Uncategorized Retooling your IT security plans Rafael Ruffolo @itworldca Published: May 28th, 2009This week`s resource selections focus on implementing a solidinformation security program that includes a comprehensive informationsecurity enterprise architecture.Dan Swanson————————————————-1. Twenty Critical Controls for Effective Cyber Defense: Consensus Audit GuidelinesThis consensus document of 20 crucial controls is designed to beginthe process of establishing a prioritized baseline of informationsecurity measures and controls. The consensus effort that has producedthis document has identified 20 specific technical security controlsthat are viewed as effective in blocking currently known high-priorityattacks, as well as those attack types expected in the near future.http://www.sans.org/cag/2. Avoiding IS IcebergsThis article explores the audit’s assurance role regardinginformation security and outlines approaches and methodologies. As withall Secure Strategies articles, this feature is targeted to thebeginner infosec professional, though more experienced practitionerswill also find it useful as an update on what’s available and in usetoday.http://journals2.iranscience.net:800/infosecuritymag.techtarget.com/infosecuritymag.techtarget.com/articles/october00/features3.shtml3. CISO Strategies provides IT thought leaders with practical adviceand strategic insight into the management of information systemssecurity. Cutting-edge editorial explores the increasingly importantrole of IT security in protecting an organization’s intellectualproperty, privacy, IT infrastructure and public reputation.http://journals2.iranscience.net:800/infosecuritymag.techtarget.com/infosecuritymag.techtarget.com/ciso.shtml4. The SABSA MethodSABSA is a proven framework and methodology for Enterprise SecurityArchitecture and Service Management used successfully by numerousorganisations around the world. It is used globally to meet a widevariety of Enterprise needs including Risk Management, InformationAssurance, Governance, and Continuity Management.http://www.sabsa.org/the-sabsa-method.aspx5. SANS’ Information Security Reading RoomFeaturing over 1777 original computer security white papers in 73 different categories.http://www.sans.org/reading_room/6. Incident ManagementAn incident management capability is the ability to providemanagement of computer security events and incidents. It impliesend-to-end management for controlling or directing how security eventsand incidents should be handled. This involves defining a process tofollow with supporting policies and procedures in place, assigningroles and responsibilities, having appropriate equipment,infrastructure, tools, and supporting materials ready, and havingqualified staff identified and trained to perform the work in aconsistent, high-quality, and repeatable way.https://buildsecurityin.us-cert.gov/daisy/bsi/articles/best-practices/incident/223-BSI.htmlWould you recommend this article?00 Thanks for taking the time to let us know what you think of this article! We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →Jim Love, Chief Content Officer, IT World Canada Related Download Sponsor: Carbon60 Moving to the Cloud: Beyond the Myths Get on the road to cloud success by moving past the myths around it. Register Now Uncategorized