SECURELINK GOVERNANCE

SECURITY POLICY AND FRAMEWORKS

Agencies and organisations need to have a Governance Framework that outlines the high-level policy objectives to be achieved. Business mission statements or objectives will drive this framework with guidance from Australian and International Standards. Security policies are translated into procedural documentation for staff and employees.

SecureLink ensures that the framework incorporates other management plans within the organisation. Plans like emergency, security, crisis management and business continuity planning all facilitate an effectively managed security environment.

SecureLink’s consultants are able to plan, provide, implement and monitor a complete and comprehensive security framework for industry and government.

INFORMATION SECURITY MANAGEMENT SYSTEMS

The ISMS standards suggest a properly defined governance framework is required to ensure that processes are carried out efficiently and effectively.

The focus of the ISMS includes understanding and applying information about the roles and responsibilities, documentation, and ICT Security policies to enable a secure ICT environment for clientele.

SecureLink has successfully developed, implemented and maintains ISMS structures achieving compliance for many clients that have subsequently achieved ISMS Certification to the International Standard (ISO 27001).

SECURITY RISK MANAGEMENT

Risk Management is a methodology for comprehensively and systematically managing risks in an organisation or agency.

The process of Risk Management incorporates the assessment and treatment strategies consistent with recognised standards including:

• ACSI33
• PSM, Part B
• ISO/IEC27001
• ISO/IEC 27005
• AS/NZS 4360 – “Risk Management”

Risk Management Plans are developed to manage risks to systems, sites and organisations, to determine the impact of a proposed change, or to focus on identified high risk areas. The risk management plan framework begins with the establishment of context and assets potentially under threat, follows on to the identification of risks, performs an analysis of these risks, conducts an evaluation and then provides a risk treatment plan aimed specifically at controlling risks to an acceptable level.

BUSINESS CONTINUITY MANAGEMENT

Business Continuity plans are “designed to counteract interruptions to business activities and protect critical business processes from the effects of major failures of information systems.” [ISO/IEC 17799:2005] The business continuity process should be developed from the perspective of reducing the impact a disaster may have upon critical business functions and for restoring these functions in the most effective possible way. These principles are expanded in the BCM Standard ISO 25999.

The benefits of having working and useful Business Continuity are enormous and may range from proactive actions to prevent loss of business functionality, minimising the amount of “downtime” your organisation has in the event of an emergency, the management of uninsurable risks, greater staff involvement in the business and an improvement in company image.

SecureLink is able to analyse, design and document an effective and efficient Business Continuity Strategy for your business by providing consultants that will gain an understanding of your organisation, its business critical processes and management commitment to continued availability, determining the strategy to be adopted, leading to the development of a business continuity management plan, and a test and evaluation period to ensure that plans are effective.

CONTINGENCY PLANS

SecureLink’s consultants utilise their experience to ensure contingency plans are consistent, address information security requirements, and identify the priorities for testing and maintenance. Such plans describe the organisation’s approach to emergency response, business continuity management and disaster recovery.