This week`s resource selections focuses on building security intoour solutions and assessing the quality of our effort. Educatingmanagement and staff is an endless task – some resources to assist inthis important activity are also highlighted.
Have another great week.
Dan Swanson
———————————————–
The Systems Security Engineering Capability Maturity Model (SSE-CMM)
The SSE-CMM describes the essential characteristics of anorganization’s security engineering process that must exist to ensuregood security engineering.
http://www.sse-cmm.org/index.html
Improve IT Security: Educate Staff
Click here for more
Software security is a pay me now, (or) pay me later proposition.
There is ample evidence indicating that it is much more cost effective(by factors of 100:1 or more) to address a security requirements ordesign flaw (that can propagate forward into code and production) asearly in the lifecycle as possible. The same is true for a securitydefect or coding error. You can fix it during code and test or you canincur all of the costs (dollars and productivity losses) associatedwith releasing a patch into a production system. Click here for more
Making Information Systems Work program
New technology has transformed the way we interact with one another and do business.
However, as systems become ever-more complex, the challenges ofeffective implementation are greater than ever. These are challenges tothe whole business, not just IT, and require engagement from all acrossthe organization in the effective management and use of technology.
Click here for more
Auditing IT Initiatives Is a Recommended Quality Practice
Changes to a company’s information technology (IT) environment, bothinformation systems and the underlying platforms, are a source ofsignificant operational risk for every organization. To protect its ITinvestment and reduce operating risk, robust change managementprocesses are critical. Click here for more
Society for Technical Communications (STC)
STC is an individual membership organization dedicated to advancing the arts and sciences of technical communication.
http://www.stc.org/
————————————————————————-
Sentinel – IT Governance monthly newsletter
Sentinel provides free monthly updates and resources across the wholespectrum of IT governance subject matter, including Risk Management,Information Security, Compliance and much more. Click here to see the previous editions of the newsletter. To subscribe visit http://www.itgovernance.co.uk/newsletter.aspx