don’t need to bother with it do we? ICTF Conference – Workshop – 2010 Sarah Lawson – IT Coordinator, NPEU Sarah.lawson@npeu.ox.ac.uk

  2. A mind map of thoughts around IT Governance IT Governance

  3. IT Governance – Why Bother ?– some contentious statements Information Security is one of the most important parts of an IT Professionals job – we are the gate keepers of the information held on the systems we support. As IT professionals it is our job to be aware of and adhere to all necessary regulations and good practice relating to the IT systems we support. The risk associated with security incidents concerning data stored on IT systems is so great that all IT staff should be trained in Risk management and audit control. Over the coming years there will be an increasing number of regulations, laws and rules that will govern the use of IT. The IT professional will have to be able to know them all!

  4. Some Possible Regulations you may like to – or HAVE to follow • BS ISO/IEC 27001 – Information Technology – Security Techniques – Information Security Management Systems - Requirements. • BS EN ISO 9000:2005 – Quality Management Systems – Fundamentals and vocabulary • NISCC (National Infrastructure Security Co-ordination Centre)- Forensic Readiness planning • CESG (Information Assurance arm of GCHQ) - The National Technical Authority for Information Assurance • Data Protection Act 1998 • Freedom of Information Act 2000 • Environmental Information Regulations 2004 • Human Rights Act 1998 • All common law – contract, tort etc. • Cabinet Office HMG Security Policy Framework • Regulations required by your funding body or sponsor – NHS, MRC, DIMS etc • Good practice guidelines and regulations for your institution.

More Related