Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

NEW! Participate in Discussions Via Email. 

You can now respond to discussions by simply replying to the email alert. Just enable this feature in discussions on this topic. Learn more

Subscribe to all discussions

Recent Discussions

Outsourcing:- information security as a service

What are the challenges, what should be the scope limitation, how do you enhance privacy of your da...

Simiyu @ 7/23/2014 2:29 AM | Comments (0)

Why is so difficult train the management about the importance of engage in a Security certification process?

In my experience is not so easy to convince Mangement about the importance to work towards a certif...

Cristina Ledesma @ 5/26/2014 8:50 AM | Comments (8)

Social Engineering

The idea is to analize this topic by its different components, information, people and legal consec...

Cristina Ledesma @ 2/17/2014 6:08 AM | Comments (5)

IS Governance

I want to know what techniques / methodologies are used to implement governance in IS, I mean for i...

Cristina Ledesma @ 2/3/2014 5:00 AM | Comments (1)

Content, Frequency and Effectiveness of IT Security Awareness

What suggestions do you have for increasing awareness without resulting in "training" fat...

LJC @ 1/15/2014 10:49 AM | Comments (4)

Applying military strategy to IT problems

It is well known that strategic management borrows heavily from military science.. How far do you a...

Simiyu @ 11/21/2013 9:54 PM | Comments (6)

Transferring Risk management: ISO27000 to COBIT

Has anyone had experience transferring their existing ISO 27000 risk management into the COBIT fram...

Catherine002 @ 11/3/2013 7:28 PM | Comments (1)

Let us make this group more active

Our group is sliding towards being inactive. Let us create time to discuss and share knowledge by w...

Simiyu @ 9/25/2013 1:28 AM | Comments (1)

What is Information Security Process Design All About?

Hello Everyone,Please i need your assistance in knowing what Information Security Process Design is...

Mary564 @ 9/13/2013 11:38 AM | Comments (1)

Secure file exchange

Hi everyone, Will be happy if someone can help with opinion or best practice here. I've got the fol...

Lilia Georgieva @ 8/16/2013 8:42 AM | Comments (0)

Is the Cloud Mature Enough to be Considered Mature

In 2012 the Cloud Security Alliance and ISACA conducted a Cloud Computing Market Maturity study tha...

Ron Hale Ph.D. CISM @ 8/12/2013 10:53 AM | Comments (0)

Information security audit for a core banking systems

I am looking for a generic (or tailored) template for auditing information security controls for a ...

Simiyu @ 7/30/2013 12:31 AM | Comments (2)

Security Management at INSIGHTS 2013

Hi all,at INSIGHTS 2013 (http://www.isaca.org/Education/Conferences/Pages/INSIGHTS-2013.aspx) the t...

Marc Vael @ 4/12/2013 4:36 AM | Comments (0)

Relationship between IT Audit ad Information Security

Greetings!I need some advice since my searches have not come up with much just yet.Does anyone know...

edward352 @ 4/7/2013 9:09 AM | Comments (0)

Brand new book about Security Management "C(I)SO - And Now What"

Hello Thought Leaders - I have published a new book for exactly our group (title: "C(I)SO - An...

Michael S. Oberlaender @ 4/5/2013 12:52 PM | Comments (1)

RE: Why is so difficult train the management about the importance of engage in a Security certification process?

True, Len.As you mentioned, there is no single approach to such a challenge. My approach was simila...

Simiyu @ 5/27/2014 5:04 AM

RE: Why is so difficult train the management about the importance of engage in a Security certification process?

Simiyu, a difficult question to say the least, no easy answer! You need to know your customer and h...

Len Shingler @ 5/27/2014 4:29 AM

RE: Why is so difficult train the management about the importance of engage in a Security certification process?

Len Shingler, you are absolutely right. In one of my consultancies I was tasked by the executive ma...

Simiyu @ 5/27/2014 3:41 AM

RE: Why is so difficult train the management about the importance of engage in a Security certification process?

In my experience management are really interested in reputation and the bottom line. Certification ...

Len Shingler @ 5/27/2014 3:17 AM

RE: Applying BMIS in practice

In my view system thinking is critical component of InfoSec dynamics and not the other way round.

Simiyu @ 5/26/2014 10:01 AM

RE: Applying BMIS in practice

In my view system thinking is critical component of InfoSec dynamics and not the other way round.

