Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

 

NEW! Activity Badges

Badges help others understand your level of community activity and your reputation as a contributor within the Knowledge Center. Learn More.

Subscribe to all discussions

Recent Discussions

KPI for IT Control ISO 27002

I am looking for template or any advice from you regarding IT control KPI if functions are distribu...

Tomas Martinkenas @ 4/26/2016 7:17 AM | Comments (0)

ISO 27001 Internal Audits

ISO 27001 internal audits can be a strain on resource, especially if as Information Security Manage...

Len Shingler @ 4/11/2016 7:08 AM | Comments (1)

Mobile Malware

To what extent is mobile malware a significant threat to enterprises? There's alot of discussion ab...

Ross Peachey @ 4/11/2016 6:50 AM | Comments (1)

ArcSight Flex connector expert

Hello, I am looking for help with developing categorization for ArcSight Flex connector. If anyone ...

Anita165 @ 3/22/2016 7:55 AM | Comments (0)

Cyber Security Awareness Program for eployees

Hello,I am working on a Cyber Security Awareness program for my company and I was looking for some ...

uvesed @ 2/1/2016 11:38 AM | Comments (9)

What did CISM do for you?

ISACA recently awarded the 30,000th CISM certification. Since its introduction in 2002, the CISM cr...

Marc Vael @ 1/26/2016 7:23 PM | Comments (4)

Disabling Network Accounts

Hello, I am looking for documentation to support a recommendation that a user’s network account sho...

Angela468 @ 1/15/2016 11:04 AM | Comments (5)

Information Security Management

Hi All, I'm going to start the first step as a head of information security, my current position in...

Tarek EL-Sherif @ 1/14/2016 5:11 AM | Comments (7)

Use Cases for Security Incident Management

Does anyone have (or can point me to) a good set of generic use cases for security incident managem...

Phil Green @ 1/3/2016 5:06 AM | Comments (0)

Data Breaches - this time it's personal!

Although the details in this article are not perfect, it does give a good broad view of what is hap...

Phil Green @ 12/16/2015 1:51 AM | Comments (0)

Definition of 'security breach'

On the basis that there is no such thing as a 'stupid' question (and assume positive intent), can w...

Phil Green @ 11/18/2015 5:21 AM | Comments (7)

Security Program Reporting

Hi All,I'm interested in what measures people are reporting upwards to demonstrate that the securit...

Ross Peachey @ 11/2/2015 2:44 AM | Comments (2)

Security Awareness Content

Is there a document/resource on the ISACA website which provides some content on Security Awareness...

Sharad407 @ 10/13/2015 3:44 PM | Comments (5)

Risk Acceptance

HelloWhen doing an assessment for a new solution orsystem, and you identify critical, high, med, an...

Elsayed @ 9/5/2015 9:15 AM | Comments (5)

Flipboard Mag for CISOs by CISO

Dear allPlease find  link for FlipBoard Magazine, created for CISOs by CISO.http://flip.it/IAxcaFor...

Gupta Boda @ 8/4/2015 1:54 PM | Comments (3)

RE: ISO 27001 Internal Audits

Dear Len,I would say, you can not!during my job as security officer for a large hospital I faced th...

Gilbert van Zeijl @ 4/11/2016 7:23 AM

RE: Mobile Malware

Enterprise is at risk through the mobile vector. Although malware makes a very small part of that r...

Gilbert van Zeijl @ 4/11/2016 7:16 AM

RE: Cyber Security Awareness Program for eployees

Examples based on risk management methodologies such as Black Swan, Perfect Storm can be used. It w...

nooruddin @ 2/24/2016 3:46 AM

RE: What did CISM do for you?

I can relate to Gilbert's comments. The 'big picture' perspective that CISM provides is one of the ...

Ross Peachey @ 2/20/2016 4:19 PM

RE: What did CISM do for you?

Thanks all for the interesting discussion, I have the CISA qualification and have been considering ...

Oakwell @ 2/19/2016 3:42 AM

RE: What did CISM do for you?

I decided to go with CISM as I was into more of managerial stream of Information Security concentra...

SakthivelRajan326 @ 2/11/2016 12:40 AM

RE: Cyber Security Awareness Program for eployees

Thank you all for the suggestions. I will definitely be incorporating them as I continue to work on...

uvesed @ 2/5/2016 4:09 PM

RE: Cyber Security Awareness Program for eployees

Try to make any training and awareness personal.  By this I mean start talking about how to protect...

