Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

 

NEW! Activity Badges

Badges help others understand your level of community activity and your reputation as a contributor within the Knowledge Center. Learn More.

Subscribe to all discussions

Recent Discussions

Return On Security Investment (ROSI)

Hi All,There's alot of theory thrown around about ROSI. In theory it makes sense.But using these id...

Ross Peachey @ 6/5/2016 7:11 AM | Comments (0)

Aviation Cyber Security Management

I need information about typical organizational structure of information security areas in commerci...

rsabella24 @ 5/29/2016 8:26 AM | Comments (1)

Head of infosec job description

what is the ideal job description for Head of information security to setup a new infosec team in a...

Tarek EL-Sherif @ 5/22/2016 5:50 AM | Comments (1)

Job Description

what is the ideal job description for Head of information security

Tarek EL-Sherif @ 5/22/2016 2:03 AM | Comments (3)

Have we forgotten how to do the basics?

Auditor: "Please show me your CIs for the end-to-end service chain for application XXX (from a...

Phil Green @ 5/5/2016 3:37 AM | Comments (0)

Where did Change Control really start?

We all know change control starts from a request (whether it's a user request or business request),...

ShanShan @ 5/3/2016 1:55 PM | Comments (2)

KPI for IT Control ISO 27002

I am looking for template or any advice from you regarding IT control KPI if functions are distribu...

Tomas Martinkenas @ 4/26/2016 7:17 AM | Comments (0)

ISO 27001 Internal Audits

ISO 27001 internal audits can be a strain on resource, especially if as Information Security Manage...

Len Shingler @ 4/11/2016 7:08 AM | Comments (2)

Mobile Malware

To what extent is mobile malware a significant threat to enterprises? There's alot of discussion ab...

Ross Peachey @ 4/11/2016 6:50 AM | Comments (1)

ArcSight Flex connector expert

Hello, I am looking for help with developing categorization for ArcSight Flex connector. If anyone ...

Anita165 @ 3/22/2016 7:55 AM | Comments (0)

Cyber Security Awareness Program for eployees

Hello,I am working on a Cyber Security Awareness program for my company and I was looking for some ...

uvesed @ 2/1/2016 11:38 AM | Comments (9)

What did CISM do for you?

ISACA recently awarded the 30,000th CISM certification. Since its introduction in 2002, the CISM cr...

Marc Vael @ 1/26/2016 7:23 PM | Comments (4)

Disabling Network Accounts

Hello, I am looking for documentation to support a recommendation that a user’s network account sho...

Angela468 @ 1/15/2016 11:04 AM | Comments (5)

Information Security Management

Hi All, I'm going to start the first step as a head of information security, my current position in...

Tarek EL-Sherif @ 1/14/2016 5:11 AM | Comments (7)

Use Cases for Security Incident Management

Does anyone have (or can point me to) a good set of generic use cases for security incident managem...

Phil Green @ 1/3/2016 5:06 AM | Comments (0)

RE: Where did Change Control really start?

The core of this comes from Process Quality Assurance. To start a process, certain minimum inputs, ...

Don Turnblade @ 6/2/2016 11:53 AM

RE: Aviation Cyber Security Management

Perhaps this document will help. https://www.thalesgroup.com/sites/default/files/asset/document/Tha...

Rendy Fathrullah @ 5/29/2016 9:22 AM

RE: Head of infosec job description

My advice would be to take a look at job board to see what is being asked for in the first instance.

Phil Green @ 5/28/2016 2:33 AM

RE: Where did Change Control really start?

I've come across this - putting proposed changes on an initial "pre-processing" log to de...

Phil Green @ 5/28/2016 2:21 AM

RE: ISO 27001 Internal Audits

I would involve people who do not have any stake in the department that you are auditing. For examp...

Shruti Kulkarni @ 5/25/2016 8:21 AM

RE: Job Description

The ideal Head of Infosec job description is the one that best describes the needs and requirements...

Peter O'Toole @ 5/22/2016 6:40 AM

RE: Job Description

Thanks Andy for your reply, actually I am working in a bank and need to setup a new infosec team, i...

Tarek EL-Sherif @ 5/22/2016 5:21 AM

RE: Job Description

The ideal Head of Infosec job description is the one that best describes the needs and requirements...

