This week`s resource selections focus on implementing a solidinformation security program that includes a comprehensive informationsecurity enterprise architecture.
Dan Swanson
————————————————-
1. Twenty Critical Controls for Effective Cyber Defense: Consensus Audit Guidelines
This consensus document of 20 crucial controls is designed to beginthe process of establishing a prioritized baseline of informationsecurity measures and controls. The consensus effort that has producedthis document has identified 20 specific technical security controlsthat are viewed as effective in blocking currently known high-priorityattacks, as well as those attack types expected in the near future.
2. Avoiding IS Icebergs
This article explores the audit’s assurance role regardinginformation security and outlines approaches and methodologies. As withall Secure Strategies articles, this feature is targeted to thebeginner infosec professional, though more experienced practitionerswill also find it useful as an update on what’s available and in usetoday.
http://journals2.iranscience.net:800/infosecuritymag.techtarget.com/infosecuritymag.techtarget.com/articles/october00/features3.shtml
3. CISO Strategies provides IT thought leaders with practical adviceand strategic insight into the management of information systemssecurity. Cutting-edge editorial explores the increasingly importantrole of IT security in protecting an organization’s intellectualproperty, privacy, IT infrastructure and public reputation.
http://journals2.iranscience.net:800/infosecuritymag.techtarget.com/infosecuritymag.techtarget.com/ciso.shtml
4. The SABSA Method
SABSA is a proven framework and methodology for Enterprise SecurityArchitecture and Service Management used successfully by numerousorganisations around the world. It is used globally to meet a widevariety of Enterprise needs including Risk Management, InformationAssurance, Governance, and Continuity Management.
http://www.sabsa.org/the-sabsa-method.aspx
5. SANS’ Information Security Reading Room
Featuring over 1777 original computer security white papers in 73 different categories.
http://www.sans.org/reading_room/
6. Incident Management
An incident management capability is the ability to providemanagement of computer security events and incidents. It impliesend-to-end management for controlling or directing how security eventsand incidents should be handled. This involves defining a process tofollow with supporting policies and procedures in place, assigningroles and responsibilities, having appropriate equipment,infrastructure, tools, and supporting materials ready, and havingqualified staff identified and trained to perform the work in aconsistent, high-quality, and repeatable way.
https://buildsecurityin.us-cert.gov/daisy/bsi/articles/best-practices/incident/223-BSI.html