This week`s resource selections focuses on building security into
our solutions and assessing the quality of our effort. Educating
management and staff is an endless task - some resources to assist in
this important activity are also highlighted.
Have another great week.
Dan Swanson
———————————————–
The Systems Security Engineering Capability Maturity Model (SSE-CMM)
The SSE-CMM describes the essential characteristics of an
organization’s security engineering process that must exist to ensure
good security engineering.
http://www.sse-cmm.org/index.html
Improve IT Security: Educate Staff
Click here for more
Software security is a pay me now, (or) pay me later proposition.
There is ample evidence indicating that it is much more cost effective
(by factors of 100:1 or more) to address a security requirements or
design flaw (that can propagate forward into code and production) as
early in the lifecycle as possible. The same is true for a security
defect or coding error. You can fix it during code and test or you can
incur all of the costs (dollars and productivity losses) associated
with releasing a patch into a production system. Click here for more
Making Information Systems Work program
New technology has transformed the way we interact with one another and do business.
However, as systems become ever-more complex, the challenges of
effective implementation are greater than ever. These are challenges to
the whole business, not just IT, and require engagement from all across
the organization in the effective management and use of technology.
Click here for more
Auditing IT Initiatives Is a Recommended Quality Practice
Changes to a company’s information technology (IT) environment, both
information systems and the underlying platforms, are a source of
significant operational risk for every organization. To protect its IT
investment and reduce operating risk, robust change management
processes are critical. Click here for more
Society for Technical Communications (STC)
STC is an individual membership organization dedicated to advancing the arts and sciences of technical communication.
http://www.stc.org/
————————————————————————-
Sentinel - IT Governance monthly newsletter
Sentinel provides free monthly updates and resources across the whole
spectrum of IT governance subject matter, including Risk Management,
Information Security, Compliance and much more. Click here to see the previous editions of the newsletter. To subscribe visit http://www.itgovernance.co.uk/newsletter.aspx
