Protection of Systems: Working with Specialist Groups
It’s critical to your success to get involved in specialist groups that monitor and inform their members of what’s important and what’s changing in the world of information security. International organizations such as the Information Systems Security Association (ISSA) and the Information Systems Audit and Control Association (ISACA) are worth getting involved in, since they […]
Prection of Systems: Working with Risk Management
Risk management sits at the heart of everything the information security team does. As such, the information security manager should encourage the business to embed information risk management into every process it uses to deliver its products and services. Every member of staff should be encouraged (and educated) to raise threats, vulnerabilities, and risks with […]
Protection of Systems – Secure Development Business Processes
Secure Development The information security manager’s role in systems and software development is key. You will be required to ensure that the output from any development projects running in your organization (or outsourced to a third-party development company) is secure, whether they are creating a new line-of-business application or a new infrastructure capability . “But […]
Protection of Systems – What is Malware
Introducing Malware When we read about hacking in the news, we usually hear that massive corporates or government departments have been breached and some kind of corporate database has been stolen. We truly live in the age of the data breach , were hackers break into an organization’s infrastructure and purloin millions of records of […]
CREATING A SECURITY STRATEGY
The concept of a strategy is often used to describe the way the business will grow or develop over a long period of time with a number of specific targets it wants to achieve: grow by 30%, establish a 55% market dominance, expand into Europe or Australia, and so forth. Strategic targets are often pitched […]
Integration with Risk Management
Risk management is at the heart of everything we do in information security . The information security manager must advocate a risk based approach for every security-related decision taken by the business,including even the simplest decisions, such as whether or not to buy a firewall for the perimeter defense or purchase some antivirus software for […]
It’s Not Just About Technology: The People Side of Digitization
Anything that can be digitized will be digitized! The process of digitization affects almost everything in today’s organizations and puts huge pressure on these to change. Therefore, it is crucial for leaders to understand the implications of digitization on their organization and employees. Digitization not only changes the way of working, it also accelerates the […]
Encourage a Culture of Security Awareness
What’s different about information security in the business as opposed to other aspects of your organization’s operation is that security becomes the responsibility of every single person. From the very top of your business, down to the very bottom, every single person has access to information that could be misused or abused if it got […]
Security in Organizational Structures
We all know that the big boss is usually the chief executive officer (CEO) or the managing director. In businesses of significant size, the CEO typically reports to a board of directors, who are responsible for providing strategic direction to the business and ensuring that the CEO stays on-target and protects their investment. Beneath the […]
Strategic Intelligence: The Core of Executive Decision Making
When people first hear the term strategic intelligence (SI), they think of military or defense intelligence. Even though the roots of SI may have been with the military, the essence of SI applies to all organizations — that is, how organizations can improve their strategic decision-making process. To help reduce this risk, executives can use […]
