Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

 

NEW! Activity Badges

Badges help others understand your level of community activity and your reputation as a contributor within the Knowledge Center. Learn More.

Subscribe to all discussions

Recent Discussions

Cyber Security Awareness Program for eployees

Hello,I am working on a Cyber Security Awareness program for my company and I was looking for some ...

uvesed @ 2/1/2016 11:38 AM | Comments (8)

What did CISM do for you?

ISACA recently awarded the 30,000th CISM certification. Since its introduction in 2002, the CISM cr...

Marc Vael @ 1/26/2016 7:23 PM | Comments (1)

Disabling Network Accounts

Hello, I am looking for documentation to support a recommendation that a user’s network account sho...

Angela468 @ 1/15/2016 11:04 AM | Comments (5)

Information Security Management

Hi All, I'm going to start the first step as a head of information security, my current position in...

Tarek EL-Sherif @ 1/14/2016 5:11 AM | Comments (7)

Use Cases for Security Incident Management

Does anyone have (or can point me to) a good set of generic use cases for security incident managem...

Phil Green @ 1/3/2016 5:06 AM | Comments (0)

Data Breaches - this time it's personal!

Although the details in this article are not perfect, it does give a good broad view of what is hap...

Phil Green @ 12/16/2015 1:51 AM | Comments (0)

Definition of 'security breach'

On the basis that there is no such thing as a 'stupid' question (and assume positive intent), can w...

Phil Green @ 11/18/2015 5:21 AM | Comments (7)

Security Program Reporting

Hi All,I'm interested in what measures people are reporting upwards to demonstrate that the securit...

Ross Peachey @ 11/2/2015 2:44 AM | Comments (2)

Security Awareness Content

Is there a document/resource on the ISACA website which provides some content on Security Awareness...

Sharad407 @ 10/13/2015 3:44 PM | Comments (5)

Risk Acceptance

HelloWhen doing an assessment for a new solution orsystem, and you identify critical, high, med, an...

AHMED359 @ 9/5/2015 9:15 AM | Comments (5)

Flipboard Mag for CISOs by CISO

Dear allPlease find  link for FlipBoard Magazine, created for CISOs by CISO.http://flip.it/IAxcaFor...

Gupta Boda @ 8/4/2015 1:54 PM | Comments (3)

Cyber Security in Product Development: Quality is Key

FOr firms looking to integrate security controls into their product lifecycle, integration with the...

David Scott @ 7/30/2015 11:37 AM | Comments (4)

Password Management - still safe to store your password there?

Last week, the popular password management software LastPass got hacked. (see link for news detail:...

ShanShan @ 6/17/2015 9:50 AM | Comments (5)

ISACA Ireland Needs YOU!

Hope you don't mind me posting in this groupabout this year's ISACA Ireland conference, which is fo...

Neil_Curran @ 6/17/2015 4:14 AM | Comments (1)

Another breach - IRS got hacked

IRS got hacked and 100,000 records were exposed. Not enough security control in place? What do you ...

ShanShan @ 5/27/2015 8:57 AM | Comments (4)

RE: Cyber Security Awareness Program for eployees

Thank you all for the suggestions. I will definitely be incorporating them as I continue to work on...

uvesed @ 2/5/2016 4:09 PM

RE: Cyber Security Awareness Program for eployees

Try to make any training and awareness personal.  By this I mean start talking about how to protect...

Graham880 @ 2/4/2016 12:39 PM

RE: Cyber Security Awareness Program for eployees

Another element I forgot to add is my organization, as part of the security awareness program, adde...

modym @ 2/3/2016 1:00 PM

RE: Cyber Security Awareness Program for eployees

Hello, From my point of view some questions are important. Who is the audience target? Which topics...

Damien643 @ 2/3/2016 12:35 PM

RE: Cyber Security Awareness Program for eployees

IMHO phishing exercises have become crucial to any security awareness training. As a general indust...

Phil Green @ 2/3/2016 10:06 AM

RE: Cyber Security Awareness Program for eployees

IMHO phishing exercises have become crucial to any security awareness training. As a general indust...

modym @ 2/3/2016 9:51 AM

RE: Cyber Security Awareness Program for eployees

Hi Suresh,Thanks for your response. In my case we have a course dev and presentation system in plac...

uvesed @ 2/3/2016 9:27 AM

RE: Cyber Security Awareness Program for eployees

Hi Uves,I am in a similar process of putting together Cyber Security Awareness program as well and ...

