Have you implemented a security education and awareness program to help educate management and staff on their security responsibilities? Have you organized a process to communicate good practice information to your workforce, particularly to the key IT specialists that are implementing new IT solutions? Have you reached out lately to your DR and BCP professionals regarding recovery processes and plans? Could your organization recover from a significant disaster? This week’s resources provide guidance regarding all these issues and more. Enjoy. Good luck and have another great week. Dan Swanson Dswanson_2005@yahoo.com 1. Security awareness for governance, risk, compliance and business Information security is a vital element of corporate and IT governance and risk management. It minimizes risks to valuable information assets and maximizes compliance with laws, regulations and standards such as ISO 17799/ISO 27001, HIPAA, SOX, data protection/privacy, software copyright and intellectual property protection, banking industry regulations and many more. Secure organizations may confidently pursue new business opportunities that would be considered too risky by their insecure peers. Simply put, good security is good business. NoticeBored helps build a genuine security culture through security awareness http://www.noticebored.com/index.html 2. Twelve habits of successful IT professionals http://www.educause.edu/ir/library/pdf/erm0613.pdf 3. Schaser-Vartan Books’ new release, Say What You Do, spells out in layman’s terms the often bewildering differences between policies, procedures and standards — topics that have historically been written about in industry jargon. What sets the book apart is its candidly practical approach, focusing on creating policies that really work rather than pushing theories that break down in the real world. “Armed with this book, you should be able to lead a policy development project at your company from the ground up and from the top down without losing your mind,” says co-author and attorney Marcelo Halpern. http://home.businesswire.com/portal/site/google/index.jsp?ndmViewId=news_view&newsId=20070417005246&newsLang=en 4. Second edition of Guide to Business Continuity Management This comprehensive resource guide reviews in detail numerous BCM areas and strategies, including an overview of the regulatory landscape, risk assessment and business impact analysis, program design, business alignment, training, testing, maintenance, and compliance monitoring and auditing. Updates to the second edition of Guide to Business Continuity Management include a special introduction that examines two significant issues in the field of BCM: the continuing difficulties caused by devastating hurricane seasons, and the potential business disruption that an avian flu pandemic could cause. Other additions include industry-specific questions for BCM programs in the manufacturing, retail, healthcare and telecommunications sectors. http://now.eloqua.com/es.asp?s=361&e=FADCF1F859DE4310969DEB6DFB1726D7&elq=54F37758B1AB48F98DD409D0C10064D7 5. The Canadian Centre for Emergency Preparedness (CCEP) CCEP is a not-for-profit organization based in Canada & devoted to the promotion of emergency risk management to individuals, communities and organizations, in both government and the private sector, with the aim of reducing the risk, impact and cost of natural, human-induced and technological disasters. CCEP's objectives are to raise awareness of the increasing risks of disasters, promote the need for sound disaster management practices and disseminate information on the availability of professional expertise and resources, including technology. http://www.ccep.ca/index.html