Managing information security

The Canvas Method has two instruments for this:

• the Performance Evaluation Canvas

• the Risk Management Maturity Board

Together, they can be used to manage information security.

The Risk Management Maturity Board is displayed in a central location within the organization and shows the progress made in the implementation, documentation, and evaluation of measures. In the first column, the Objectives are listed as established for the information security policy. In the second column, the key measures for each objective for the current cycle are recorded.

The following columns provide space to indicate:

• whether a policy has been established for the measure (with a reference to the document)

• the date the measure has been or will be implemented (“Go Live Date”)

• when the most recent effectiveness assessment was conducted, with a reference to the report

• when the most recent evaluation took place, with a reference to the report

• which improvements have been identified for the next cycle.