Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

 

NEW! Activity Badges

Badges help others understand your level of community activity and your reputation as a contributor within the Knowledge Center. Learn More.

Subscribe to all discussions

Recent Discussions

Aviation Cyber Security Management

I need information about typical organizational structure of information security areas in commerci...

rsabella24 @ 5/29/2016 8:26 AM | Comments (1)

Head of infosec job description

what is the ideal job description for Head of information security to setup a new infosec team in a...

Tarek EL-Sherif @ 5/22/2016 5:50 AM | Comments (1)

Job Description

what is the ideal job description for Head of information security

Tarek EL-Sherif @ 5/22/2016 2:03 AM | Comments (3)

Have we forgotten how to do the basics?

Auditor: "Please show me your CIs for the end-to-end service chain for application XXX (from a...

Phil Green @ 5/5/2016 3:37 AM | Comments (0)

Where did Change Control really start?

We all know change control starts from a request (whether it's a user request or business request),...

ShanShan @ 5/3/2016 1:55 PM | Comments (1)

KPI for IT Control ISO 27002

I am looking for template or any advice from you regarding IT control KPI if functions are distribu...

Tomas Martinkenas @ 4/26/2016 7:17 AM | Comments (0)

ISO 27001 Internal Audits

ISO 27001 internal audits can be a strain on resource, especially if as Information Security Manage...

Len Shingler @ 4/11/2016 7:08 AM | Comments (2)

Mobile Malware

To what extent is mobile malware a significant threat to enterprises? There's alot of discussion ab...

Ross Peachey @ 4/11/2016 6:50 AM | Comments (1)

ArcSight Flex connector expert

Hello, I am looking for help with developing categorization for ArcSight Flex connector. If anyone ...

Anita165 @ 3/22/2016 7:55 AM | Comments (0)

Cyber Security Awareness Program for eployees

Hello,I am working on a Cyber Security Awareness program for my company and I was looking for some ...

uvesed @ 2/1/2016 11:38 AM | Comments (9)

What did CISM do for you?

ISACA recently awarded the 30,000th CISM certification. Since its introduction in 2002, the CISM cr...

Marc Vael @ 1/26/2016 7:23 PM | Comments (4)

Disabling Network Accounts

Hello, I am looking for documentation to support a recommendation that a user’s network account sho...

Angela468 @ 1/15/2016 11:04 AM | Comments (5)

Information Security Management

Hi All, I'm going to start the first step as a head of information security, my current position in...

Tarek EL-Sherif @ 1/14/2016 5:11 AM | Comments (7)

Use Cases for Security Incident Management

Does anyone have (or can point me to) a good set of generic use cases for security incident managem...

Phil Green @ 1/3/2016 5:06 AM | Comments (0)

Data Breaches - this time it's personal!

Although the details in this article are not perfect, it does give a good broad view of what is hap...

Phil Green @ 12/16/2015 1:51 AM | Comments (0)

RE: Aviation Cyber Security Management

Perhaps this document will help. https://www.thalesgroup.com/sites/default/files/asset/document/Tha...

Rendy Fathrullah @ 5/29/2016 9:22 AM

RE: Head of infosec job description

My advice would be to take a look at job board to see what is being asked for in the first instance.

Phil Green @ 5/28/2016 2:33 AM

RE: Where did Change Control really start?

I've come across this - putting proposed changes on an initial "pre-processing" log to de...

Phil Green @ 5/28/2016 2:21 AM

RE: ISO 27001 Internal Audits

I would involve people who do not have any stake in the department that you are auditing. For examp...

Shruti Kulkarni @ 5/25/2016 8:21 AM

RE: Job Description

The ideal Head of Infosec job description is the one that best describes the needs and requirements...

Peter O'Toole @ 5/22/2016 6:40 AM

RE: Job Description

Thanks Andy for your reply, actually I am working in a bank and need to setup a new infosec team, i...

Tarek EL-Sherif @ 5/22/2016 5:21 AM

RE: Job Description

The ideal Head of Infosec job description is the one that best describes the needs and requirements...

Andy772 @ 5/22/2016 3:10 AM

RE: ISO 27001 Internal Audits

Dear Len,I would say, you can not!during my job as security officer for a large hospital I faced th...

