Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

 

NEW! Activity Badges

Badges help others understand your level of community activity and your reputation as a contributor within the Knowledge Center. Learn More.

Subscribe to all discussions

Recent Discussions

Threat Taxonomies

Hi All,I've been asked by a colleague about information security Threat Taxomonies (or lists) to as...

Ross Peachey @ 3/24/2015 7:53 AM | Comments (2)

CISO Role: Connecting Security to Business

Many writers urgue that CISOs are generally misunderstood and under-appreciated by their C-Level Pe...

Simiyu @ 3/24/2015 1:10 AM | Comments (0)

Threat Management

I need your expert advice about threat management solution like(NorseDark Watch, FireEye,SurfWatch)...

AHMED359 @ 3/8/2015 6:56 AM | Comments (1)

Privacy and Humanity Elements for the IoT / IoE

NEW!! Last piece of my IoT Security series: Privacy and Humanity Elements for the IoT / IoE: #InfoS...

Michael S. Oberlaender @ 2/18/2015 4:15 PM | Comments (0)

Security Operation Center Roadmap

HelloI need your expertise help to make a roadmap document forestablishing a new security operation...

AHMED359 @ 2/18/2015 7:54 AM | Comments (20)

Challenges in Implementing BYOD in corporate environment

Many organizations today are looking in to implementing BYOD in there corporate environment. how ca...

Sudarsha627 @ 2/11/2015 1:17 AM | Comments (4)

Mandatory Security Design Considerations for the IoT / IoE

NEW!! Here's the next one of my IoT / IoE Security series (continued from last one): http://blog.no...

Michael S. Oberlaender @ 2/4/2015 9:57 PM | Comments (9)

IoT / IoE: If It Has an IP Address, It Can Be Hacked

Please find my latest article here: http://blog.norsecorp.com/2015/01/26/iot-ioe-if-it-has-an-ip-ad...

Michael S. Oberlaender @ 1/27/2015 12:22 PM | Comments (4)

Managing the Information Security Life Cycle

This is an interesting article to share about Managing the Information Security Life Cyclehttp://ww...

AHMED359 @ 11/18/2014 5:39 AM | Comments (2)

CISO Job Description

I am looking for sample/examples of other healthcare facilities Chief Information Security Officer,...

Lisa850 @ 11/17/2014 12:34 PM | Comments (5)

Cyber Alert Levels

Many organisations publish "cyber alert levels" which are intended to represent the sever...

Ross Peachey @ 9/25/2014 6:21 AM | Comments (0)

IT Risk Assessment Service Selection Criteria

I am going to have the consultant to perform a holistic IT risk assessment for the company, what fa...

chungangus @ 9/24/2014 4:28 AM | Comments (4)

IS Security Reporting Structures

Our healthcare organization is reorganizing its overall reporting structures to include IS Security...

grayowl @ 9/23/2014 12:36 PM | Comments (4)

Any standard checking for security process in ITIL

I am reviewing an existing security process in the ITIL framework.  All new services have to go thr...

chungangus @ 9/14/2014 11:21 PM | Comments (3)

Asset based versus holistic information security risk assessment

On of the biggest impacts in the ISO 27001:2013 standard is the omission of the words "asset b...

Koen Béroudiaux @ 9/13/2014 3:40 AM | Comments (3)

RE: Threat Taxonomies

Dear Ross, You can give him the WASC Threat classification project (http://projects.webappsec.org/w...

Damien643 @ 3/24/2015 8:55 AM

RE: Threat Taxonomies

NIST Cybersecurity Framework comes to my mind. 1. Table 1: Category Identifiers and,2. Table 2: Cor...

Simiyu @ 3/24/2015 8:25 AM

RE: Security Operation Center Roadmap

Hello, I love your practical approach Simiyu, it's a great article based on experience Simiyu and R...

Damien643 @ 3/24/2015 6:30 AM

RE: Security Operation Center Roadmap

Wow these are great insights. I am gratefull for the pointers. I started with the 80/20 rule being ...

Benjamin715 @ 3/24/2015 12:57 AM

RE: Security Operation Center Roadmap

This is a great article Simiyu, thanks for sharing

AHMED359 @ 3/24/2015 12:39 AM

RE: Security Operation Center Roadmap

AHMED359.... You may wish to read more on the subject. The below article appeared in ISACA Vol 5 of...

Ross Peachey @ 3/23/2015 11:28 PM

RE: Security Operation Center Roadmap

@Benjamin, as you are no doubt aware, there are a range of processes/models/techniques that have be...

