Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

 

NEW! Activity Badges

Badges help others understand your level of community activity and your reputation as a contributor within the Knowledge Center. Learn More.

Subscribe to all discussions

Recent Discussions

Looking for examples of Information Security Function and SOC orgstructure

Dear Colleagues,As you know, Ukraine is being severely hit by cyberattacks. I am currently helping ...

Alexey808 @ 8/7/2017 1:31 PM | Comments (0)

Research on Information Security Management Systems standards and frameworks

Hi,Recently I am carrying out a research for my final year dissertation in Trinity College. The pri...

KAI720 @ 6/13/2017 5:41 AM | Comments (0)

Risk-based Infosec program

I'm currently reviewing the information security function within our organization. I have now the I...

Edzern @ 3/27/2017 9:50 PM | Comments (2)

Transactions SMS customers not performed

What is the information security perspective if the customers reported receiving SMS for transactio...

Tarek EL-Sherif @ 3/12/2017 5:09 AM | Comments (0)

Cybersecurity: What does the board want?

Boards of Director are taking an increasingly active role in cybersecurity governance.  The questio...

Ramakrishna593 @ 2/23/2017 1:04 AM | Comments (1)

Efficiency in Vulnerability Management

How do you ensure vulnerabilities in your organisation are identified and fixed efficiently? I work...

Eliud433 @ 1/17/2017 6:54 AM | Comments (0)

IT Security vs IT Risk

What is the difference between IT Security and IT Risk ?

Tarek EL-Sherif @ 1/4/2017 8:30 AM | Comments (11)

Cyber Security Capability Maturity Models

Hello all,I am searching information regarding topic of Cyber Security Capability Maturity Models.C...

Tomejus @ 11/27/2016 3:39 AM | Comments (4)

Information Security Charters?

It was brought to my attention the need to create information security charters for each department...

Raul Dusa @ 10/24/2016 10:40 AM | Comments (6)

SOC Formation

Hi everyone...please share anything on this topic "Formation of Security Operation Center"

Mir526 @ 9/20/2016 12:46 PM | Comments (1)

Assigning ownership of IT Assets - need advice

Dear colleagues, In my company we experience serious difficulties with assigning ownership of the b...

Lilia Georgieva @ 8/30/2016 1:45 PM | Comments (5)

How do Business Analyst support Cyber Security program with Requirement Gathering

Would anyone be kind to advise on how a Business Analyst can support a Cyber Security project mainl...

Abayomi786 @ 7/23/2016 3:39 AM | Comments (0)

Developer Access to Production

What is best practice to trace Developers' Access to Production Environment for any given applicati...

Jothirao @ 7/20/2016 6:19 AM | Comments (5)

IT security place in organizational structure

Hello all,I am interested in question of your known best practice of IT security place in organizat...

Tomejus @ 7/10/2016 1:13 PM | Comments (1)

Return On Security Investment (ROSI)

Hi All,There's alot of theory thrown around about ROSI. In theory it makes sense.But using these id...

Ross Peachey @ 6/5/2016 7:11 AM | Comments (0)

RE: Information Security Management

Hi Tarek,After one year as the Head of Information Security what do you think worked for you to get...

Omar795 @ 7/13/2017 10:39 AM

RE: Information Security Management

Congrats, Tarek!I would like to invite you to participate in a research project 'Exploring the fact...

KAI720 @ 6/16/2017 4:07 AM

RE: Cybersecurity: What does the board want?

This post is an excellent discussion. I recently read the NACD Cyber -Risk Oversight Handbook and h...

Keith158 @ 5/9/2017 10:14 AM

RE: Risk-based Infosec program

Dear Edzern, if you are reviewing your Information security function according to ISO 27001 you wil...

RobinJ. @ 3/28/2017 3:00 AM

RE: Risk-based Infosec program

Dear Edzern,Risk based information security is best practice and a very fundamental starting point ...

Gilbert van Zeijl @ 3/28/2017 2:24 AM

RE: IT Security vs IT Risk

A simple question deserves a simple answer: IT Security consists of the controls necessary to addre...

YONGXUN926 @ 1/17/2017 12:43 AM

RE: IT Security vs IT Risk

IT RIsk sees that a five place password is a Control in place intended to provide Security and is t...

