Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

 

NEW! Activity Badges

Badges help others understand your level of community activity and your reputation as a contributor within the Knowledge Center. Learn More.

Subscribe to all discussions

Recent Discussions

Cybersecurity: What does the board want?

Boards of Director are taking an increasingly active role in cybersecurity governance.  The questio...

Ramakrishna593 @ 2/23/2017 1:04 AM | Comments (0)

Efficiency in Vulnerability Management

How do you ensure vulnerabilities in your organisation are identified and fixed efficiently? I work...

Eliud433 @ 1/17/2017 6:54 AM | Comments (0)

IT Security vs IT Risk

What is the difference between IT Security and IT Risk ?

Tarek EL-Sherif @ 1/4/2017 8:30 AM | Comments (11)

Cyber Security Capability Maturity Models

Hello all,I am searching information regarding topic of Cyber Security Capability Maturity Models.C...

Tomejus @ 11/27/2016 3:39 AM | Comments (4)

Information Security Charters?

It was brought to my attention the need to create information security charters for each department...

Raul Dusa @ 10/24/2016 10:40 AM | Comments (6)

SOC Formation

Hi everyone...please share anything on this topic "Formation of Security Operation Center"

Mir526 @ 9/20/2016 12:46 PM | Comments (1)

Assigning ownership of IT Assets - need advice

Dear colleagues, In my company we experience serious difficulties with assigning ownership of the b...

Lilia Georgieva @ 8/30/2016 1:45 PM | Comments (5)

How do Business Analyst support Cyber Security program with Requirement Gathering

Would anyone be kind to advise on how a Business Analyst can support a Cyber Security project mainl...

Abayomi786 @ 7/23/2016 3:39 AM | Comments (0)

Developer Access to Production

What is best practice to trace Developers' Access to Production Environment for any given applicati...

Jothirao @ 7/20/2016 6:19 AM | Comments (5)

IT security place in organizational structure

Hello all,I am interested in question of your known best practice of IT security place in organizat...

Tomejus @ 7/10/2016 1:13 PM | Comments (1)

Return On Security Investment (ROSI)

Hi All,There's alot of theory thrown around about ROSI. In theory it makes sense.But using these id...

Ross Peachey @ 6/5/2016 7:11 AM | Comments (0)

Aviation Cyber Security Management

I need information about typical organizational structure of information security areas in commerci...

rsabella24 @ 5/29/2016 8:26 AM | Comments (1)

Head of infosec job description

what is the ideal job description for Head of information security to setup a new infosec team in a...

Tarek EL-Sherif @ 5/22/2016 5:50 AM | Comments (2)

Job Description

what is the ideal job description for Head of information security

Tarek EL-Sherif @ 5/22/2016 2:03 AM | Comments (3)

Have we forgotten how to do the basics?

Auditor: "Please show me your CIs for the end-to-end service chain for application XXX (from a...

Phil Green @ 5/5/2016 3:37 AM | Comments (0)

RE: IT Security vs IT Risk

A simple question deserves a simple answer: IT Security consists of the controls necessary to addre...

YONGXUN926 @ 1/17/2017 12:43 AM

RE: IT Security vs IT Risk

IT RIsk sees that a five place password is a Control in place intended to provide Security and is t...

Don Turnblade @ 1/12/2017 12:51 PM

RE: IT Security vs IT Risk

IT Risk and Information Security do not evaluate risk by similar criteria in all cases. A classic d...

Don Turnblade @ 1/12/2017 12:40 PM

RE: IT Security vs IT Risk

Are the any known legal, regulatory, governance, risk or compliance frameworks actually covering th...

Don Turnblade @ 1/12/2017 12:31 PM

RE: IT Security vs IT Risk

A sample case where the difference is normally present. Does an Information Security team need mana...

Don Turnblade @ 1/12/2017 12:23 PM

RE: IT Security vs IT Risk

A manager needs to comply with practice risks often stemming from a GRC perspective of policy, lega...

Don Turnblade @ 1/12/2017 12:06 PM

RE: IT Security vs IT Risk

The core difference comes form questions of accountability, authority and competency to managed spe...

Don Turnblade @ 1/12/2017 11:52 AM

RE: IT Security vs IT Risk

First of all the IT Security Risk is part of IT Risk Management. IT Risks include security risks of...

