what

job title, keywords

where

city, state, zip

 

 

 

Information Security Management—Part 1 of 2

By Dan Swanson

 

---

 

Dan Swanson, a senior security and internal audit professional will provides his list of recommended resources for AuditNet readers. If you have questions about this page or the links, you can reach Dan at www.securitybenchmark.com and dswanson_2008@yahoo.com.

 

For more IT and Information Security resources check out the latest Taylor and Francis publications.

 

---

As it is coming up on the 8th anniversary of 9/11 this month I was thinking it would be an excellent time to take information security to the next level.
 

A few simple questions:

• Have you reviewed your organization’s security practices?
• What are the priority improvements which need to be tackled?
• Does your board, executive management, and business units all understand their responsibilities and accountabilities?

The bottom line – Be prepared is the way to go!
 

Have another great month.
 

Dan Swanson
___________________________________

Information Security Management Resources - Part 1 of 2
__________________________________________________

IT World Canada IT Security Resource Blog

_______________________________________________

It's all about the architecture

 

This week's resource selections focus on “architecture” – the solution for most everything! – and IT process improvement , the solution for everything else!

 

Dan Swanson's Security Resources: #11

 

Auditing information security helps identify key improvement opportunities while studying leading audit guidance provides a better understanding of what the auditors are looking for, helping make audits more productive (a true win/win).

 

Dan Swanson's Security Resources: #12

 

Business is about change, and Peter’s change management repository is one of the very best, and certainly well worth regular visits by busy professionals.

 

Dan Swanson's Security Resources: #4

This week’s question: “How prepared is your organization?” If you have any concerns on the robustness of your disaster recovery, business continuity, and/or your emergency management capabilities, I’d strongly recommend you check out the Canadian Centre for Emergency Preparedness.

Dan Swanson's Security Resources: #17

 

Technology is becoming the solution to every business problem. As such, we need to implement our solutions faster, more securely, and moreover continually deliver “easy to use” (i.e. intuitive) system solutions. Did I mention our enterprise solutions has to also protect the privacy of both our organization’s and our organization’s clients’ information.

 

Dan Swanson's Security Resources: 9

 

There is an endless source of good resources to support your professional development. The intent of this column is to provide a diverse knowledge base to study from each week – (six items at a time). The two significant challenges many of us face is deciding what to study and where to find the time to do so. This week’s top choice is Neal’s timeless article regarding learning from project to project; I recommend taking his suggestions to heart as it will quickly improve your results.

 

Dan Swanson's Security Resources:#8

This week’s resources are focused on the challenging and closely related subjects of business continuity planning (BCP) and disaster recovery programs (DRP). Being able to recover from a disaster is critical to an organization’s long term success, as something is going to happen eventually.

 

 

Dan Swanson's Security Resources: #7

 

Have you implemented a security education and awareness program to help educate management and staff on their security responsibilities? Have you organized a process to communicate good practice information to your workforce, particularly to the key IT specialists that are implementing new IT solutions? Have you reached out lately to your DR and BCP professionals regarding recovery processes and plans? Could your organization recover from a significant disaster? This week’s resources provide guidance regarding all these issues and more!

 

Dan Swanson's Security Resources: #6

Just who is responsible for information security? Are we learning from incidents that have occurred at other organizations? Do we leverage the research that is available from various institutions? Do we take regulations seriously?

 

 

Dan Swanson's Security Resources: #15

Project management helps to pull it all together. If your project management experience or expertise needs strengthening this week’s resources are just what the doctor ordered. Neal’s efforts are world class, and his project management consulting advice is sought after by numerous organizations. Learning from past experiences is always recommended and the “early waning signs of IT project failure” is a classic that should be read before taking on any significant IT initiative.

 

 

Dan Swanson's Security Resources: #16

This week’s resources are a diverse collection of web sites and articles I’ve come across over the past couple of years. Checking out different organization’s views & recommended guidance helps broaden your perspective and sometimes even addresses a burning business problem back at the office.

 

 

Dan Swanson's Security Resources: #3

There are several ongoing, long-term security efforts worth examining. The National Institute of Standards and Technology (NIST) has published hundreds of guidance documents relating to all aspects of information security over the years. Just as importantly, they consistently maintain the currency of their guidance. The Center for Internet Security (CIS) has developed dozens of consensus-based security benchmark checklists that can be used for securing various technologies commonly in place, in most organizations. CIS tools have been a world wide standard in “hardening” various technologies. And the U.S. Department of Homeland Security Build-Security-In (BSI) initiative is truly amazing, its an endless source of advice and guidance and needs to be visited frequently as new items are added regularly.

 

 

Dan Swanson's Security Resources: #5

 

This week I wanted to highlight two significant security initiatives, the CERT resiliency engineering research project and the CERT Governing for Enterprise Security (GES) initiative. I also wanted to point out some landmark security guidance (the CIAO/IIA series) with the initial “call to action” paper being released at the White House on April 17, 2000. As always, I have also included a couple of miscellaneous resources too.

 

Dan Swanson's Security Resources: #20

 

Leadership is fundamental to success. Without leaders the organization, the project and the team will certainly founder. Project management is also a core fundamental, especially to the success of our IT and business initiatives. Without the ongoing management of the complex environment IT and business initiatives operate in, projects will be late, over budget, or fail to meet client expectations — perhaps all three. This week’s resources are focused on increasing your understanding of the importance of leadership, project management, and audit assurance. Each of these activities contribute significantly to the complex system we operate in.

Dan Swanson's Security Resources: #18

 

This week’s resources will help support your quality, strategy, knowledge management, and process improvement effort. Consider sharing this leading practice information with your management and staff.

Dan Swanson's Security Resources: #1

 

Recently someone forwarded me a comprehensive survey of Canadian IT professionals that indicated there was a lack of information security guidance available for IT and security professionals to follow. I strongly disagree with the point of view that more guidance is needed to operate a secure environment and implement secure systems and solutions, although certainly more papers on various challenging subjects would always be beneficial.

Each week over the coming months, I plan to highlight leading security resources and initiatives that will support your efforts to improve security practices within your organization. Each column, I will highlight a half dozen leading security focused resources covering various aspects of information security management.

Finally, people learn in different ways. Some like to read, some like to hear, some like to see, some like to discuss, etc. Whichever method works for you is fine. My approach is to highlight leading resources to people and let them determine what is the best way to digest the knowledge and, more importantly, apply it in the their professional efforts.

Finally, I have found considering how to apply the general guidance to the specific organizational situation is one of the best ways to obtain a deep understanding of the key concepts, methods, and recommendations being presented by the various resources. In other words — implementing change is always the best teacher.

Share this posting with your colleagues. Good luck and have a great week.

---

Please provide your feedback on this article

Name:
Email:
Your message: Please provide your feedback here!

---

The opinions, beliefs and viewpoints expressed by the various authors and forum participants on this web site do not necessarily reflect the opinions, beliefs and viewpoints of AuditNet®