Academic journal article ABA Banking Journal

Security Policy and Other "Resiliency" Disciplines

Academic journal article ABA Banking Journal

Security Policy and Other "Resiliency" Disciplines

Article excerpt

Some risk management specialists insist that a relevant, truly expertly written security policy reflects an organization's sophisticated approach to operational risk management and gets nested as follows:

1. Operational risk plan (including dashboard of risk indicators for the entire corporation);

A. Business continuity planning (the plan used to insure that people, processes, and technology can be brought online in the event of a situation; plus any preparation to ensure that the company is in a position to enact said plan);

a. Disaster recovery plan (which zeros in the technology components and how they will be protected under emergency situations), and finally as a part of that, Security Policy, which governs the day-to-day use of the IT environment.

Others think of each of these domains as quite separate if interdependent--both in terms of the taxonomy and how they reinforce each other.

Policy better used by the best

Meanwhile, in the broader sense, a "policy movement" is starting to take hold. Late in January, for instance, the IT Governance Institute (ITGI) announced the availability of COBIT Security Baseline that includes 39 steps to improve information security and individual information security survival kits for executives, managers, and board members.

"We would argue that the financial services industry is more serious than ever about policy, and 'living documents' are increasingly the norm," notes John Carlson, senior director, of BITS, the technical arm of The Bankers Roundtable based in Washington, D. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.