Optimizing corporate Information Security Management in the post-“Heartbleed” world

An optimal business process is defined as a dynamic process that is able to adapt rapidly to the changing environment and maintain satisfactory level of performance directed towards achieving the predefined set of objectives. Corporate information security management is a business process focused on managing risk that can have adverse effects on vital corporate information and related technology and processes. Rapid evolution of information and communication technology (ICT) and ways it is used to collect, analyze and disseminate information carries many opportunities to improve corporate value chain, but also carries uncertainty and new risks. Unexpected flaws were recently discovered in fundamental building blocks of ICT such as OpenSSL challenging methods used to manage corporate information security. In this paper, we will review information security management process focusing on its risk management component and suggest improvements in order to remain proactive. Suggested improvements will cover methods for assessing and measuring risk in the areas of ICT that were hit by unexpected vulnerabilities such as business application development and integration, establishing corporate information security incident response teams, and developing a framework for exchanging information security threat intelligence.