Don Turnblade @ 1/12/2017 12:51 PM

RE: IT Security vs IT Risk

IT Risk and Information Security do not evaluate risk by similar criteria in all cases. A classic d...

Don Turnblade @ 1/12/2017 12:40 PM

RE: IT Security vs IT Risk

Are the any known legal, regulatory, governance, risk or compliance frameworks actually covering th...

Don Turnblade @ 1/12/2017 12:31 PM

RE: IT Security vs IT Risk

A sample case where the difference is normally present. Does an Information Security team need mana...

Don Turnblade @ 1/12/2017 12:23 PM

RE: IT Security vs IT Risk

A manager needs to comply with practice risks often stemming from a GRC perspective of policy, lega...

Don Turnblade @ 1/12/2017 12:06 PM

RE: IT Security vs IT Risk

The core difference comes form questions of accountability, authority and competency to managed spe...

Don Turnblade @ 1/12/2017 11:52 AM

RE: IT Security vs IT Risk

First of all the IT Security Risk is part of IT Risk Management. IT Risks include security risks of...

Karina520 @ 1/4/2017 2:16 PM

RE: IT Security vs IT Risk

Dears, my issue hear that I am looking for a clear and simple answer to explain it to my organizati...

Tarek EL-Sherif @ 1/4/2017 1:18 PM

RE: IT Security vs IT Risk

A simple question deserves a simple answer: IT Security consists of the controls necessary to addre...

Kyle430 @ 1/4/2017 9:43 AM

Security Operation Center Roadmap

HelloI need your expertise help to make a roadmap document forestablishing a new security operation...

Elsayed @ 2/18/2015 7:54 AM | Comments (20)

Sending a severe message to everyone

Dear Gentlemen,I have a topic here I need to your expert advice, in a newlyformed Information secur...

Elsayed @ 4/27/2015 12:00 PM | Comments (13)

IT Security vs IT Risk

What is the difference between IT Security and IT Risk ?

Tarek EL-Sherif @ 1/4/2017 8:30 AM | Comments (11)

Information Security Management

Hi All, I'm going to start the first step as a head of information security, my current position in...

Tarek EL-Sherif @ 1/14/2016 5:11 AM | Comments (9)

Cyber Security Awareness Program for eployees

Hello,I am working on a Cyber Security Awareness program for my company and I was looking for some ...

uvesed @ 2/1/2016 11:38 AM | Comments (9)

Mandatory Security Design Considerations for the IoT / IoE

NEW!! Here's the next one of my IoT / IoE Security series (continued from last one): http://blog.no...

Michael S. Oberlaender @ 2/4/2015 9:57 PM | Comments (9)

Security Operational Center Matrix

Hello guys, I've done a matrix example for SOC activities, i would share it with you and your advic...

Damien643 @ 4/16/2015 9:10 PM | Comments (8)

Why is so difficult train the management about the importance of engage in a Security certification process?

In my experience is not so easy to convince Mangement about the importance to work towards a certif...

Cristina Ledesma @ 5/26/2014 8:50 AM | Comments (8)

Definition of 'security breach'

On the basis that there is no such thing as a 'stupid' question (and assume positive intent), can w...

Phil Green @ 11/18/2015 5:21 AM | Comments (7)

CISM CERT

Does anyone know of a CISM study group for the upcoming exam, or have any suggestions on what and h...

REGGIE554 @ 4/20/2015 3:52 PM | Comments (7)

InfoSec models inter-relationship mappings

I am looking for mapping of SABSA attributes taxonomy to ISO 27001's PDCA, ITIL & COBIT 5 model...

D'LionKing @ 8/22/2014 12:41 PM | Comments (7)

Information Security Charters?

It was brought to my attention the need to create information security charters for each department...

Raul Dusa @ 10/24/2016 10:40 AM | Comments (6)

If a company wants to donate PC's to a charity, what is the right procedure for deleting all data?

A question started byAbbas Kudrati, Head - Quality & Information Security Standard at eGovernme...

Marc Vael @ 6/15/2010 8:45 AM | Comments (6)

Is gamification a solution for the information security awareness?

Hype or not, gamification becomes a professional solution which expands out of the entertainment an...

Marc Vael @ 1/5/2012 12:09 PM | Comments (6)

Applying military strategy to IT problems

It is well known that strategic management borrows heavily from military science.. How far do you a...

Simiyu @ 11/21/2013 9:54 PM | Comments (6)