Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

 

NEW! Activity Badges

Badges help others understand your level of community activity and your reputation as a contributor within the Knowledge Center. Learn More.

Recent Discussions

Cyber Security Capability Maturity Models

Hello all,I am searching information regarding topic of Cyber Security Capability Maturity Models.C...

Tomas Martinkėnas @ 11/27/2016 3:39 AM | Comments (3)

Information Security Charters?

It was brought to my attention the need to create information security charters for each department...

Raul Dusa @ 10/24/2016 10:40 AM | Comments (6)

SOC Formation

Hi everyone...please share anything on this topic "Formation of Security Operation Center"

Mir526 @ 9/20/2016 12:46 PM | Comments (1)

Assigning ownership of IT Assets - need advice

Dear colleagues, In my company we experience serious difficulties with assigning ownership of the b...

Lilia Georgieva @ 8/30/2016 1:45 PM | Comments (5)

How do Business Analyst support Cyber Security program with Requirement Gathering

Would anyone be kind to advise on how a Business Analyst can support a Cyber Security project mainl...

Abayomi786 @ 7/23/2016 3:39 AM | Comments (0)

Developer Access to Production

What is best practice to trace Developers' Access to Production Environment for any given applicati...

Jothirao @ 7/20/2016 6:19 AM | Comments (5)

IT security place in organizational structure

Hello all,I am interested in question of your known best practice of IT security place in organizat...

Tomas Martinkėnas @ 7/10/2016 1:13 PM | Comments (1)

Return On Security Investment (ROSI)

Hi All,There's alot of theory thrown around about ROSI. In theory it makes sense.But using these id...

Ross Peachey @ 6/5/2016 7:11 AM | Comments (0)

Aviation Cyber Security Management

I need information about typical organizational structure of information security areas in commerci...

rsabella24 @ 5/29/2016 8:26 AM | Comments (1)

Head of infosec job description

what is the ideal job description for Head of information security to setup a new infosec team in a...

Tarek EL-Sherif @ 5/22/2016 5:50 AM | Comments (2)

Job Description

what is the ideal job description for Head of information security

Tarek EL-Sherif @ 5/22/2016 2:03 AM | Comments (3)

Have we forgotten how to do the basics?

Auditor: "Please show me your CIs for the end-to-end service chain for application XXX (from a...

Phil Green @ 5/5/2016 3:37 AM | Comments (0)

Where did Change Control really start?

We all know change control starts from a request (whether it's a user request or business request),...

ShanShan @ 5/3/2016 1:55 PM | Comments (2)

KPI for IT Control ISO 27002

I am looking for template or any advice from you regarding IT control KPI if functions are distribu...

Tomas Martinkėnas @ 4/26/2016 7:17 AM | Comments (0)

ISO 27001 Internal Audits

ISO 27001 internal audits can be a strain on resource, especially if as Information Security Manage...

Len Shingler @ 4/11/2016 7:08 AM | Comments (2)

RE: Cyber Security Capability Maturity Models

Well, if you're looking for a generic process assessment methodology, would recommend just looking ...

Michael137 @ 11/28/2016 9:48 AM

RE: Cyber Security Capability Maturity Models

Thank you, @Michael137 , I appreciate that! ISO 33071 is just a more generic process assessment met...

Tomas Martinkėnas @ 11/28/2016 5:45 AM

RE: Cyber Security Capability Maturity Models

Is ISO 33071 dealing with cybersecurity, or just a more generic process assessment methodology??The...

Michael137 @ 11/27/2016 2:01 PM

RE: Information Security Charters?

Hi Raul, I'm curious to know where the original suggestion to create department-specific charters c...

Ross Peachey @ 11/25/2016 5:49 AM

RE: Information Security Charters?

From my perspective, it really has to do with the structure of the organization, so I don't think y...

Raul Dusa @ 10/25/2016 4:34 PM

RE: Information Security Charters?

You would also have a series of documents for your ISMS, that ranges from high level to low, and wi...

Michael137 @ 10/25/2016 11:33 AM

RE: Information Security Charters?

I would not want to see department specific programs, and would ask why you would think they are ne...

Michael137 @ 10/25/2016 11:11 AM

RE: Information Security Charters?

Michael137, do you suggest any guidelines/documents to create department specific programs? I'm cur...

