"If you spend more on coffee than on IT security, then you will be hacked. What's more, you deserve to be hacked." - Richard Clarke - Former Special
Advisor to the President on Cybersecurity.
"It is becoming clear that in the information economy failing to maintain an informed view of the level of cyber-threat will soon become an unsustainable risk for board level decision makers." - Senator Richard Alston - Australian Minister for Communication, Information Technology and the Arts.
__________________________________________________________
1. New book demystifies ISO 27001 compliance for US executives
International IT Governance: An Executive Guide to ISO 17799/ISO 27001 is
written by leading IT security experts Alan Calder and Steve Watkins. ...
http://www.net-security.org/secworld.php?id=4149
With US businesses and organisations coming under intense regulatory pressure to secure their data and IT systems, a timely new management book explains in clear language how to create world class information security management systems that address US regulatory requirements and are compliant with the new global ‘gold standard’ of information security, ISO 27001.
‘International IT Governance: An Executive Guide to ISO 17799/ISO 27001’ is written by leading IT security experts Alan Calder and Steve Watkins.
2. Alan's blog - http://alancalder.blogspot.com/
3. Dave's home page - http://staff.washington.edu/dittrich/
4. IT Needs to Make Its Case for Security.
At a recent Security Standard conference, IT security officials said that they must make a strong business case to gain funding for important projects at their firms.
http://cwflyris.computerworld.com/t/840558/21700435/33023/2/
5. Finally, various other resources are provided below.
note - My CIO Canada web browser columns (23 of them) have
been recently added to the list of resources (below).
Enjoy.
Dan
__________________________________________________________
www.securitybenchmark.com
http://finance.groups.yahoo.com/group/Dans_SECemails/
http://finance.groups.yahoo.com/group/Dans_CCCemails/
www.complianceweek.com/index.cfm?fuseactionfiltered=article.SavedSearchResults&;search_ID=95
NEW - Auditor Answers: Maintaining Compliance in Home Offices.
Out of sight can’t mean out of mind, when it comes to upholding policies and procedures
in the home offices of your workers. What should companies do to maintain compliance standards across a distributed workforce?
http://www.itcinsti tute.com/ display.aspx? ID=2253
NEW - Auditor Answers: What Should Your Business Continuity Efforts Focus On?
http://www.itcinstitute.com/display.aspx?ID=2090
Auditor Answers: Software for Expediting Regulatory Audits
http://www.itcinsti tute.com/ display.aspx? id=1953
Measurement & Metrics Guide (MMG) - The Measurement and Metrics Guide (MMG) is designed primarily for chief compliance and chief ethics officers and will also help the directors, executives and other senior managers who charged with governance responsibilities. The MMG will help an organization understand the issues and processes involved to evaluate and report on the PERFORMANCE of a compliance and ethics program. www.oceg.org
Auditing a compliance and ethics program. http://www.oceg.org/downloads/AuditingEthicsAndCompliancePrograms.pdf
Twenty Questions for Directors to Ask Internal Auditors - The IIA has a briefing
paper to help audit committees develop a better understanding of expectations.
www.complianceweek.com/index.cfm?fuseactionfiltered=article.viewArticle&article_ID=2530
OCEG Practice Aid: Internal Audit Guide (IAG) - The OCEG Internal Audit Guide (IAG) will help directors, executives and other senior managers charged with governance responsibilities to better understand the issues and processes involved in an internal audit of a compliance and ethics program. The IAG is is designed primarily for the internal auditor, but it is also useful for compliance and ethics officers, compliance directors and board members. By applying the processes and practices contained in the IAG, an organization will enusre that they have an effective compliance and ethics program in place. www.oceg.org
The Vital Need For Quality Internal Auditing
www.complianceweek.com/index.cfm?fuseactionfiltered=article.viewArticle&article_ID=2447
Achieving Operational Excellence (Tripwire Guide)
http://www.tripwire.com/files/guide/prescriptive_guide.pdf
Ask the Auditor: Who is Responsible for Information Security?
(Some thoughts and great resources)
www.itcinstitute.com/display.aspx?ID=1823
Auditing Information Security
infosecuritymag.techtarget.com/articles/october00/features3.shtml
Auditing System Conversions
www.theiia.org/ITAudit/index.cfm?act=itaudit.archive&fid=5495
Ask the Auditor: Business Risk vs. Audit Risk
http://www.itcinstitute.com/display.aspx?id=1673
__________________________________________________________
My CIO Canada monthly column - (23 columns over a 30 months - from the late 90s).
Go the following link and type in Dan Swanson as author and register (if asked)
www.itworldcanada.com/Pages/Docbase/AdvancedSearch.aspx?lid=AdvancedSearch
__________________________________________________________
Three of the individual CIO Columns are provided below
_____________________________________________
Time for Information Security Management to Go to War
http://www.itworldcanada.com/a/search/50fada7b-f1e
iro.umontreal.ca>
writes:
>> (incidentally: why doesn't it work to use
>> PCL-CVS to do a multi-file diff? It ignores the
marked files, just
>> working on the current line).
>
> C-h v cvs-diff-ignore-marks RET
Which is obsolete and talks about an inversion of meaning.
However,
even if I precede the command with ! (which is supposed to
override
the non-markiness) will the marks get ignored.
--
David Kastrup, Kriemhildstr. 15, 44793 Bochum
_______________________________________________
Emacs-devel mailing list
Emacs-devel