Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

 

NEW! Activity Badges

Badges help others understand your level of community activity and your reputation as a contributor within the Knowledge Center. Learn More.

Subscribe to all discussions

Recent Discussions

Cyber Alert Levels

Many organisations publish "cyber alert levels" which are intended to represent the sever...

Ross Peachey @ 9/25/2014 6:21 AM | Comments (0)

IT Risk Assessment Service Selection Criteria

I am going to have the consultant to perform a holistic IT risk assessment for the company, what fa...

chungangus @ 9/24/2014 4:28 AM | Comments (3)

IS Security Reporting Structures

Our healthcare organization is reorganizing its overall reporting structures to include IS Security...

grayowl @ 9/23/2014 12:36 PM | Comments (2)

Any standard checking for security process in ITIL

I am reviewing an existing security process in the ITIL framework.  All new services have to go thr...

chungangus @ 9/14/2014 11:21 PM | Comments (2)

Asset based versus holistic information security risk assessment

On of the biggest impacts in the ISO 27001:2013 standard is the omission of the words "asset b...

Koen Béroudiaux @ 9/13/2014 3:40 AM | Comments (3)

InfoSec models inter-relationship mappings

I am looking for mapping of SABSA attributes taxonomy to ISO 27001's PDCA, ITIL & COBIT 5 model...

Glory Idehen @ 8/22/2014 12:41 PM | Comments (7)

Security Access Review Scope or Depth Query

Dear All,I think a security access review or identity certification is a common task to examine the...

chungangus @ 8/19/2014 11:05 PM | Comments (4)

Call for Papers and Discount Code for ISACA Ireland Conference on 3rd Oct 2014

Hi Everyone, I'm the chapter president of ISACA Ireland and would like to let members of this topic...

Neil_Curran @ 8/2/2014 12:39 PM | Comments (1)

Outsourcing:- information security as a service

What are the challenges, what should be the scope limitation, how do you enhance privacy of your da...

Simiyu @ 7/23/2014 2:29 AM | Comments (4)

Why is so difficult train the management about the importance of engage in a Security certification process?

In my experience is not so easy to convince Mangement about the importance to work towards a certif...

Cristina Ledesma @ 5/26/2014 8:50 AM | Comments (8)

Social Engineering

The idea is to analize this topic by its different components, information, people and legal consec...

Cristina Ledesma @ 2/17/2014 6:08 AM | Comments (5)

IS Governance

I want to know what techniques / methodologies are used to implement governance in IS, I mean for i...

Cristina Ledesma @ 2/3/2014 5:00 AM | Comments (1)

Content, Frequency and Effectiveness of IT Security Awareness

What suggestions do you have for increasing awareness without resulting in "training" fat...

LJC @ 1/15/2014 10:49 AM | Comments (4)

Applying military strategy to IT problems

It is well known that strategic management borrows heavily from military science.. How far do you a...

Simiyu @ 11/21/2013 9:54 PM | Comments (6)

Transferring Risk management: ISO27000 to COBIT

Has anyone had experience transferring their existing ISO 27000 risk management into the COBIT fram...

Catherine002 @ 11/3/2013 7:28 PM | Comments (1)

RE: InfoSec models inter-relationship mappings

Thanks Micheal. I appreciate very much

Simiyu @ 10/8/2014 11:13 PM

RE: InfoSec models inter-relationship mappings

The page on the SANS site ishere:  https://www.sans.org/critical-security-controlsThe poster is her...

Michael137 @ 10/8/2014 6:59 PM

RE: InfoSec models inter-relationship mappings

Thanks Micheal137 for the insights. I wish to get the SANS poster mappings. Can you share a link if...

Simiyu @ 10/7/2014 11:19 PM

RE: InfoSec models inter-relationship mappings

Well, I did a mapping for the group I'm with that combines ISO-27002 with GLBA and SOX.  Another as...

Michael137 @ 10/7/2014 2:56 PM

RE: InfoSec models inter-relationship mappings

In a similar way to COBIT5 goals cascade, the SABSA attributes should be specifically customised fo...

Ross Peachey @ 9/25/2014 5:04 AM

RE: IT Risk Assessment Service Selection Criteria

I agree with the guidelines shared by Miroslov717.

Simiyu @ 9/25/2014 12:05 AM

RE: IS Security Reporting Structures

I agree withCatherine002, the emphasis should be on "organisation-wide responsibilityfor compl...

