-- SELECT SPEAKER HERE -- Regie Marie Plana-Alcuaz Azevedo, Inês Marcial R. Batiancila Jody Beenk Lionel E. Buenaflor, PhD Gianina Angela Celine O. Cabanilla P.Chellappandi, PhD | J.P.S.Kumaravel, PhD Lucya Dhamayanti Nolie G. Enem, PhD Julia Gelfand | Anthony Lin Hiroko Honda Margareta Aulia Rachman S. Hum Christine Ianna Mary Ann M. Ingua Lauren P. Kipaan Eimee Rhea C. Lagrama Li Jia, PhD Brendan Luyt, PhD Allan August P. Malig, CISSP Sherwood McCaskie Corazon M. Nera Selina Owen Yona Primadesi Marian S. Ramos-Eclevia Diljit Singh , PhD Y. Sumaryanto Wawta Techataweewan, PhD

Allan August Malig

P.J. Lhuillier Inc., Makati City

An Outsider’s Look at Information Security Management for Libraries and Museums

ALLAN AUGUST MALIG is a Certified Information Systems Security Professional (CISSP) since 2005 and a passer the Certified Information System Auditor (CISA) exam in 2008.A graduate of BS Education major in Social Studies in UP Diliman, Allan started the first 5 years of his ICT Career as an IT instructor and eventually as courseware development supervisor for Systems Technology Institute. He then moved on to Equitable PCI (EPCI) Bank where he helped establish and manage the Technology Training Center of its IT Group. It was in 2001 when he started his Information Security career when he helped establish and manage the Information Security Office of EPCI. In 2004, he moved on to Sun Life Financialas Information Security Manager for its operations in the Philippines, Indonesia, HK, China and India. He also spent two years leading the IT/Security Internal Audit Cluster of Globe Telecoms. From 2008 up to present, he is head of Information Security and IT Governance Division for the PJ Lhuillier Group of Companies where he is tasked with leading all initiatives and operations related to Information Security, Change Management, IT Quality Assurance and Enterprise Business Continuity Planning

Abstract

The paper aims to provide an outsider's perspective on how long established and widely accepted information security management practices can be applied in Libraries and Museums. It includes an overview on basic information security manage-ment concepts, risk assessment approach and practical tips to ensure basic information security hygiene practices are in place. Finally, it provides an overview on ISO 27001-an international standard for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an Information Security Management System.