Retooling your IT security plans

This week`s resource selections focus on implementing a solidinformation security program that includes a comprehensive informationsecurity enterprise architecture.

Dan Swanson


1. Twenty Critical Controls for Effective Cyber Defense: Consensus Audit Guidelines

This consensus document of 20 crucial controls is designed to beginthe process of establishing a prioritized baseline of informationsecurity measures and controls. The consensus effort that has producedthis document has identified 20 specific technical security controlsthat are viewed as effective in blocking currently known high-priorityattacks, as well as those attack types expected in the near future.

2. Avoiding IS Icebergs

This article explores the audit’s assurance role regardinginformation security and outlines approaches and methodologies. As withall Secure Strategies articles, this feature is targeted to thebeginner infosec professional, though more experienced practitionerswill also find it useful as an update on what’s available and in usetoday.

3. CISO Strategies provides IT thought leaders with practical adviceand strategic insight into the management of information systemssecurity. Cutting-edge editorial explores the increasingly importantrole of IT security in protecting an organization’s intellectualproperty, privacy, IT infrastructure and public reputation.

4. The SABSA Method

SABSA is a proven framework and methodology for Enterprise SecurityArchitecture and Service Management used successfully by numerousorganisations around the world. It is used globally to meet a widevariety of Enterprise needs including Risk Management, InformationAssurance, Governance, and Continuity Management.

5. SANS’ Information Security Reading Room

Featuring over 1777 original computer security white papers in 73 different categories.

6. Incident Management

An incident management capability is the ability to providemanagement of computer security events and incidents. It impliesend-to-end management for controlling or directing how security eventsand incidents should be handled. This involves defining a process tofollow with supporting policies and procedures in place, assigningroles and responsibilities, having appropriate equipment,infrastructure, tools, and supporting materials ready, and havingqualified staff identified and trained to perform the work in aconsistent, high-quality, and repeatable way.

Related Download
CanadianCIO Census 2016 Mapping Out the Innovation Agenda Sponsor: Cogeco Peer 1
CanadianCIO Census 2016 Mapping Out the Innovation Agenda
The CanadianCIO 2016 census will help you answer those questions and more. Based on detailed survey results from more than 100 senior technology leaders, the new report offers insights on issues ranging from stature and spend to challenges and the opportunities ahead.
Register Now