Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.


NEW! Activity Badges

Badges help others understand your level of community activity and your reputation as a contributor within the Knowledge Center. Learn More.

Subscribe to all discussions

Recent Discussions

SOC Formation

Hi everyone...please share anything on this topic "Formation of Security Operation Center"

Mir526 @ 9/20/2016 12:46 PM | Comments (1)

Assigning ownership of IT Assets - need advice

Dear colleagues, In my company we experience serious difficulties with assigning ownership of the b...

Lilia Georgieva @ 8/30/2016 1:45 PM | Comments (5)

How do Business Analyst support Cyber Security program with Requirement Gathering

Would anyone be kind to advise on how a Business Analyst can support a Cyber Security project mainl...

Abayomi786 @ 7/23/2016 3:39 AM | Comments (0)

Developer Access to Production

What is best practice to trace Developers' Access to Production Environment for any given applicati...

Jothirao @ 7/20/2016 6:19 AM | Comments (5)

IT security place in organizational structure

Hello all,I am interested in question of your known best practice of IT security place in organizat...

Tomas Martinkėnas @ 7/10/2016 1:13 PM | Comments (1)

Return On Security Investment (ROSI)

Hi All,There's alot of theory thrown around about ROSI. In theory it makes sense.But using these id...

Ross Peachey @ 6/5/2016 7:11 AM | Comments (0)

Aviation Cyber Security Management

I need information about typical organizational structure of information security areas in commerci...

rsabella24 @ 5/29/2016 8:26 AM | Comments (1)

Head of infosec job description

what is the ideal job description for Head of information security to setup a new infosec team in a...

Tarek EL-Sherif @ 5/22/2016 5:50 AM | Comments (2)

Job Description

what is the ideal job description for Head of information security

Tarek EL-Sherif @ 5/22/2016 2:03 AM | Comments (3)

Have we forgotten how to do the basics?

Auditor: "Please show me your CIs for the end-to-end service chain for application XXX (from a...

Phil Green @ 5/5/2016 3:37 AM | Comments (0)

Where did Change Control really start?

We all know change control starts from a request (whether it's a user request or business request),...

ShanShan @ 5/3/2016 1:55 PM | Comments (2)

KPI for IT Control ISO 27002

I am looking for template or any advice from you regarding IT control KPI if functions are distribu...

Tomas Martinkėnas @ 4/26/2016 7:17 AM | Comments (0)

ISO 27001 Internal Audits

ISO 27001 internal audits can be a strain on resource, especially if as Information Security Manage...

Len Shingler @ 4/11/2016 7:08 AM | Comments (2)

Mobile Malware

To what extent is mobile malware a significant threat to enterprises? There's alot of discussion ab...

Ross Peachey @ 4/11/2016 6:50 AM | Comments (1)

ArcSight Flex connector expert

Hello, I am looking for help with developing categorization for ArcSight Flex connector. If anyone ...

Anita165 @ 3/22/2016 7:55 AM | Comments (0)

RE: SOC Formation

What specifically, Mir? It's a big topic. 

Ross Peachey @ 10/22/2016 3:01 PM

RE: Head of infosec job description

Scope of Info-Sec project will define the job description of your CISO or Head of Info-Sec. Some im...

Mir526 @ 9/19/2016 12:03 PM

RE: Assigning ownership of IT Assets - need advice

well kyle is right on the asset owner & data owner classification...these two may differ as per...

Mir526 @ 9/19/2016 11:53 AM

RE: Assigning ownership of IT Assets - need advice

I agree with Klye that business needs to understand what data they owe, not forgetting they also ow...

Frank671 @ 9/1/2016 12:34 AM

RE: Assigning ownership of IT Assets - need advice

You're confusing 'Asset Owner' with 'Data Owner'. When it comes to involving the business the focus...

Kyle430 @ 8/31/2016 11:35 AM

RE: Assigning ownership of IT Assets - need advice

Very recognizable Lilia,Michael thanks for the good response.In my experience 'ownership' of a syst...

Gilbert van Zeijl @ 8/31/2016 1:36 AM

RE: Assigning ownership of IT Assets - need advice

From my experience with asset control.* laptops and desktops should have their user assigned as the...

Michael137 @ 8/30/2016 2:05 PM

RE: What did CISM do for you?