Ross Peachey @ 3/23/2015 11:22 PM

RE: Security Operation Center Roadmap

AHMED359.... You may wish to read more on the subject. The below article appeared in ISACA Vol 5 of...

Simiyu @ 3/23/2015 11:21 PM

RE: Security Operation Center Roadmap

I've recently implemented a sound change management process in our organization and the key steps w...

DanielM @ 3/21/2015 4:32 PM

RE: Security Operation Center Roadmap

Hi Ahmed et All how do you implement a good change management process in an environment where every...

Benjamin715 @ 3/21/2015 1:34 AM

RE: Security Operation Center Roadmap

Thank you everybody for the valuable advice, I think later on we will have more discussions during ...

AHMED359 @ 3/20/2015 2:09 PM

RE: Security Operation Center Roadmap

Hello evereybody, - AHMED: with pleasure. - As said Simiyu, ‎it's expected. Change create fears or ...

Damien643 @ 3/20/2015 10:41 AM

RE: Security Operation Center Roadmap

AHMED359... You have nailed it right. As for resistance, that is expected in any human interactions...

Simiyu @ 3/20/2015 9:10 AM

RE: Security Operation Center Roadmap

Thank you Simiyu and Ross for the advice, I think the first step I am going to do after I prepared ...

AHMED359 @ 3/20/2015 8:12 AM

RE: Security Operation Center Roadmap

Hi Ahmed, As always, Simiyu's advice is particularly wise. Particularly the bit about risk manageme...

Ross Peachey @ 3/20/2015 5:04 AM

Security Operation Center Roadmap

HelloI need your expertise help to make a roadmap document forestablishing a new security operation...

AHMED359 @ 2/18/2015 7:54 AM | Comments (20)

Mandatory Security Design Considerations for the IoT / IoE

NEW!! Here's the next one of my IoT / IoE Security series (continued from last one): http://blog.no...

Michael S. Oberlaender @ 2/4/2015 9:57 PM | Comments (9)

Why is so difficult train the management about the importance of engage in a Security certification process?

In my experience is not so easy to convince Mangement about the importance to work towards a certif...

Cristina Ledesma @ 5/26/2014 8:50 AM | Comments (8)

InfoSec models inter-relationship mappings

I am looking for mapping of SABSA attributes taxonomy to ISO 27001's PDCA, ITIL & COBIT 5 model...

Glory Idehen @ 8/22/2014 12:41 PM | Comments (7)

Is gamification a solution for the information security awareness?

Hype or not, gamification becomes a professional solution which expands out of the entertainment an...

Marc Vael @ 1/5/2012 12:09 PM | Comments (6)

If a company wants to donate PC's to a charity, what is the right procedure for deleting all data?

A question started byAbbas Kudrati, Head - Quality & Information Security Standard at eGovernme...

Marc Vael @ 6/15/2010 8:45 AM | Comments (6)

Applying military strategy to IT problems

It is well known that strategic management borrows heavily from military science.. How far do you a...

Simiyu @ 11/21/2013 9:54 PM | Comments (6)

CISA or CISM which one should I go for?

I am currently pursuing MS in Information Security. I have no work experience.Now I want to do a ce...

Rahul Das @ 6/30/2012 1:35 AM | Comments (5)

CISO Job Description

I am looking for sample/examples of other healthcare facilities Chief Information Security Officer,...

Lisa850 @ 11/17/2014 12:34 PM | Comments (5)

Information Security Governance: Why Is it Not More Prevasive?

I am an avid believer in the concept of information security governance, and I believe this concept...

Eugene510 @ 8/24/2010 1:20 PM | Comments (5)

Social Engineering

The idea is to analize this topic by its different components, information, people and legal consec...

Cristina Ledesma @ 2/17/2014 6:08 AM | Comments (5)

Security Access Review Scope or Depth Query

Dear All,I think a security access review or identity certification is a common task to examine the...

chungangus @ 8/19/2014 11:05 PM | Comments (4)

New to IS Management

I have just been given responsibility for Information Security Management within my organisation.  ...

PHolmes @ 6/17/2011 9:47 AM | Comments (4)

Outsourcing:- information security as a service

What are the challenges, what should be the scope limitation, how do you enhance privacy of your da...

Simiyu @ 7/23/2014 2:29 AM | Comments (4)

ISO 27001 Policy audits

HiFor those who have experience of ISO 27001 Accreditation audits can you tell me if the auditors a...

Len Shingler @ 2/21/2013 11:20 AM | Comments (4)