Dan’s Security Resource Educational Column (#027)
Does your organization’s leadership get it? Have you helped them understand the numerous issues involved? Are you regularly patching your technology? Would colleagues consider your organization to be “high performing”?
This podcast examines why lack of management attention to security can cost an organization millions. Leaders need to be security conscious and to treat adequate security as a non-negotiable requirement of being in business. This podcast is intended to motivate leaders to pay attention to enterprise and information security, and the risks of not doing so. It introduces two landmark examples of organizations that did not treat adequate security as a high priority. It places security in a governance context and introduces how security can be viewed as a competitive advantage. It discusses creating a culture of security, demonstrating duty of care, and determining who is ultimately responsible for security. It provides some next steps for taking action. http://www.cert.org/podcast/show/leaders.html
2. The Chicago FIRST initiative
Chicago’s premier financial services institutions formed ChicagoFIRST in July 2003. The organization seeks to enhance the resiliency of the Chicago financial community by:
- addressing homeland security issues requiring a common or coordinated response on the part of financial institutions;
- working with government agencies to better understand how their approaches to various crises, including evacuations, sheltering in place, and credentialing; and
- ensuring that the public sector understands the importance of Chicago’s financial community – regionally, nationally, and globally.
3. The Center for Internet Security (CIS):
The Center for Internet Security is a non-profit enterprise whose mission is to help organizations reduce the risk of business and e-commerce disruptions resulting from inadequate technical security controls. CIS members develop and encourage the widespread use of security configuration benchmarks through a global consensus process involving participants from the public and private sectors. The practical CIS Benchmarks support available high level standards that deal with the “Why, Who, When, and Where” aspects of IT security by detailing “How” to secure an ever widening array of workstations, servers, network devices, and software applications in terms of technology specific controls. http://www.cisecurity.org/
4. Information Technology Standards
Mandatory Government of Ontario Information Technology Standards, Guidelines, Policies and Procedures. http://www.gov.on.ca/MGS/en/IAndIT/STEL02_047303.html
5. Government Security magazine focuses on how technology is used in defense of the Homeland. We focus on the equipment and systems used in security (physical and logical) and emergency response — especially on integrating the technology into “security solutions.” Our readers are security professionals in local, state and federal government, and those tasked with protecting the nation’s critical infrastructure. Many of our articles cover examples of successful implementations of technology in the real world.http://govtsecurity.com/
6. Draft NIST Publications (FIPS, Special Publications)
This page consists of draft NIST Publications (FIPS, Special Publications) that are either open for public review and to offer comments, or the document is waiting to be approved as a final document by the Secretary of Commerce. http://csrc.nist.gov/publications/PubsDrafts.html