I am preparing for the CISM exam at the moment. It is challenging and I am very impressed by the gu...

Raj @ 8/29/2016 4:57 AM

RE: Developer Access to Production

Limited access - role to menu mapping should be followed, this way restriction of what is accessibl...

Rama Ramachandran @ 7/21/2016 5:05 AM

RE: Developer Access to Production

I advise to use different accounts for developing and for support work on production environment. S...

Gilbert van Zeijl @ 7/21/2016 2:21 AM

RE: Developer Access to Production

Segregation of duties should be vital to any organization. There have been multiple accounts where ...

modym @ 7/20/2016 6:56 AM

RE: Developer Access to Production

Best Practice is to limit complete access to both environments. Developers should not have access t...

Phil Green @ 7/20/2016 6:33 AM

RE: Developer Access to Production

Best Practice is to limit complete access to both environments. Developers should not have access t...

Peter878 @ 7/20/2016 6:28 AM

RE: IT security place in organizational structure

IT Security should be part of IT Management. Depending on the size of your organisation this could ...

Gilbert van Zeijl @ 7/11/2016 2:20 AM

RE: Where did Change Control really start?

The core of this comes from Process Quality Assurance. To start a process, certain minimum inputs, ...

Don Turnblade @ 6/2/2016 11:53 AM

Security Operation Center Roadmap

HelloI need your expertise help to make a roadmap document forestablishing a new security operation...

Elsayed @ 2/18/2015 7:54 AM | Comments (20)

Sending a severe message to everyone

Dear Gentlemen,I have a topic here I need to your expert advice, in a newlyformed Information secur...

Elsayed @ 4/27/2015 12:00 PM | Comments (13)

Mandatory Security Design Considerations for the IoT / IoE

NEW!! Here's the next one of my IoT / IoE Security series (continued from last one):

Michael S. Oberlaender @ 2/4/2015 9:57 PM | Comments (9)

Cyber Security Awareness Program for eployees

Hello,I am working on a Cyber Security Awareness program for my company and I was looking for some ...

uvesed @ 2/1/2016 11:38 AM | Comments (9)

Security Operational Center Matrix

Hello guys, I've done a matrix example for SOC activities, i would share it with you and your advic...

Damien643 @ 4/16/2015 9:10 PM | Comments (8)

Why is so difficult train the management about the importance of engage in a Security certification process?

In my experience is not so easy to convince Mangement about the importance to work towards a certif...

Cristina Ledesma @ 5/26/2014 8:50 AM | Comments (8)

Information Security Management

Hi All, I'm going to start the first step as a head of information security, my current position in...

Tarek EL-Sherif @ 1/14/2016 5:11 AM | Comments (7)

InfoSec models inter-relationship mappings

I am looking for mapping of SABSA attributes taxonomy to ISO 27001's PDCA, ITIL & COBIT 5 model...

D'LionKing @ 8/22/2014 12:41 PM | Comments (7)


Does anyone know of a CISM study group for the upcoming exam, or have any suggestions on what and h...

REGGIE554 @ 4/20/2015 3:52 PM | Comments (7)

Definition of 'security breach'

On the basis that there is no such thing as a 'stupid' question (and assume positive intent), can w...

Phil Green @ 11/18/2015 5:21 AM | Comments (7)

Applying military strategy to IT problems

It is well known that strategic management borrows heavily from military science.. How far do you a...

Simiyu @ 11/21/2013 9:54 PM | Comments (6)

Is gamification a solution for the information security awareness?

Hype or not, gamification becomes a professional solution which expands out of the entertainment an...

Marc Vael @ 1/5/2012 12:09 PM | Comments (6)

If a company wants to donate PC's to a charity, what is the right procedure for deleting all data?

A question started byAbbas Kudrati, Head - Quality & Information Security Standard at eGovernme...

Marc Vael @ 6/15/2010 8:45 AM | Comments (6)

Information Security Governance: Why Is it Not More Prevasive?

I am an avid believer in the concept of information security governance, and I believe this concept...

Eugene510 @ 8/24/2010 1:20 PM | Comments (5)

CISA or CISM which one should I go for?

I am currently pursuing MS in Information Security. I have no work experience.Now I want to do a ce...

Rahul Das @ 6/30/2012 1:35 AM | Comments (5)