Policy Framework

All Rights Reserved, Royalty-free license through Fotolia.com

 

A businesses need a policy framework to state its values, expectations and requirements in a meaningful way.

The policy framework depends on an organization’s structure to enforce ownership of these statements appropriately.  Policy frameworks aid in understanding the enterprise by setting the ownership of policies, their associated and supporting documents and by creating a structure where these statements can be found.

Cigital’s Agile Security Manifesto

All Rights Reserved, Royalty-free license purchased through Fotolia.com

I tend to operate in accordance with the four principles of Cigital‘s recent Agile Security Manifesto.

NOTE: I cannot state whether I’ve employed Cigital professionally but I have had interaction with them in my career.

These principles align with security governance, education and scaling throughout an organization versus roles in security domains taking on the burden of providing security through older methods of policing.

Another Certification – CISSP

I passed my CISSP certification exam this week and submitted my supporting documentation to my endorser and the (isc)2 to complete the process.

CISSP-logo-stacked

 

Many people study diligently to pass it and this exam very effectively tested my comprehension of all domains of the Common Body of Knowledge (CBK) and the resultant implications of information security.

SANS – Confusion in the Top How Many?

Enterprise Security or Secure Solution program?

While discussing the SANS Top 20 Critical Controls a couple of weeks ago I ran into some confusion with an infosec partner about the number of controls we were talking about.  He referred to the Top 25 but I know from my training and certification that there are 20 controls.

Professional Organizations – How to Connect & What They Offer

 

This podcast is for both seasoned information security professionals and those who desiring a career in infosec, risk management or privacy. To that end there are agencies that can be beneficial for those at the beginning of their careers or those who are interested in more peer and community engagement.