This week’s resource selections looks at resiliency, security education and awareness, risk management, and “process”.
Each subject is critical in implementing an effective information security program!
How are your efforts going?
Finally, I’d be very interested in hearing what your information priorities are, please drop me a note at [email protected]
Have another great week.
Dan Swanson
Making information security everybody’s business!Continuous security awareness programs are very beneficial – Information security is a vital element of corporate and IT governance and risk management. Secure organizations confidently pursue new business opportunities that would be too risky for their insecure peers. Simply put, good security is good business.
CERT Resiliency Management Model Being ReleasedCERT has begun releasing individual process areas of the CERT Resiliency Management Model, version1.0, a capability model for operational resiliency management.
Improving Corporate Risk Management!Has your organization completed a comprehensive review of its corporate risk management practices lately? Richard Anderson new study regarding leading practices to adopt would be a great place to start.
Extensible Business Reporting Language (XBRL) (2009)Filing financial statements in XBRL format has become a regulatory mandate for many companies across the globe. Management and internal auditors should understand the value it brings throughout the entire compliance and reporting process — from the initial transaction at the business-unit level, to the release of the group financial statements or management report.
Summer issue of MIT Sloan Management ReviewMIT Sloan Management Review aims to be the most trusted source of useful and innovative ideas for business leaders, in print and online.
Technology does not fix processPeople are drawn to IT by a fascination with complex technology. This is most unfortunate because this fascination blinds so many of us to the importance of the People/Process/Product trilogy. Change and Configuration Management are processes. If the process is working, they collect and maintain good configuration data (in a repository that you can call a CMDB if you insist). If the process is broken technology is not going to fix it. Bang your head hard against the desk while repeating five times “technology is not going to fix it”.
