Built-in security

This week`s resource selections focuses on building security intoour solutions and assessing the quality of our effort. Educatingmanagement and staff is an endless task – some resources to assist inthis important activity are also highlighted.

Have another great week.

Dan Swanson


The Systems Security Engineering Capability Maturity Model (SSE-CMM)
The SSE-CMM describes the essential characteristics of anorganization’s security engineering process that must exist to ensuregood security engineering.

Improve IT Security: Educate Staff
Click here for more

Software security is a pay me now, (or) pay me later proposition.
There is ample evidence indicating that it is much more cost effective(by factors of 100:1 or more) to address a security requirements ordesign flaw (that can propagate forward into code and production) asearly in the lifecycle as possible. The same is true for a securitydefect or coding error. You can fix it during code and test or you canincur all of the costs (dollars and productivity losses) associatedwith releasing a patch into a production system. Click here for more

Making Information Systems Work program
New technology has transformed the way we interact with one another and do business.
However, as systems become ever-more complex, the challenges ofeffective implementation are greater than ever. These are challenges tothe whole business, not just IT, and require engagement from all acrossthe organization in the effective management and use of technology.
Click here for more

Auditing IT Initiatives Is a Recommended Quality Practice
Changes to a company’s information technology (IT) environment, bothinformation systems and the underlying platforms, are a source ofsignificant operational risk for every organization. To protect its ITinvestment and reduce operating risk, robust change managementprocesses are critical. Click here for more

Society for Technical Communications (STC)
STC is an individual membership organization dedicated to advancing the arts and sciences of technical communication.

Sentinel – IT Governance monthly newsletter
Sentinel provides free monthly updates and resources across the wholespectrum of IT governance subject matter, including Risk Management,Information Security, Compliance and much more. Click here to see the previous editions of the newsletter. To subscribe visit

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

IT World Canada in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Latest Blogs

Senior Contributor Spotlight