[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ISN] Book excerpt: 'The Holistic Operational Readiness Security Evaluation: HORSE Project Series'
[Buy it: http://www.amazon.com/exec/obidos/ASIN/1468063871/infosecnews-20
or via http://www.shopinfosecnews.org/ - WK]
By Michael D. Peters
November 07, 2012
This book includes a comprehensive set of policies based on
international standards of best practice. The global standard that comes
closest to hitting the mark is the International Standards Organization
(ISO) series 27001 and 27002 which replaced the former ISO 17799, all of
which define an outline on information security policies. The policies
contained in this book are organized based on the ISO 27001 and 27002
frameworks. While there are still legal and technical hurdles an
international standard must surmount, this book provides the next best
opportunity that you have implementing your own holistic set of
information technology and security organizational governance policies.
The Security Trifecta
Security does not have to be complicated. I have spent my career within
information security demystifying what for some is a like understanding
a foreign language (or like raising teenagers). The fact of the matter
is that by taking three well defined pragmatic steps, we raise the bar
and achieve success; governance documentation, technological enforcement
and vigilant teamwork working together to promote security.
Governance Documentation: The foundation for what we do is based upon
the written word. We collectively, collaboratively, cooperatively
establish standards that are based upon philosophy, legal requirements,
best practices, and regulatory demands.
Technological Enforcement: When governance documentation has been
established, we set about implementing and enforcing those standards as
much as possible through the usage of technology. Some technology
implementations allow for the end user to exercise greater choice and
control, whereas others strictly enforce our standards taking the human
choice element out of the mixture.
Vigilant Teamwork: The reality is that nothing works very well without
teamwork. Controls and standards break down without careful tending just
like weeds take over our gardens without vigilance. We must regularly
review our security standards validating their relevancy and we will
remain agile to adapt to the changing business landscape putting into
practice carefully considered revisions to our ongoing security program.
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!