Graham880 @ 2/4/2016 12:39 PM

RE: Cyber Security Awareness Program for eployees

Another element I forgot to add is my organization, as part of the security awareness program, adde...

modym @ 2/3/2016 1:00 PM

RE: Cyber Security Awareness Program for eployees

Hello, From my point of view some questions are important. Who is the audience target? Which topics...

Damien643 @ 2/3/2016 12:35 PM

RE: Cyber Security Awareness Program for eployees

IMHO phishing exercises have become crucial to any security awareness training. As a general indust...

Phil Green @ 2/3/2016 10:06 AM

RE: Cyber Security Awareness Program for eployees

IMHO phishing exercises have become crucial to any security awareness training. As a general indust...

modym @ 2/3/2016 9:51 AM

RE: Cyber Security Awareness Program for eployees

Hi Suresh,Thanks for your response. In my case we have a course dev and presentation system in plac...

uvesed @ 2/3/2016 9:27 AM

RE: Cyber Security Awareness Program for eployees

Hi Uves,I am in a similar process of putting together Cyber Security Awareness program as well and ...

Suresh863 @ 2/1/2016 12:00 PM

RE: What did CISM do for you?

For me CISM put all pieces of the puzzle in the right place. The moment I decided to take the CISM ...

Gilbert van Zeijl @ 1/27/2016 2:36 AM

Security Operation Center Roadmap

HelloI need your expertise help to make a roadmap document forestablishing a new security operation...

Elsayed @ 2/18/2015 7:54 AM | Comments (20)

Sending a severe message to everyone

Dear Gentlemen,I have a topic here I need to your expert advice, in a newlyformed Information secur...

Elsayed @ 4/27/2015 12:00 PM | Comments (13)

Cyber Security Awareness Program for eployees

Hello,I am working on a Cyber Security Awareness program for my company and I was looking for some ...

uvesed @ 2/1/2016 11:38 AM | Comments (9)

Mandatory Security Design Considerations for the IoT / IoE

NEW!! Here's the next one of my IoT / IoE Security series (continued from last one): http://blog.no...

Michael S. Oberlaender @ 2/4/2015 9:57 PM | Comments (9)

Security Operational Center Matrix

Hello guys, I've done a matrix example for SOC activities, i would share it with you and your advic...

Damien643 @ 4/16/2015 9:10 PM | Comments (8)

Why is so difficult train the management about the importance of engage in a Security certification process?

In my experience is not so easy to convince Mangement about the importance to work towards a certif...

Cristina Ledesma @ 5/26/2014 8:50 AM | Comments (8)

Information Security Management

Hi All, I'm going to start the first step as a head of information security, my current position in...

Tarek EL-Sherif @ 1/14/2016 5:11 AM | Comments (7)

InfoSec models inter-relationship mappings

I am looking for mapping of SABSA attributes taxonomy to ISO 27001's PDCA, ITIL & COBIT 5 model...

D'LionKing @ 8/22/2014 12:41 PM | Comments (7)

CISM CERT

Does anyone know of a CISM study group for the upcoming exam, or have any suggestions on what and h...

REGGIE554 @ 4/20/2015 3:52 PM | Comments (7)

Definition of 'security breach'

On the basis that there is no such thing as a 'stupid' question (and assume positive intent), can w...

Phil Green @ 11/18/2015 5:21 AM | Comments (7)

Applying military strategy to IT problems

It is well known that strategic management borrows heavily from military science.. How far do you a...

Simiyu @ 11/21/2013 9:54 PM | Comments (6)

If a company wants to donate PC's to a charity, what is the right procedure for deleting all data?

A question started byAbbas Kudrati, Head - Quality & Information Security Standard at eGovernme...

Marc Vael @ 6/15/2010 8:45 AM | Comments (6)

Is gamification a solution for the information security awareness?

Hype or not, gamification becomes a professional solution which expands out of the entertainment an...

Marc Vael @ 1/5/2012 12:09 PM | Comments (6)

Information Security Governance: Why Is it Not More Prevasive?

I am an avid believer in the concept of information security governance, and I believe this concept...

Eugene510 @ 8/24/2010 1:20 PM | Comments (5)

Password Management - still safe to store your password there?

Last week, the popular password management software LastPass got hacked. (see link for news detail:...

ShanShan @ 6/17/2015 9:50 AM | Comments (5)