[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISN] Book excerpt: 'The Holistic Operational Readiness Security Evaluation: HORSE Project Series'



http://www.csoonline.com/article/720982/book-excerpt-the-holistic-operational-readiness-security-evaluation-horse-project-series-

[Buy it: http://www.amazon.com/exec/obidos/ASIN/1468063871/infosecnews-20
or via http://www.shopinfosecnews.org/  - WK]


By Michael D. Peters
CSO
November 07, 2012

This book includes a comprehensive set of policies based on international standards of best practice. The global standard that comes closest to hitting the mark is the International Standards Organization (ISO) series 27001 and 27002 which replaced the former ISO 17799, all of which define an outline on information security policies. The policies contained in this book are organized based on the ISO 27001 and 27002 frameworks. While there are still legal and technical hurdles an international standard must surmount, this book provides the next best opportunity that you have implementing your own holistic set of information technology and security organizational governance policies.


The Security Trifecta

Security does not have to be complicated. I have spent my career within information security demystifying what for some is a like understanding a foreign language (or like raising teenagers). The fact of the matter is that by taking three well defined pragmatic steps, we raise the bar and achieve success; governance documentation, technological enforcement and vigilant teamwork working together to promote security.

Governance Documentation: The foundation for what we do is based upon the written word. We collectively, collaboratively, cooperatively establish standards that are based upon philosophy, legal requirements, best practices, and regulatory demands.

Technological Enforcement: When governance documentation has been established, we set about implementing and enforcing those standards as much as possible through the usage of technology. Some technology implementations allow for the end user to exercise greater choice and control, whereas others strictly enforce our standards taking the human choice element out of the mixture.

Vigilant Teamwork: The reality is that nothing works very well without teamwork. Controls and standards break down without careful tending just like weeds take over our gardens without vigilance. We must regularly review our security standards validating their relevancy and we will remain agile to adapt to the changing business landscape putting into practice carefully considered revisions to our ongoing security program.

[...]


______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org