Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

 

NEW! Activity Badges

Badges help others understand your level of community activity and your reputation as a contributor within the Knowledge Center. Learn More.

Subscribe to all discussions

Recent Discussions

Security Predictions

Is it possible to use crowd-sourced security intelligence to predict future events?For this exercis...

Dragan Pleskonjic @ 11/9/2017 10:06 AM | Comments (0)

Where does a security director fit within an org chart?

Hi all,I am looking to separate the security function from IT and would love if you could point me ...

danic1979 @ 10/17/2017 7:11 PM | Comments (5)

Looking for examples of Information Security Function and SOC orgstructure

Dear Colleagues,As you know, Ukraine is being severely hit by cyberattacks. I am currently helping ...

Alexey808 @ 8/7/2017 1:31 PM | Comments (0)

Research on Information Security Management Systems standards and frameworks

Hi,Recently I am carrying out a research for my final year dissertation in Trinity College. The pri...

KAI720 @ 6/13/2017 5:41 AM | Comments (0)

Risk-based Infosec program

I'm currently reviewing the information security function within our organization. I have now the I...

Edzern @ 3/27/2017 9:50 PM | Comments (2)

Transactions SMS customers not performed

What is the information security perspective if the customers reported receiving SMS for transactio...

Tarek EL-Sherif @ 3/12/2017 5:09 AM | Comments (0)

Cybersecurity: What does the board want?

Boards of Director are taking an increasingly active role in cybersecurity governance.  The questio...

Ramakrishna593 @ 2/23/2017 1:04 AM | Comments (1)

Efficiency in Vulnerability Management

How do you ensure vulnerabilities in your organisation are identified and fixed efficiently? I work...

Eliud433 @ 1/17/2017 6:54 AM | Comments (0)

IT Security vs IT Risk

What is the difference between IT Security and IT Risk ?

Tarek EL-Sherif @ 1/4/2017 8:30 AM | Comments (11)

Cyber Security Capability Maturity Models

Hello all,I am searching information regarding topic of Cyber Security Capability Maturity Models.C...

Tomejus @ 11/27/2016 3:39 AM | Comments (4)

Information Security Charters?

It was brought to my attention the need to create information security charters for each department...

Raul Dusa @ 10/24/2016 10:40 AM | Comments (6)

SOC Formation

Hi everyone...please share anything on this topic "Formation of Security Operation Center"

Mir526 @ 9/20/2016 12:46 PM | Comments (1)

Assigning ownership of IT Assets - need advice

Dear colleagues, In my company we experience serious difficulties with assigning ownership of the b...

Lilia Georgieva @ 8/30/2016 1:45 PM | Comments (5)

How do Business Analyst support Cyber Security program with Requirement Gathering

Would anyone be kind to advise on how a Business Analyst can support a Cyber Security project mainl...

Abayomi786 @ 7/23/2016 3:39 AM | Comments (0)

Developer Access to Production

What is best practice to trace Developers' Access to Production Environment for any given applicati...

Jothirao @ 7/20/2016 6:19 AM | Comments (5)

RE: Where does a security director fit within an org chart?

Thank you all for the insight!

danic1979 @ 10/26/2017 12:34 PM

RE: Where does a security director fit within an org chart?

ISO 31000 holds that there are to points to the placement of risk management within an organization...

Don Turnblade @ 10/26/2017 12:17 PM

RE: Where does a security director fit within an org chart?

I have also found this a useful reference in positioning the various stakeholdershttps://na.theiia....

Peter O'Toole @ 10/20/2017 2:54 AM

RE: Where does a security director fit within an org chart?

Danic, Positioning IT/IS security outside of IT is a best practice in Cobit5. The reason is to prov...

Gcookz @ 10/18/2017 10:51 AM

RE: Where does a security director fit within an org chart?

Hi Dannic1979, I actually have published a book about this and other subjects. If you want to give ...

Michael S. Oberlaender @ 10/17/2017 7:39 PM

RE: Information Security Management

Hi Tarek,After one year as the Head of Information Security what do you think worked for you to get...

Omar795 @ 7/13/2017 10:39 AM

RE: Information Security Management

Congrats, Tarek!I would like to invite you to participate in a research project 'Exploring the fact...

KAI720 @ 6/16/2017 4:07 AM

RE: Cybersecurity: What does the board want?