Raul Dusa @ 10/25/2016 10:57 AM

RE: Information Security Charters?

I think someone doesn't understand the purpose of a security charter.The Charter is NOT department ...

Michael137 @ 10/24/2016 3:25 PM

RE: SOC Formation

What specifically, Mir? It's a big topic. 

Ross Peachey @ 10/22/2016 3:01 PM

RE: Head of infosec job description

Scope of Info-Sec project will define the job description of your CISO or Head of Info-Sec. Some im...

Mir526 @ 9/19/2016 12:03 PM

RE: Assigning ownership of IT Assets - need advice

well kyle is right on the asset owner & data owner classification...these two may differ as per...

Mir526 @ 9/19/2016 11:53 AM

RE: Assigning ownership of IT Assets - need advice

I agree with Klye that business needs to understand what data they owe, not forgetting they also ow...

Frank671 @ 9/1/2016 12:34 AM

RE: Assigning ownership of IT Assets - need advice

You're confusing 'Asset Owner' with 'Data Owner'. When it comes to involving the business the focus...

Kyle430 @ 8/31/2016 11:35 AM

RE: Assigning ownership of IT Assets - need advice

Very recognizable Lilia,Michael thanks for the good response.In my experience 'ownership' of a syst...

Gilbert van Zeijl @ 8/31/2016 1:36 AM

Security Operation Center Roadmap

HelloI need your expertise help to make a roadmap document forestablishing a new security operation...

Elsayed @ 2/18/2015 7:54 AM | Comments (20)

Sending a severe message to everyone

Dear Gentlemen,I have a topic here I need to your expert advice, in a newlyformed Information secur...

Elsayed @ 4/27/2015 12:00 PM | Comments (13)

Mandatory Security Design Considerations for the IoT / IoE

NEW!! Here's the next one of my IoT / IoE Security series (continued from last one): http://blog.no...

Michael S. Oberlaender @ 2/4/2015 9:57 PM | Comments (9)

Cyber Security Awareness Program for eployees

Hello,I am working on a Cyber Security Awareness program for my company and I was looking for some ...

uvesed @ 2/1/2016 11:38 AM | Comments (9)

Security Operational Center Matrix

Hello guys, I've done a matrix example for SOC activities, i would share it with you and your advic...

Damien643 @ 4/16/2015 9:10 PM | Comments (8)

Why is so difficult train the management about the importance of engage in a Security certification process?

In my experience is not so easy to convince Mangement about the importance to work towards a certif...

Cristina Ledesma @ 5/26/2014 8:50 AM | Comments (8)

Information Security Management

Hi All, I'm going to start the first step as a head of information security, my current position in...

Tarek EL-Sherif @ 1/14/2016 5:11 AM | Comments (7)

InfoSec models inter-relationship mappings

I am looking for mapping of SABSA attributes taxonomy to ISO 27001's PDCA, ITIL & COBIT 5 model...

D'LionKing @ 8/22/2014 12:41 PM | Comments (7)

CISM CERT

Does anyone know of a CISM study group for the upcoming exam, or have any suggestions on what and h...

REGGIE554 @ 4/20/2015 3:52 PM | Comments (7)

Definition of 'security breach'

On the basis that there is no such thing as a 'stupid' question (and assume positive intent), can w...

Phil Green @ 11/18/2015 5:21 AM | Comments (7)

Applying military strategy to IT problems

It is well known that strategic management borrows heavily from military science.. How far do you a...

Simiyu @ 11/21/2013 9:54 PM | Comments (6)

Is gamification a solution for the information security awareness?

Hype or not, gamification becomes a professional solution which expands out of the entertainment an...

Marc Vael @ 1/5/2012 12:09 PM | Comments (6)

If a company wants to donate PC's to a charity, what is the right procedure for deleting all data?

A question started byAbbas Kudrati, Head - Quality & Information Security Standard at eGovernme...

Marc Vael @ 6/15/2010 8:45 AM | Comments (6)

Information Security Charters?

It was brought to my attention the need to create information security charters for each department...

Raul Dusa @ 10/24/2016 10:40 AM | Comments (6)

Information Security Governance: Why Is it Not More Prevasive?

I am an avid believer in the concept of information security governance, and I believe this concept...

Eugene510 @ 8/24/2010 1:20 PM | Comments (5)