You are viewing 'information security'
15 steps for a successful implementation
Implementing an ISO 27001, and subsequently ISO 27002 Information Security Management System (ISMS) is no small feat. It is a daunting task, disruptive to your organization and can also upset employees with necessary changes. How can your organization effectively implement a robust and successful security program?
The first step in determining whether your organization is ready for an ISMS is to ask, how will we benefit from this? Security professionals often overlook this step, but it is critical and can really encourage management's support of the program. It is not financially viable to pursue something that will not at some point increase the bottom line. Discuss whether your organization will retain or acquire customers based on the strength of the security program. Your organization may also experience a competitive market advantage or improve its reputation after implementation. Furthermore, not implementing a program could cause your organization to lose revenue,... read more >
Why problem management is important to security
Well, it is now official; I am writing my first blog post. As the Regional Chief Information Security Officer for the Americas here at NTT Security, I felt it important to share with you a perspective that I have gained from my extensive experience with information and physical security, combined with my recent experience with the Information Technology Infrastructure Library (ITIL), and more specifically problem management. ITIL defines problem management as “The process responsible for managing the lifecycle of all problems. Problem management proactively prevents incidents from happening and minimizes the impact of incidents that cannot be prevented” (Steinberg, Rudd, Lacy, and Hanna, 2011). Well, then, what is a problem defined as? ITIL would tell us that a problem is “a cause of one or more incidents. The cause is not usually known at the time a problem record is created, and the problem management process is responsible for further investigation”... read more >
Is your information security program ready to go pro?
It is officially the start of my favorite time of the year: football season. College and NFL seasons are kicking off in September, which means the next 20 or so weekends will be filled with football.
So why am I talking about football? In the blog today, I’ll be comparing a common framework, the National Institute of Standards and Technology (NIST) Cybersecurity Framework, to my favorite sport, football. Using comparisons when talking about security can be a powerful tool in helping to break down complex topics and make a technical problem easy to understand.
For a little background, below is a brief description of the NIST Cybersecurity Framework, from their website:
Created through collaboration between industry and government, the voluntary Framework consists of standards, guidelines, and practices to promote the protection of critical infrastructure. The prioritized, flexible,... read more >
Learning from a Mentor
In information security, there are so many career niches, so many new information security topics and technologies and so many evolving cyberattacks and breaches. To keep up with the rapidly changing information security field, you can never stop learning. One fantastic method to become more educated is to find a mentor.How do you find a good mentor?
A good mentor is someone who has patience and is able to explain complex topics in a multitude of different ways to ensure everyone is able to understand. One of the best places to look for a mentor is at your current place of employment. Many people have senior individuals where they are employed that have been in the field for years and can explain highly complex topics. If there is a senior person where you work, try asking them if you can shadow them when they perform specific tasks that you want to learn more about. You can also ask if they can set aside time on a weekly or monthly... read more >
Becoming a Mentor
Over the last couple of weeks, I have become more involved with training and education as it relates to the information security realm. Finding myself thinking more and more about the need for advancing information security knowledge, I've realized how important becoming a cyber security mentor is to those in need.
Those of us who are more senior and have deep expertise and firm grasp on the concepts and practices relating to information security, have the ability to help others in our field. By becoming a mentor, you can share your security knowledge, help others learn and develop their own skills, create a larger population of skilled people, and ultimately help advance the overall knowledge level in the field.
Mentoring works because it lets one learn from the other person’s successes and – yes – failures. Being a mentor can take a formal route. You can, for example, be an instructor at a college, university, or technical school. You... read more >