Karina520 @ 1/4/2017 2:16 PM

RE: IT Security vs IT Risk

Dears, my issue hear that I am looking for a clear and simple answer to explain it to my organizati...

Tarek EL-Sherif @ 1/4/2017 1:18 PM

RE: IT Security vs IT Risk

A simple question deserves a simple answer: IT Security consists of the controls necessary to addre...

Kyle430 @ 1/4/2017 9:43 AM

RE: IT Security vs IT Risk

Is this asking on Standards to identify IT Risks and IT Security Risks ? Control Objectives and clo...

Karin007 @ 1/4/2017 9:27 AM

RE: Cyber Security Capability Maturity Models

@Michael137 , it is really valuable information for me what you have shared. I see your involvement...

Tomejus @ 12/4/2016 6:20 AM

RE: Cyber Security Capability Maturity Models

Well, if you're looking for a generic process assessment methodology, would recommend just looking ...

Michael137 @ 11/28/2016 9:48 AM

RE: Cyber Security Capability Maturity Models

Thank you, @Michael137 , I appreciate that! ISO 33071 is just a more generic process assessment met...

Tomejus @ 11/28/2016 5:45 AM

RE: Cyber Security Capability Maturity Models

Is ISO 33071 dealing with cybersecurity, or just a more generic process assessment methodology??The...

Michael137 @ 11/27/2016 2:01 PM

Security Operation Center Roadmap

HelloI need your expertise help to make a roadmap document forestablishing a new security operation...

Elsayed @ 2/18/2015 7:54 AM | Comments (20)

Sending a severe message to everyone

Dear Gentlemen,I have a topic here I need to your expert advice, in a newlyformed Information secur...

Elsayed @ 4/27/2015 12:00 PM | Comments (13)

IT Security vs IT Risk

What is the difference between IT Security and IT Risk ?

Tarek EL-Sherif @ 1/4/2017 8:30 AM | Comments (11)

Cyber Security Awareness Program for eployees

Hello,I am working on a Cyber Security Awareness program for my company and I was looking for some ...

uvesed @ 2/1/2016 11:38 AM | Comments (9)

Mandatory Security Design Considerations for the IoT / IoE

NEW!! Here's the next one of my IoT / IoE Security series (continued from last one): http://blog.no...

Michael S. Oberlaender @ 2/4/2015 9:57 PM | Comments (9)

Security Operational Center Matrix

Hello guys, I've done a matrix example for SOC activities, i would share it with you and your advic...

Damien643 @ 4/16/2015 9:10 PM | Comments (8)

Why is so difficult train the management about the importance of engage in a Security certification process?

In my experience is not so easy to convince Mangement about the importance to work towards a certif...

Cristina Ledesma @ 5/26/2014 8:50 AM | Comments (8)

CISM CERT

Does anyone know of a CISM study group for the upcoming exam, or have any suggestions on what and h...

REGGIE554 @ 4/20/2015 3:52 PM | Comments (7)

Information Security Management

Hi All, I'm going to start the first step as a head of information security, my current position in...

Tarek EL-Sherif @ 1/14/2016 5:11 AM | Comments (7)

InfoSec models inter-relationship mappings

I am looking for mapping of SABSA attributes taxonomy to ISO 27001's PDCA, ITIL & COBIT 5 model...

D'LionKing @ 8/22/2014 12:41 PM | Comments (7)

Definition of 'security breach'

On the basis that there is no such thing as a 'stupid' question (and assume positive intent), can w...

Phil Green @ 11/18/2015 5:21 AM | Comments (7)

If a company wants to donate PC's to a charity, what is the right procedure for deleting all data?

A question started byAbbas Kudrati, Head - Quality & Information Security Standard at eGovernme...

Marc Vael @ 6/15/2010 8:45 AM | Comments (6)

Information Security Charters?

It was brought to my attention the need to create information security charters for each department...

Raul Dusa @ 10/24/2016 10:40 AM | Comments (6)

Is gamification a solution for the information security awareness?

Hype or not, gamification becomes a professional solution which expands out of the entertainment an...

Marc Vael @ 1/5/2012 12:09 PM | Comments (6)

Applying military strategy to IT problems

It is well known that strategic management borrows heavily from military science.. How far do you a...

Simiyu @ 11/21/2013 9:54 PM | Comments (6)