An in-depth discussion on cybersecurity as an executive issue and creating a strategy that aligns with business strategy.
This presentation provides a basic overview of threats facing organizations and how to deal with them. A very good introduction to basic concepts in information security.
This paper proposes a framework that is based upon the integration of COBIT and the Balanced Scorecard frameworks. This new framework plugs key gaps in each framework, aligns business with IT, and improves audit capabilities. Excellent Read! (100 pages)
This IT Governance guide provides a template to understand and strengthen controls over information technology. It focuses on IT Security and related areas.
This presentation introduces information technology governance and information security governance and key concepts related to them – what is IT governance? what is IT security governance? what is the IT security Governance framework? what are some leading practices in implementing IT security governance?
This document provides guidance on applying the IT Security Assessment Framework – establishes five levels of standardized security status and criteria – by identifying 17 control areas, such as those pertaining to identification and authentication and contingency planning. In addition, the guide provides control objectives and techniques that can be measured for each area. (100 Pages)
This document provides guidance on integrating IT security and IT Investment Management processes. Applying funding towards high-priority security investments supports the objective of maintaining appropriate security controls, both at the enterprise-wide and system level, commensurate with levels of risk and data sensitivity. This paper introduces common criteria against which managers can prioritize security activities to ensure that corrective actions are incorporated into the capital planning process to deliver maximum security in a cost-effective manner. (70 Pages)
This document provides guidance on how an organization, through the use of metrics, identifies the adequacy of in-place security controls, policies, and procedures. It provides an approach to help management decide where to invest in additional security protection resources or identify and evaluate nonproductive controls. It explains the metric development and implementation process and how it can also be used to adequately justify security control investments. The results of an effective metric program can provide useful data for directing the allocation of information security resources and should simplify the preparation of performance-related reports. (100 pages)
This presentation introduces the Common Criteria Evaluation and Certification Scheme, or CCS – an independent evaluation and certification service for measuring the security assurance and functionality claims of Information and Communications Technology (ICT) products and systems. What is it? Why is it important to you?
This presentation provides an overview of cyber forensics – what is forensics? what is cyber forensics? who uses cyber forensics? what are the skills needed for cyber forensics?