This presentation describes the steps in performing an information security assessment – what are the critical security goals and objectives? what are the documentation requirements? how to incorporate regulatory requirements? how to gather data to support a security assessment? how to perform a gap analysis? how to create a security road map? – and discusses the lessons learnt.
This presentation guides you through a security audit from a different perspective – that of a hacker who focuses on "value" among other things.
This presentation discusses the impact of human behavior on security, how human involvement can increase the effectiveness of security solutions and how a culture of security can benefit an organization.
This paper presents a process-oriented approach to manage organizational change needed to improve information security compliance. The approach uses Business Aligned Information Security  anagement (BAISeM) and principles that have been derived from standards like ITIL, CObIT and ISO 27001. In order to illustrate the approach, the context of IT service continuity is selected as an example.
This quick introduction to information security governance also covers tips on implementing it successfully.
"This publication is designed for Certified Information Security Managers (CISMs), Chief Information Security Officers (CISOs) and information security managers to use as action steps in addressing the questions posed by the 2001 ITGI publication Information Security Governance: Guidance for Boards of Directors and Executive Management. "
This presentation discusses a framework for information security and business alignment – the extent to which the ISEC function is integrated into the rest of the business organization
This paper provides an overview of information security governance for the board of directors so "the board can provide a level of needed oversight to this vital business function that is adequate and necessary, and in doing so, exercise its essential duty of care."<br />
<br />
<span style="background-color: rgb(255, 255, 153); ">Dated Material</span>
This paper proposes a preliminary framework for information security governance that builds on the lessons of Federal Information Security Management Act (FISMA) and ISO 17799.
This presentation discusses the key findings from PricewaterhouseCoopers 2011 Global State of Information Security Survey – "In the aftermath of the worst global economic jolt in 30 years, information security confronts a new economic order: Respected – but still restrained"