Suresh863 @ 2/1/2016 12:00 PM

RE: What did CISM do for you?

For me CISM put all pieces of the puzzle in the right place. The moment I decided to take the CISM ...

Gilbert van Zeijl @ 1/27/2016 2:36 AM

RE: Information Security Management

Congrats. I sugest that first of all, you may consider to do an assessment to detect gaps then, you...

Hector359 @ 1/22/2016 5:52 PM

RE: Disabling Network Accounts

Angela I would agree with Ross here as non InfoSec personnel will not be convinced by best practice...

Len Shingler @ 1/22/2016 3:43 AM

RE: Disabling Network Accounts

BS ISO/IEC 27001:2013 see Annex A - Reference control objectives and controls (i.e A.9.1.2)

Prfssr5 @ 1/21/2016 11:30 AM

RE: Disabling Network Accounts

I am not sure network accounts could be configured to auto disable users. However, you could use gr...

Janet Joseph @ 1/21/2016 8:16 AM

RE: Information Security Management

Hi Tarak,I'd start by understanding the key assets you are tasked with protecting. What are they, w...

Ross Peachey @ 1/18/2016 6:37 AM

RE: Disabling Network Accounts

Does a "term date" mean that they've left involuntarily, or simply that they are leaving ...

Ross Peachey @ 1/18/2016 6:05 AM

Security Operation Center Roadmap

HelloI need your expertise help to make a roadmap document forestablishing a new security operation...

AHMED359 @ 2/18/2015 7:54 AM | Comments (20)

Sending a severe message to everyone

Dear Gentlemen,I have a topic here I need to your expert advice, in a newlyformed Information secur...

AHMED359 @ 4/27/2015 12:00 PM | Comments (13)

Mandatory Security Design Considerations for the IoT / IoE

NEW!! Here's the next one of my IoT / IoE Security series (continued from last one): http://blog.no...

Michael S. Oberlaender @ 2/4/2015 9:57 PM | Comments (9)

Cyber Security Awareness Program for eployees

Hello,I am working on a Cyber Security Awareness program for my company and I was looking for some ...

uvesed @ 2/1/2016 11:38 AM | Comments (8)

Security Operational Center Matrix

Hello guys, I've done a matrix example for SOC activities, i would share it with you and your advic...

Damien643 @ 4/16/2015 9:10 PM | Comments (8)

Why is so difficult train the management about the importance of engage in a Security certification process?

In my experience is not so easy to convince Mangement about the importance to work towards a certif...

Cristina Ledesma @ 5/26/2014 8:50 AM | Comments (8)

Definition of 'security breach'

On the basis that there is no such thing as a 'stupid' question (and assume positive intent), can w...

Phil Green @ 11/18/2015 5:21 AM | Comments (7)

CISM CERT

Does anyone know of a CISM study group for the upcoming exam, or have any suggestions on what and h...

REGGIE554 @ 4/20/2015 3:52 PM | Comments (7)

Information Security Management

Hi All, I'm going to start the first step as a head of information security, my current position in...

Tarek EL-Sherif @ 1/14/2016 5:11 AM | Comments (7)

InfoSec models inter-relationship mappings

I am looking for mapping of SABSA attributes taxonomy to ISO 27001's PDCA, ITIL & COBIT 5 model...

D'LionKing @ 8/22/2014 12:41 PM | Comments (7)

Is gamification a solution for the information security awareness?

Hype or not, gamification becomes a professional solution which expands out of the entertainment an...

Marc Vael @ 1/5/2012 12:09 PM | Comments (6)

If a company wants to donate PC's to a charity, what is the right procedure for deleting all data?

A question started byAbbas Kudrati, Head - Quality & Information Security Standard at eGovernme...

Marc Vael @ 6/15/2010 8:45 AM | Comments (6)

Applying military strategy to IT problems

It is well known that strategic management borrows heavily from military science.. How far do you a...

Simiyu @ 11/21/2013 9:54 PM | Comments (6)

CISO Job Description

I am looking for sample/examples of other healthcare facilities Chief Information Security Officer,...

Lisa850 @ 11/17/2014 12:34 PM | Comments (5)

Disabling Network Accounts

Hello, I am looking for documentation to support a recommendation that a user’s network account sho...

Angela468 @ 1/15/2016 11:04 AM | Comments (5)