Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

 

NEW! Activity Badges

Badges help others understand your level of community activity and your reputation as a contributor within the Knowledge Center. Learn More.

Subscribe to all discussions

Recent Discussions

How do Business Analyst support Cyber Security program with Requirement Gathering

Would anyone be kind to advise on how a Business Analyst can support a Cyber Security project mainl...

Abayomi786 @ 7/23/2016 3:39 AM | Comments (0)

Developer Access to Production

What is best practice to trace Developers' Access to Production Environment for any given applicati...

Jothirao @ 7/20/2016 6:19 AM | Comments (5)

IT security place in organizational structure

Hello all,I am interested in question of your known best practice of IT security place in organizat...

Tomas Martinkenas @ 7/10/2016 1:13 PM | Comments (1)

Return On Security Investment (ROSI)

Hi All,There's alot of theory thrown around about ROSI. In theory it makes sense.But using these id...

Ross Peachey @ 6/5/2016 7:11 AM | Comments (0)

Aviation Cyber Security Management

I need information about typical organizational structure of information security areas in commerci...

rsabella24 @ 5/29/2016 8:26 AM | Comments (1)

Head of infosec job description

what is the ideal job description for Head of information security to setup a new infosec team in a...

Tarek EL-Sherif @ 5/22/2016 5:50 AM | Comments (1)

Job Description

what is the ideal job description for Head of information security

Tarek EL-Sherif @ 5/22/2016 2:03 AM | Comments (3)

Have we forgotten how to do the basics?

Auditor: "Please show me your CIs for the end-to-end service chain for application XXX (from a...

Phil Green @ 5/5/2016 3:37 AM | Comments (0)

Where did Change Control really start?

We all know change control starts from a request (whether it's a user request or business request),...

ShanShan @ 5/3/2016 1:55 PM | Comments (2)

KPI for IT Control ISO 27002

I am looking for template or any advice from you regarding IT control KPI if functions are distribu...

Tomas Martinkenas @ 4/26/2016 7:17 AM | Comments (0)

ISO 27001 Internal Audits

ISO 27001 internal audits can be a strain on resource, especially if as Information Security Manage...

Len Shingler @ 4/11/2016 7:08 AM | Comments (2)

Mobile Malware

To what extent is mobile malware a significant threat to enterprises? There's alot of discussion ab...

Ross Peachey @ 4/11/2016 6:50 AM | Comments (1)

ArcSight Flex connector expert

Hello, I am looking for help with developing categorization for ArcSight Flex connector. If anyone ...

Anita165 @ 3/22/2016 7:55 AM | Comments (0)

Cyber Security Awareness Program for eployees

Hello,I am working on a Cyber Security Awareness program for my company and I was looking for some ...

uvesed @ 2/1/2016 11:38 AM | Comments (9)

What did CISM do for you?

ISACA recently awarded the 30,000th CISM certification. Since its introduction in 2002, the CISM cr...

Marc Vael @ 1/26/2016 7:23 PM | Comments (4)

RE: Developer Access to Production

Limited access - role to menu mapping should be followed, this way restriction of what is accessibl...

Rama Ramachandran @ 7/21/2016 5:05 AM

RE: Developer Access to Production

I advise to use different accounts for developing and for support work on production environment. S...

Gilbert van Zeijl @ 7/21/2016 2:21 AM

RE: Developer Access to Production

Segregation of duties should be vital to any organization. There have been multiple accounts where ...

modym @ 7/20/2016 6:56 AM

RE: Developer Access to Production

Best Practice is to limit complete access to both environments. Developers should not have access t...

Phil Green @ 7/20/2016 6:33 AM

RE: Developer Access to Production

Best Practice is to limit complete access to both environments. Developers should not have access t...

Peter878 @ 7/20/2016 6:28 AM

RE: IT security place in organizational structure

IT Security should be part of IT Management. Depending on the size of your organisation this could ...

Gilbert van Zeijl @ 7/11/2016 2:20 AM

RE: Where did Change Control really start?

The core of this comes from Process Quality Assurance. To start a process, certain minimum inputs, ...

Don Turnblade @ 6/2/2016 11:53 AM

RE: Aviation Cyber Security Management

Perhaps this document will help. https://www.thalesgroup.com/sites/default/files/asset/document/Tha...

