(No Ratings Yet)
Loading ...Dan Swanson’s Security Resources: #12
Business is about change, and Peter’s change management repository is one of the very best, and certainly well worth regular visits by busy professionals.
Studying what the board is focusing on is always productive, this week additional board studies are highlighted. Finally, regularly check out the CERT security Podcast series, it has had more than 2 million visits since its launch earlier last year, and they continue to expand their repository of learning resources.
Enjoy.
Good luck and have another great week.
Managing Change
There is no management activity more misunderstood, abused and ignored than the act of implementing Change. Some have even suggested that the phrase “Change Management” is an oxymoron. The articles available below have a single purpose, to transform the act of Managing Change from something we dread, to something we approach with skill, insight, wisdom and an increased chance of success.
http://www.technobility.com/docs/menu-managing-change.htm
ISO 27001 CERTIFICATION GUIDES LAUNCHED
IT Governance Ltd has launched the world’s first practical guides to help company directors and IT project managers understand and achieve certification to ISO 27001, the newly published global certification standard for information security management (replaces BS7799 and complements ISO 17799). In the modern corporate governance climate, ISO 27001 certification will increasingly become a prerequisite for winning new business, thereby accelerating the transfer of IT security issues from the data room to the boardroom.
http://www.itgovernance.co.uk/news_detail.aspx?news_id=25
What the Board Needs to Know About IT (The board’s role in leveraging technology as a strategic resource)
In 2006, Deloitte Consulting LLP began a research initiative to explore how boards of directors are approaching information technology (IT). Phase I of this research represents the findings of more than 30 interviews with directors and senior executives. The findings from the Phase I interviews have been captured in the point of view: “What the Board Needs to Know About IT: The Board’s Role in Leveraging Technology as a Strategic Resource.”
You can also download “Bringing IT Into the Boardroom,” which appeared as a supplement to the Fall 2006 issue of Corporate Board Member magazine. Finally, you can learn about the upcoming Phase II research results on the topic of the board and IT by downloading a preview of the survey results, entitled: “Big Conundrum: Phase II Preliminary Findings.”
For more info on the Deloitte initiative, all the above mentioned documents, and “more”, visit: http://www.deloitte.com/dtt/article/0,1002,sid%3D26562%26cid%3D132853,00.html
CERT Launches Podcast Series
The CERT® Program is pleased to announce the launch of its first podcast series, “Security for Business Leaders,” available at http://www.cert.org/podcast. The series will provide both general principles and specific starting points for business leaders who want to launch enterprise-wide security efforts, or who want to ensure that their organizations’ existing security program is as effective as possible. New podcasts will be available every two weeks.
The newest podcast features Rich Pethia, Director of the CERT Program. Other podcast topics include ”Why Leaders Should Care about Security,” “The ROI of Security,” “Proactive Remedies for Rising Threat,” and “Compliance vs. Buy-in.” Podcasters can listen to entire conversations, download PDF transcripts, and investigate additional references in show notes.
“Security for Business Leaders” is the first podcast series for the SEI.
Information Security Oversight: Essential Board Practices, from the National Association of Corporate Directors (NACD).
Learn four steps each board should adopt to avoid the hazards of leaving information inadequately protected from cyber criminals. Review the questions each board should ask to determine inherent risks. Discover the potential liabilities and other woes that might befall corporate boards and management who show too little involvement in safeguarding the security and privacy of corporate-held information. Lessons include identifying vulnerabilities, mitigating damages, establishing controls, educating officers and employees, and resolving issues. Sponsored by KPMG’s Audit Committee Institute and published in collaboration with the Institute of Internal Auditors and the Critical Infrastructure Assurance Office of the U.S. Department of Commerce.
The Language of Compliance
The Language of Compliance is the biggest (3,500+ entries) resource for acronyms, terms, and extended definitions. Authored by Dorian Cougias and Marcelo Halpern it covers the terms found in HIPAA, SOX, GLB, CobiT, ISO 17799 and 27001, BCI, BSI, ISSF, and over 100 other regulatory bodies and standards agencies.
http://www.unifiedcompliance.com/index.html