Gilbert van Zeijl @ 4/11/2016 7:23 AM

RE: Mobile Malware

Enterprise is at risk through the mobile vector. Although malware makes a very small part of that r...

Gilbert van Zeijl @ 4/11/2016 7:16 AM

RE: Cyber Security Awareness Program for eployees

Examples based on risk management methodologies such as Black Swan, Perfect Storm can be used. It w...

nooruddin @ 2/24/2016 3:46 AM

RE: What did CISM do for you?

I can relate to Gilbert's comments. The 'big picture' perspective that CISM provides is one of the ...

Ross Peachey @ 2/20/2016 4:19 PM

RE: What did CISM do for you?

Thanks all for the interesting discussion, I have the CISA qualification and have been considering ...

Oakwell @ 2/19/2016 3:42 AM

RE: What did CISM do for you?

I decided to go with CISM as I was into more of managerial stream of Information Security concentra...

SakthivelRajan326 @ 2/11/2016 12:40 AM

RE: Cyber Security Awareness Program for eployees

Thank you all for the suggestions. I will definitely be incorporating them as I continue to work on...

uvesed @ 2/5/2016 4:09 PM

RE: Cyber Security Awareness Program for eployees

Try to make any training and awareness personal.  By this I mean start talking about how to protect...

Graham880 @ 2/4/2016 12:39 PM

Security Operation Center Roadmap

HelloI need your expertise help to make a roadmap document forestablishing a new security operation...

Elsayed @ 2/18/2015 7:54 AM | Comments (20)

Sending a severe message to everyone

Dear Gentlemen,I have a topic here I need to your expert advice, in a newlyformed Information secur...

Elsayed @ 4/27/2015 12:00 PM | Comments (13)

Cyber Security Awareness Program for eployees

Hello,I am working on a Cyber Security Awareness program for my company and I was looking for some ...

uvesed @ 2/1/2016 11:38 AM | Comments (9)

Mandatory Security Design Considerations for the IoT / IoE

NEW!! Here's the next one of my IoT / IoE Security series (continued from last one): http://blog.no...

Michael S. Oberlaender @ 2/4/2015 9:57 PM | Comments (9)

Why is so difficult train the management about the importance of engage in a Security certification process?

In my experience is not so easy to convince Mangement about the importance to work towards a certif...

Cristina Ledesma @ 5/26/2014 8:50 AM | Comments (8)

Security Operational Center Matrix

Hello guys, I've done a matrix example for SOC activities, i would share it with you and your advic...

Damien643 @ 4/16/2015 9:10 PM | Comments (8)

Information Security Management

Hi All, I'm going to start the first step as a head of information security, my current position in...

Tarek EL-Sherif @ 1/14/2016 5:11 AM | Comments (7)

InfoSec models inter-relationship mappings

I am looking for mapping of SABSA attributes taxonomy to ISO 27001's PDCA, ITIL & COBIT 5 model...

D'LionKing @ 8/22/2014 12:41 PM | Comments (7)

Definition of 'security breach'

On the basis that there is no such thing as a 'stupid' question (and assume positive intent), can w...

Phil Green @ 11/18/2015 5:21 AM | Comments (7)

CISM CERT

Does anyone know of a CISM study group for the upcoming exam, or have any suggestions on what and h...

REGGIE554 @ 4/20/2015 3:52 PM | Comments (7)

Applying military strategy to IT problems

It is well known that strategic management borrows heavily from military science.. How far do you a...

Simiyu @ 11/21/2013 9:54 PM | Comments (6)

Is gamification a solution for the information security awareness?

Hype or not, gamification becomes a professional solution which expands out of the entertainment an...

Marc Vael @ 1/5/2012 12:09 PM | Comments (6)

If a company wants to donate PC's to a charity, what is the right procedure for deleting all data?

A question started byAbbas Kudrati, Head - Quality & Information Security Standard at eGovernme...

Marc Vael @ 6/15/2010 8:45 AM | Comments (6)

Information Security Governance: Why Is it Not More Prevasive?

I am an avid believer in the concept of information security governance, and I believe this concept...

Eugene510 @ 8/24/2010 1:20 PM | Comments (5)

CISO Job Description

I am looking for sample/examples of other healthcare facilities Chief Information Security Officer,...

Lisa850 @ 11/17/2014 12:34 PM | Comments (5)