Andy772 @ 5/22/2016 3:10 AM

RE: ISO 27001 Internal Audits

Dear Len,I would say, you can not!during my job as security officer for a large hospital I faced th...

Gilbert van Zeijl @ 4/11/2016 7:23 AM

RE: Mobile Malware

Enterprise is at risk through the mobile vector. Although malware makes a very small part of that r...

Gilbert van Zeijl @ 4/11/2016 7:16 AM

RE: Cyber Security Awareness Program for eployees

Examples based on risk management methodologies such as Black Swan, Perfect Storm can be used. It w...

nooruddin @ 2/24/2016 3:46 AM

RE: What did CISM do for you?

I can relate to Gilbert's comments. The 'big picture' perspective that CISM provides is one of the ...

Ross Peachey @ 2/20/2016 4:19 PM

RE: What did CISM do for you?

Thanks all for the interesting discussion, I have the CISA qualification and have been considering ...

Oakwell @ 2/19/2016 3:42 AM

RE: What did CISM do for you?

I decided to go with CISM as I was into more of managerial stream of Information Security concentra...

SakthivelRajan326 @ 2/11/2016 12:40 AM

RE: Cyber Security Awareness Program for eployees

Thank you all for the suggestions. I will definitely be incorporating them as I continue to work on...

uvesed @ 2/5/2016 4:09 PM

Security Operation Center Roadmap

HelloI need your expertise help to make a roadmap document forestablishing a new security operation...

Elsayed @ 2/18/2015 7:54 AM | Comments (20)

Sending a severe message to everyone

Dear Gentlemen,I have a topic here I need to your expert advice, in a newlyformed Information secur...

Elsayed @ 4/27/2015 12:00 PM | Comments (13)

Cyber Security Awareness Program for eployees

Hello,I am working on a Cyber Security Awareness program for my company and I was looking for some ...

uvesed @ 2/1/2016 11:38 AM | Comments (9)

Mandatory Security Design Considerations for the IoT / IoE

NEW!! Here's the next one of my IoT / IoE Security series (continued from last one): http://blog.no...

Michael S. Oberlaender @ 2/4/2015 9:57 PM | Comments (9)

Why is so difficult train the management about the importance of engage in a Security certification process?

In my experience is not so easy to convince Mangement about the importance to work towards a certif...

Cristina Ledesma @ 5/26/2014 8:50 AM | Comments (8)

Security Operational Center Matrix

Hello guys, I've done a matrix example for SOC activities, i would share it with you and your advic...

Damien643 @ 4/16/2015 9:10 PM | Comments (8)

Information Security Management

Hi All, I'm going to start the first step as a head of information security, my current position in...

Tarek EL-Sherif @ 1/14/2016 5:11 AM | Comments (7)

InfoSec models inter-relationship mappings

I am looking for mapping of SABSA attributes taxonomy to ISO 27001's PDCA, ITIL & COBIT 5 model...

D'LionKing @ 8/22/2014 12:41 PM | Comments (7)

Definition of 'security breach'

On the basis that there is no such thing as a 'stupid' question (and assume positive intent), can w...

Phil Green @ 11/18/2015 5:21 AM | Comments (7)

CISM CERT

Does anyone know of a CISM study group for the upcoming exam, or have any suggestions on what and h...

REGGIE554 @ 4/20/2015 3:52 PM | Comments (7)

Applying military strategy to IT problems

It is well known that strategic management borrows heavily from military science.. How far do you a...

Simiyu @ 11/21/2013 9:54 PM | Comments (6)

Is gamification a solution for the information security awareness?

Hype or not, gamification becomes a professional solution which expands out of the entertainment an...

Marc Vael @ 1/5/2012 12:09 PM | Comments (6)

If a company wants to donate PC's to a charity, what is the right procedure for deleting all data?

A question started byAbbas Kudrati, Head - Quality & Information Security Standard at eGovernme...

Marc Vael @ 6/15/2010 8:45 AM | Comments (6)

Information Security Governance: Why Is it Not More Prevasive?

I am an avid believer in the concept of information security governance, and I believe this concept...

Eugene510 @ 8/24/2010 1:20 PM | Comments (5)

CISO Job Description

I am looking for sample/examples of other healthcare facilities Chief Information Security Officer,...

Lisa850 @ 11/17/2014 12:34 PM | Comments (5)