Provisions and Guidelines for Information Security Management
The “Provisions and Guidelines for Information Security Management” (hereafter “ISM Provisions”) are issued with the objective to further promote and ensure safe and sound practices with respect to Information Security Management (hereafter “ISM”) among the institutions subject to the supervision of the Centrale Bank van Curaçao en Sint Maarten (hereafter “the Bank”).
The objective of ISM is to:
- Maximize the protection of the supervised institution‟s information assets;
- Meeting regulatory requirements; and
- Minimize potential legal liability and reputational exposures in a cost effective manner.
With “protection” in this context is meant:
“Ensuring confidentiality1, integrity and availability of information assets”.
Information assets not only include supervised institution‟s data and documents, but also supporting systems and personnel.
With “regulatory obligations” in this context is meant:
“Complying with regulations set by the Bank, but also international agreements and regulations set by international institutions such as IMF and BIS”
With “Minimize potential legal liability and reputational exposures” is meant:
“Minimizing breaches of country and international laws, breaches of contracts with third parties and exposures to ethical issues”
With “cost effective” is meant:
“Prioritizing information security investments to areas where it is most needed”.
This can only be determined after a thorough information security risk assessment.
Download the entire PDF
^ Back to top
Last updated 09.05.2011 14:54