Rendy Fathrullah @ 5/29/2016 9:22 AM

RE: Head of infosec job description

My advice would be to take a look at job board to see what is being asked for in the first instance.

Phil Green @ 5/28/2016 2:33 AM

RE: Where did Change Control really start?

I've come across this - putting proposed changes on an initial "pre-processing" log to de...

Phil Green @ 5/28/2016 2:21 AM

RE: ISO 27001 Internal Audits

I would involve people who do not have any stake in the department that you are auditing. For examp...

Shruti Kulkarni @ 5/25/2016 8:21 AM

RE: Job Description

The ideal Head of Infosec job description is the one that best describes the needs and requirements...

Peter O'Toole @ 5/22/2016 6:40 AM

RE: Job Description

Thanks Andy for your reply, actually I am working in a bank and need to setup a new infosec team, i...

Tarek EL-Sherif @ 5/22/2016 5:21 AM

RE: Job Description

The ideal Head of Infosec job description is the one that best describes the needs and requirements...

Andy772 @ 5/22/2016 3:10 AM

RE: ISO 27001 Internal Audits

Dear Len,I would say, you can not!during my job as security officer for a large hospital I faced th...

Gilbert van Zeijl @ 4/11/2016 7:23 AM

Security Operation Center Roadmap

HelloI need your expertise help to make a roadmap document forestablishing a new security operation...

Elsayed @ 2/18/2015 7:54 AM | Comments (20)

Sending a severe message to everyone

Dear Gentlemen,I have a topic here I need to your expert advice, in a newlyformed Information secur...

Elsayed @ 4/27/2015 12:00 PM | Comments (13)

Mandatory Security Design Considerations for the IoT / IoE

NEW!! Here's the next one of my IoT / IoE Security series (continued from last one): http://blog.no...

Michael S. Oberlaender @ 2/4/2015 9:57 PM | Comments (9)

Cyber Security Awareness Program for eployees

Hello,I am working on a Cyber Security Awareness program for my company and I was looking for some ...

uvesed @ 2/1/2016 11:38 AM | Comments (9)

Security Operational Center Matrix

Hello guys, I've done a matrix example for SOC activities, i would share it with you and your advic...

Damien643 @ 4/16/2015 9:10 PM | Comments (8)

Why is so difficult train the management about the importance of engage in a Security certification process?

In my experience is not so easy to convince Mangement about the importance to work towards a certif...

Cristina Ledesma @ 5/26/2014 8:50 AM | Comments (8)

Information Security Management

Hi All, I'm going to start the first step as a head of information security, my current position in...

Tarek EL-Sherif @ 1/14/2016 5:11 AM | Comments (7)

InfoSec models inter-relationship mappings

I am looking for mapping of SABSA attributes taxonomy to ISO 27001's PDCA, ITIL & COBIT 5 model...

D'LionKing @ 8/22/2014 12:41 PM | Comments (7)

CISM CERT

Does anyone know of a CISM study group for the upcoming exam, or have any suggestions on what and h...

REGGIE554 @ 4/20/2015 3:52 PM | Comments (7)

Definition of 'security breach'

On the basis that there is no such thing as a 'stupid' question (and assume positive intent), can w...

Phil Green @ 11/18/2015 5:21 AM | Comments (7)

Applying military strategy to IT problems

It is well known that strategic management borrows heavily from military science.. How far do you a...

Simiyu @ 11/21/2013 9:54 PM | Comments (6)

Is gamification a solution for the information security awareness?

Hype or not, gamification becomes a professional solution which expands out of the entertainment an...

Marc Vael @ 1/5/2012 12:09 PM | Comments (6)

If a company wants to donate PC's to a charity, what is the right procedure for deleting all data?

A question started byAbbas Kudrati, Head - Quality & Information Security Standard at eGovernme...

Marc Vael @ 6/15/2010 8:45 AM | Comments (6)

Information Security Governance: Why Is it Not More Prevasive?

I am an avid believer in the concept of information security governance, and I believe this concept...

Eugene510 @ 8/24/2010 1:20 PM | Comments (5)

Developer Access to Production

What is best practice to trace Developers' Access to Production Environment for any given applicati...

Jothirao @ 7/20/2016 6:19 AM | Comments (5)