Artefact(s) is any expression of content or a collection of logically related material in electronic and or visual presentment that includes all forms and descriptions including: written language, models, graphs, charts, objects, architectures, designs - considered as outcomes from intellectual effort.
When a company embarks upon the journey of establishing a robust Security Governance, it will ensure that its vision, goals and strategy are embedded in and supported by the Enterprise Security Program (ESP). In turn, ESP then develops Intellectual capital that will include the rules through which management directs security to be implemented, comply with and maintained. Furthermore, the requirements should be derived directly from business needs, and are aligned with corporate strategic drivers. Besides its very important role of protecting corporate information, corporate governance controls must be developed to ensure confidentiality and privacy of the information being collected, processed, stored or entrusted by clients to an organization.
Intellectual capital is defined as any outcome of security related intellectual effort, written or visual, and is a reusable form of content that has sustainable and internal value to an enterprise. Developed artefacts will translate the applicable legislative and regulative requirements along with the industry applicable standards.
By developing security artefacts, Your company will ensure employees have a common body-of-knowledge that clearly states what is expected from them and how to secure the information. Effective Security Governance will ensure corporate compliance with regulatory or legal requirements along with effective enforcement of contractual obligations and pragmatic security risk management.
RSS Inc. offers an Intellectual Capital Development Service that caters to our client's needs. Our seasoned professionals have developed Security Governance artefacts in various industry sectors from conceptual to implementation stages and they are in full compliance with our client's industry applicable requirements.
The required Security Governance' artefacts encompass the following:
Policies: high level-documents that represents the corporate philosophy and
strategic thinking of senior management and the business process owners.
Standards: derived from the policy, and define specific, measurable statements that
can be used to subsequently verify compliance to Security Governance. Standards
are compulsory and are implemented throughout an organization for uniformity.
Procedures: embody the detailed steps that are followed to perform a specific task.
Procedures are very detailed and linked to a certain technology, business application
or process, and consist of step-by-step instructions that explain what the user shall do
to implement and comply with the policy and standards.
Guidelines: refer to the methodologies of security systems, business processes, etc.,
but are only recommended actions and are not compulsory. Guidelines are more
flexible than standards and take into consideration the varying nature of business
Rules: within the context of safety and governance, rules are to be written and
published to ensure conduct and work accomplishment.
Security Governance artefacts are developed, implemented and maintained by building upon and customizing the following industry recognized governance' body-of-knowledge (i.e. frameworks, legislations, regulations, standards and Best Practices):
ISO27001 Information Security Management System Specification
ISO27002 Code of Practice for Information Security Management (old ISO17799)
ISO27005 ISMS Risk Management
IT Governance Institute and Information Systems Audit and Control Foundation
Control Objectives for Information Technology (COBITv.4.1)
Information Technology Infrastructure Library (ITIL v.3)
Canadian Institute of Chartered Accountants Information Technology
Control Guidelines (CICA)
Payment Card Industry Data Security Standard (PCI-DSS)
Personal Information Protection and Electronic Documents Act (PIPEDA)
Personal Health Information Protection Act (pHIPA)
Sarbanes Oxley Act (SOX)
Bill 198 and CSA-MI52-109 (C-SOX)
NERC Critical Infrastructure Protection (CIP)
Best Practices (e.g. RCMP, NSA, NIST,
RSS Inc. team will work in tandem with our client assigned team throughout the entire engagement thus ensuring the knowledge sharing.
There are times when companies do not have the resources or internal knowledge to develop security governance artefacts.
By engaging RSS Inc. for short-term outsourcing assistance, it will enable companies to utilize seasoned professionals who have played a major role in developing security artefacts in various public and private sector organizations. By bringing the external experience to the table, our clients will be in the position to shorten the information security governance maturing phase.
Successful security governance will help in risk management by minimizing the potential disruptions of business activities and deliver value by ensuring that the promised benefits match up against the envisioned strategy.
RSS Inc. team will provide mid and long-term plans containing milestones for Intellectual Capital Development.