It’s critical to your success to get involved in specialist groups that monitor and inform their members of what’s important and what’s changing in the world of information security. International organizations such as the Information Systems Security Association (ISSA) and the Information Systems Audit and Control Association (ISACA) are worth getting involved in, since they run regular education sessions and webinars relating to modern or emerging security issues affecting today’s businesses.
In the United Kingdom, The British Computer Society (BCS) offers members a specialist group dedicated to information security, called the ISSG. The ISSG send alerts to members detailing new security issues, threats, and new technologies from vendors that are worth knowing about. There are many such bodies around the world, and it’s well worth subscribing your information security team to these sorts of alerts, as well as other sources of such intelligence
The information security team should pass on specialist advice and guidance to anyone in the organization that needs to know about it. For example, if you receive an alert from Microsoft on a new critical security flaw in SQL server, you need to pass that on to the database team to assess prior to working up a mitigation strategy.
Every member of your information security team should aspire to keep up-to-date on industry trends, changes to organizational threats, new control measures, new methodologies for analysis of risk, changing legislative or compliance requirements, and the latest developments in technology. This should be actively encouraged by you, as the information security manager.