Four Security Principles

Security starts at the beginning of everything that we do. It is not just a Security Team task and needs to be designed and executed End to End (E2E).

The Four Principles

  1. Security by Design E2E, Business and IT: Secure design of business processes, automation in IT, and by encouraging a culture of discipline, ownership, and craftsmanship in Business Units and IT.
  2. Executing the Security Control Framework based upon the Security framework is part of the corporate governance framework and assures us of the effectiveness of controls (Test of Effectiveness)
  3. Security in the mindset of the first line of defense, executed and budgeted risk and security in the Business Units, strengthen the Business Units to execute their security plan.
  4. Functional reporting lines for monitoring and assurance reporting by the CISO and the Business Managers are in place.