This post is an excellent discussion. I recently read the NACD Cyber -Risk Oversight Handbook and h...

Keith158 @ 5/9/2017 10:14 AM

RE: Risk-based Infosec program

Dear Edzern, if you are reviewing your Information security function according to ISO 27001 you wil...

RobinJ. @ 3/28/2017 3:00 AM

RE: Risk-based Infosec program

Dear Edzern,Risk based information security is best practice and a very fundamental starting point ...

Gilbert van Zeijl @ 3/28/2017 2:24 AM

RE: IT Security vs IT Risk

A simple question deserves a simple answer: IT Security consists of the controls necessary to addre...

YONGXUN926 @ 1/17/2017 12:43 AM

RE: IT Security vs IT Risk

IT RIsk sees that a five place password is a Control in place intended to provide Security and is t...

Don Turnblade @ 1/12/2017 12:51 PM

RE: IT Security vs IT Risk

IT Risk and Information Security do not evaluate risk by similar criteria in all cases. A classic d...

Don Turnblade @ 1/12/2017 12:40 PM

RE: IT Security vs IT Risk

Are the any known legal, regulatory, governance, risk or compliance frameworks actually covering th...

Don Turnblade @ 1/12/2017 12:31 PM

RE: IT Security vs IT Risk

A sample case where the difference is normally present. Does an Information Security team need mana...

Don Turnblade @ 1/12/2017 12:23 PM

Security Operation Center Roadmap

HelloI need your expertise help to make a roadmap document forestablishing a new security operation...

Elsayed @ 2/18/2015 7:54 AM | Comments (20)

Sending a severe message to everyone

Dear Gentlemen,I have a topic here I need to your expert advice, in a newlyformed Information secur...

Elsayed @ 4/27/2015 12:00 PM | Comments (13)

IT Security vs IT Risk

What is the difference between IT Security and IT Risk ?

Tarek EL-Sherif @ 1/4/2017 8:30 AM | Comments (11)

Information Security Management

Hi All, I'm going to start the first step as a head of information security, my current position in...

Tarek EL-Sherif @ 1/14/2016 5:11 AM | Comments (9)

Cyber Security Awareness Program for eployees

Hello,I am working on a Cyber Security Awareness program for my company and I was looking for some ...

uvesed @ 2/1/2016 11:38 AM | Comments (9)

Mandatory Security Design Considerations for the IoT / IoE

NEW!! Here's the next one of my IoT / IoE Security series (continued from last one): http://blog.no...

Michael S. Oberlaender @ 2/4/2015 9:57 PM | Comments (9)

Security Operational Center Matrix

Hello guys, I've done a matrix example for SOC activities, i would share it with you and your advic...

Damien643 @ 4/16/2015 9:10 PM | Comments (8)

Why is so difficult train the management about the importance of engage in a Security certification process?

In my experience is not so easy to convince Mangement about the importance to work towards a certif...

Cristina Ledesma @ 5/26/2014 8:50 AM | Comments (8)

Definition of 'security breach'

On the basis that there is no such thing as a 'stupid' question (and assume positive intent), can w...

Phil Green @ 11/18/2015 5:21 AM | Comments (7)

CISM CERT

Does anyone know of a CISM study group for the upcoming exam, or have any suggestions on what and h...

REGGIE554 @ 4/20/2015 3:52 PM | Comments (7)

InfoSec models inter-relationship mappings

I am looking for mapping of SABSA attributes taxonomy to ISO 27001's PDCA, ITIL & COBIT 5 model...

D'LionKing @ 8/22/2014 12:41 PM | Comments (7)

Information Security Charters?

It was brought to my attention the need to create information security charters for each department...

Raul Dusa @ 10/24/2016 10:40 AM | Comments (6)

If a company wants to donate PC's to a charity, what is the right procedure for deleting all data?

A question started byAbbas Kudrati, Head - Quality & Information Security Standard at eGovernme...

Marc Vael @ 6/15/2010 8:45 AM | Comments (6)

Is gamification a solution for the information security awareness?

Hype or not, gamification becomes a professional solution which expands out of the entertainment an...

Marc Vael @ 1/5/2012 12:09 PM | Comments (6)

Applying military strategy to IT problems

It is well known that strategic management borrows heavily from military science.. How far do you a...

Simiyu @ 11/21/2013 9:54 PM | Comments (6)