Simiyu @ 9/25/2014 12:02 AM

RE: IT Risk Assessment Service Selection Criteria

Thanks for the link, it is informative not just for the risk assessment service evaluation, it's he...

chungangus @ 9/24/2014 9:25 PM

RE: IT Risk Assessment Service Selection Criteria

Hi,This was helpfull in my case:http://www.iso27001standard.com/blog/2013/03/25/5-criteria-for-choo...

Miroslav717 @ 9/24/2014 6:18 AM

RE: IS Security Reporting Structures

I'm from a government agency of 1300 employees.18 months ago IS Security and Records Management wer...

Catherine002 @ 9/23/2014 10:01 PM

RE: Any standard checking for security process in ITIL

ITIL has security management process but it is at an operational level. You can use ITIL as referen...

SKA @ 9/18/2014 6:20 AM

RE: Asset based versus holistic information security risk assessment

The change is risk assessment approach is more to align with ISO31000 on enterprise risk management...

SKA @ 9/18/2014 6:15 AM

RE: Asset based versus holistic information security risk assessment

Good question. I have noticed too that the "asset based" is gone in the new ISO standard....

Marc Vael @ 9/17/2014 4:08 AM

RE: Any standard checking for security process in ITIL

Excellent question and indeed by default the number one remark that security people get when presen...

Marc Vael @ 9/17/2014 3:59 AM

RE: Asset based versus holistic information security risk assessment

I think either process will come to a different approach but the result will be similar as when we ...

chungangus @ 9/14/2014 11:48 PM

Why is so difficult train the management about the importance of engage in a Security certification process?

In my experience is not so easy to convince Mangement about the importance to work towards a certif...

Cristina Ledesma @ 5/26/2014 8:50 AM | Comments (8)

InfoSec models inter-relationship mappings

I am looking for mapping of SABSA attributes taxonomy to ISO 27001's PDCA, ITIL & COBIT 5 model...

Glory Idehen @ 8/22/2014 12:41 PM | Comments (7)

Is gamification a solution for the information security awareness?

Hype or not, gamification becomes a professional solution which expands out of the entertainment an...

Marc Vael @ 1/5/2012 12:09 PM | Comments (6)

If a company wants to donate PC's to a charity, what is the right procedure for deleting all data?

A question started byAbbas Kudrati, Head - Quality & Information Security Standard at eGovernme...

Marc Vael @ 6/15/2010 8:45 AM | Comments (6)

Applying military strategy to IT problems

It is well known that strategic management borrows heavily from military science.. How far do you a...

Simiyu @ 11/21/2013 9:54 PM | Comments (6)

CISA or CISM which one should I go for?

I am currently pursuing MS in Information Security. I have no work experience.Now I want to do a ce...

Rahul Das @ 6/30/2012 1:35 AM | Comments (5)

Information Security Governance: Why Is it Not More Prevasive?

I am an avid believer in the concept of information security governance, and I believe this concept...

Eugene510 @ 8/24/2010 1:20 PM | Comments (5)

Social Engineering

The idea is to analize this topic by its different components, information, people and legal consec...

Cristina Ledesma @ 2/17/2014 6:08 AM | Comments (5)

New to IS Management

I have just been given responsibility for Information Security Management within my organisation.  ...

PHolmes @ 6/17/2011 9:47 AM | Comments (4)

Outsourcing:- information security as a service

What are the challenges, what should be the scope limitation, how do you enhance privacy of your da...

Simiyu @ 7/23/2014 2:29 AM | Comments (4)

Security Access Review Scope or Depth Query

Dear All,I think a security access review or identity certification is a common task to examine the...

chungangus @ 8/19/2014 11:05 PM | Comments (4)

Content, Frequency and Effectiveness of IT Security Awareness

What suggestions do you have for increasing awareness without resulting in "training" fat...

LJC @ 1/15/2014 10:49 AM | Comments (4)

Greetings, and A Challenge to Our Members

Greetings to everyone who has joined our group for Information Security Management.  On behalf of I...

David Scott @ 11/16/2011 4:12 PM | Comments (4)

ISO 27001 Policy audits

HiFor those who have experience of ISO 27001 Accreditation audits can you tell me if the auditors a...

Len Shingler @ 2/21/2013 11:20 AM | Comments (4)

Applying BMIS in practice

BMIS promotes systems thinking dynamic approach which can solve the balance question between pragma...

Marc Vael @ 5/25/2011 5:49 PM | Comments (4)