Simiyu @ 5/26/2014 10:01 AM

RE: Why is so difficult train the management about the importance of engage in a Security certification process?

I have also experienced the same. It is always difficult to sell 3rd party InfoSec certification to...

Simiyu @ 5/26/2014 9:29 AM

RE: Why is so difficult train the management about the importance of engage in a Security certification process?

I have also experienced the same. It is always difficult to sell 3rd party InfoSec certification to...

Simiyu @ 5/26/2014 9:29 AM

RE: Why is so difficult train the management about the importance of engage in a Security certification process?

In my experience they are in "overflow" of day to day operations so they have not time to...

Cristina Ledesma @ 5/26/2014 8:53 AM

RE: Applying military strategy to IT problems

This comment has been deleted by the administrator

Len Shingler @ 4/8/2014 9:22 AM

RE: Applying military strategy to IT problems

This comment has been deleted by the administrator

Eric Andersen @ 4/8/2014 9:12 AM

RE: Applying military strategy to IT problems

This comment has been deleted by the administrator

MaconMac @ 4/8/2014 9:11 AM

RE: Applying military strategy to IT problems

I agree that there are many parallels. Agility is one of the key themes in the article, but even to...

Ross Peachey @ 4/8/2014 9:10 AM

RE: Social Engineering

Often it's assumed that organisations have a single "culture". Christina, you raise a goo...

Ross Peachey @ 4/3/2014 4:46 PM

Why is so difficult train the management about the importance of engage in a Security certification process?

In my experience is not so easy to convince Mangement about the importance to work towards a certif...

Cristina Ledesma @ 5/26/2014 8:50 AM | Comments (8)

Applying military strategy to IT problems

It is well known that strategic management borrows heavily from military science.. How far do you a...

Simiyu @ 11/21/2013 9:54 PM | Comments (6)

If a company wants to donate PC's to a charity, what is the right procedure for deleting all data?

A question started byAbbas Kudrati, Head - Quality & Information Security Standard at eGovernme...

Marc Vael @ 6/15/2010 8:45 AM | Comments (6)

Is gamification a solution for the information security awareness?

Hype or not, gamification becomes a professional solution which expands out of the entertainment an...

Marc Vael @ 1/5/2012 12:09 PM | Comments (6)

Information Security Governance: Why Is it Not More Prevasive?

I am an avid believer in the concept of information security governance, and I believe this concept...

Eugene510 @ 8/24/2010 1:20 PM | Comments (5)

CISA or CISM which one should I go for?

I am currently pursuing MS in Information Security. I have no work experience.Now I want to do a ce...

Rahul Das @ 6/30/2012 1:35 AM | Comments (5)

Social Engineering

The idea is to analize this topic by its different components, information, people and legal consec...

Cristina Ledesma @ 2/17/2014 6:08 AM | Comments (5)

New to IS Management

I have just been given responsibility for Information Security Management within my organisation.  ...

PHolmes @ 6/17/2011 9:47 AM | Comments (4)

Applying BMIS in practice

BMIS promotes systems thinking dynamic approach which can solve the balance question between pragma...

Marc Vael @ 5/25/2011 5:49 PM | Comments (4)

Greetings, and A Challenge to Our Members

Greetings to everyone who has joined our group for Information Security Management.  On behalf of I...

David Scott @ 11/16/2011 4:12 PM | Comments (4)

ISO 27001 Policy audits

HiFor those who have experience of ISO 27001 Accreditation audits can you tell me if the auditors a...

Len Shingler @ 2/21/2013 11:20 AM | Comments (4)

Content, Frequency and Effectiveness of IT Security Awareness

What suggestions do you have for increasing awareness without resulting in "training" fat...

LJC @ 1/15/2014 10:49 AM | Comments (4)

How to align between IT Audit, IT Assurance and Information Security(Infosec)

Hello, all. I would really like to get/have your expert view on this title. Lets say in an organisa...

Taty @ 9/11/2012 1:17 AM | Comments (3)

Cloud Computing & Security Management

Is cloud computing enhancing or worsening the security management for a company?

Marc Vael @ 6/10/2010 9:47 AM | Comments (3)

Reading recommendations?

Having moved relatively recently from IT Audit to Information Security, I'm looking to read around ...

Matt @ 1/17/2011 1:19 PM | Comments (3)