(No Ratings Yet)
Loading ...Dan Swanson’s Security Resources: #12
Business is about change, and Peter’s change management repository is one of the very best, and certainly well worth regular visits by busy professionals.
Studying what the board is focusing on is always productive, this week additional board studies are highlighted. Finally, regularly check out the CERT security Podcast series, it has had more than 2 million visits since its launch earlier last year, and they continue to expand their repository of learning resources.
Enjoy.
Good luck and have another great week.
Managing Change
There is no management activity more misunderstood, abused and ignored than the act of implementing Change. Some have even suggested that the phrase “Change Management” is an oxymoron. The articles available below have a single purpose, to transform the act of Managing Change from something we dread, to something we approach with skill, insight, wisdom and an increased chance of success.
http://www.technobility.com/docs/menu-managing-change.htm
ISO 27001 CERTIFICATION GUIDES LAUNCHED
IT Governance Ltd has launched the world’s first practical guides to help company directors and IT project managers understand and achieve certification to ISO 27001, the newly published global certification standard for information security management (replaces BS7799 and complements ISO 17799). In the modern corporate governance climate, ISO 27001 certification will increasingly become a prerequisite for winning new business, thereby accelerating the transfer of IT security issues from the data room to the boardroom.
http://www.itgovernance.co.uk/news_detail.aspx?news_id=25
What the Board Needs to Know About IT (The board’s role in leveraging technology as a strategic resource)
In 2006, Deloitte Consulting LLP began a research initiative to explore how boards of directors are approaching information technology (IT). Phase I of this research represents the findings of more than 30 interviews with directors and senior executives. The findings from the Phase I interviews have been captured in the point of view: “What the Board Needs to Know About IT: The Board’s Role in Leveraging Technology as a Strategic Resource.”
You can also download “Bringing IT Into the Boardroom,” which appeared as a supplement to the Fall 2006 issue of Corporate Board Member magazine. Finally, you can learn about the upcoming Phase II research results on the topic of the board and IT by downloading a preview of the survey results, entitled: “Big Conundrum: Phase II Preliminary Findings.”
For more info on the Deloitte initiative, all the above mentioned documents, and “more”, visit: http://www.deloitte.com/dtt/article/0,1002,sid%3D26562%26cid%3D132853,00.html
CERT Launches Podcast Series
The CERT® Program is pleased to announce the launch of its first podcast series, “Security for Business Leaders,” available at http://www.cert.org/podcast. The series will provide both general principles and specific starting points for business leaders who want to launch enterprise-wide security efforts, or who want to ensure that their organizations’ existing security program is as effective as possible. New podcasts will be available every two weeks.
The newest podcast features Rich Pethia, Director of the CERT Program. Other podcast topics include “Why Leaders Should Care about Security,” “The ROI of Security,” “Proactive Remedies for Rising Threat,” and “Compliance vs. Buy-in.” Podcasters can listen to entire conversations, download PDF transcripts, and investigate additional references in show notes.
“Security for Business Leaders” is the first podcast series for the SEI.
Information Security Oversight: Essential Board Practices, from the National Association of Corporate Directors (NACD).
Learn four steps each board should adopt to avoid the hazards of leaving information inadequately protected from cyber criminals. Review the questions each board should ask to determine inherent risks. Discover the potential liabilities and other woes that might befall corporate boards and management who show too little involvement in safeguarding the security and privacy of corporate-held information. Lessons include identifying vulnerabilities, mitigating damages, establishing controls, educating officers and employees, and resolving issues. Sponsored by KPMG’s Audit Committee Institute and published in collaboration with the Institute of Internal Auditors and the Critical Infrastructure Assurance Office of the U.S. Department of Commerce.
The Language of Compliance
The Language of Compliance is the biggest (3,500+ entries) resource for acronyms, terms, and extended definitions. Authored by Dorian Cougias and Marcelo Halpern it covers the terms found in HIPAA, SOX, GLB, CobiT, ISO 17799 and 27001, BCI, BSI, ISSF, and over 100 other regulatory bodies and standards agencies.
http://www.unifiedcompliance.com/index.html
Add to: del.icio.us | Digg IT | Furl | Google | magnolia | StumbleIT | Wink | Yahoo! Technorati
(2 votes, average: 10 out of 10) Loading ...Dan Swanson’s Security Resources: #4
My fourth column provides another diverse collection of leading resources.
This week’s question: “How prepared is your organization?” If you have any concerns on the robustness of your disaster recovery, business continuity, and/or your emergency management capabilities, I’d strongly recommend you check out the Canadian Centre for Emergency Preparedness.
Studying for your CISSP? The CCCure.Org web site is the place to go!
Feeling you need to ramp up your security training efforts? Check out ISC2’s comprehensive educational resource guide.
Finally, have you been questioning who is responsible for information security lately? Study the views of an internal auditor.
Enjoy.
Good luck and have another great week.
Dan Swanson
Dswanson_2005@yahoo.com
1. The (ISC)² 2007 Resource Guide for Today’s Information Security Professional - Global Edition provides the latest resources in educational references, year-long events listings and leading industry sponsors all in one handy downloadable reference guide.
2. The Systems Security Engineering Capability Maturity Model (SSE-CMM) was developed to advance security engineering as a defined, mature, and measurable discipline. It describes the characteristics essential to the success of an organization’s security engineering process, and is applicable to all security engineering organizations including government, commercial, and academic.
3. CCCure.Org The CISSP, SSCP, CISM, CISA, ISSPCS, and SANS GIAC GCFW Open Study Guides Web site is dedicated to helping people in achieving their goal of becoming a CISSP, SSCP, CISM, CISA, ISSPCS, or GCFW. Over the years it has become a vast container of resources that can assist you in mastering the domains of the specific Common Body of Knowledge related to each of the above certifications.
4. Ask the Auditor: Who is Responsible for Information Security?
The Auditor Responds: In short, the board of directors, management (of both staff and business lines) and internal audit functions all have significant roles in auditing information security. The big question for many companies is how these stakeholders should work together to ensure that everything that should be done to protect sensitive data is being done — and that the company’s key assets are protected appropriately.
5. The Canadian Centre for Emergency Preparedness (CCEP) is a not-for-profit organization based in Canada & devoted to the promotion of emergency risk management to individuals, communities and organizations, in both government and the private sector, with the aim of reducing the risk, impact and cost of natural, human-induced and technological disasters. CCEP’s objectives are to raise awareness of the increasing risks of disasters, promote the need for sound disaster management practices and disseminate information on the availability of professional expertise and resources, including technology.
6. What Should Your Business Continuity Efforts Focus On?
A Reader Asks: Should your business continuity program (BCP) consider the impacts of emerging threats and changing business practices, and what are the key issues involved today?
The Auditor Responds (Short answer): Your BCP and disaster recovery programs should be designed to respond to a wide variety of potential incidents, covering both man-made disasters, such as power-grid or environmental control failures, and natural disasters, such as hurricanes and mass staff outages due to epidemics.
The long answer: http://www.itcinstitute.com/display.aspx?ID=2090
Add to: del.icio.us | Digg IT | Furl | Google | magnolia | StumbleIT | Wink | Yahoo! Technorati
(No Ratings Yet) Loading ...Securing the security vendor
McAfee Inc.’s chief security officer, Martin Carmichael, dropped in for a quick Toronto visit Tuesday night to kibbitz and discuss security with a dozen or so tech journalists. Funny, energetic and obviously straining at his media-trained leash, Carmichael (looking eerily like News Radio’s Stephen Root) covered a lot of ground from the unique perspective of being the chief security officer of a security software company.
Among other things: Read the rest of this entry »
