Burning Tree Consulting Services

Information Security and Information Risk are functions that are dependent on each other. There is no such thing as perfect protection and nor should there be. A fundamental truth is that Risk is a requirement for doing business; an organisation with no Risk is one with the doors closed and the computers unplugged. However, Boards of Directors and Senior Executives want and expect defensible assurances that their information is sufficiently protected. Burning Tree have a position and an approach for applying security appropriately through a control program that is proactive, transparent, Risk-based, measurable and process-oriented.

The basis for formal Security and Risk management is defined through a program. A program allows for continuous improvement while managing Inherent Risks in business systems and IT services. A formal program is measurable, repeatable and survivable and, by its nature, can be optimised. By contrast, security regimes with low levels of maturity tend to be managed in silos with an ad hoc assembly of controls, lacking in transparency, resulting in unacceptable levels of Risk.

Information Risk Management
Information Risk Management is responsible for the coordination and execution of IT and related Information Risks across the organisation. This includes; reporting common Risks across the organisation, ensuring that controls

are enforced and that measurement/reporting requirements are met. The effort of Information Risk Management is to synchronise organisational information and technology initiatives.

Information Security Management
Information Security requires an integrated approach that makes it a part of the organisational culture and a fundamental part of the business processes. Information security leadership must strive to infuse the key components of security (behaviour; business and security process; business systems and technology infrastructure) across the entire organisation. The scope of this challenge requires the establishment of a Strategic Security Program, supported by an effective Security Governance Framework that sets clear responsibilities and accountability, as well as the allocation of appropriate resources.

Select the area of interest from the navigation alongside.