Getting the Most From Information Security Investments

Data Breach Today

How to Avoid Addressing Problems 'Too Far Downstream' Greg van der Gaast, head of information security at the University of Salford in the United Kingdom, has strong opinions on why some security investments aren't reaping maximum benefits. "We

2020 Workshop on Economics of Information Security

Schneier on Security

The Workshop on Economics of Information Security will be online this year. Uncategorized conferences economics of securityRegister here.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Top Malware and Other Threats Tracked by Center for Information Security site

IG Guru

The post Top Malware and Other Threats Tracked by Center for Information Security site appeared first on IG GURU. Check out their threat site here.

10 Tips for Maintaining Information Security During Layoffs

Dark Reading

Insider cyber threats are always an issue during layoffs -- but with record numbers of home office workers heading for the unemployment line, it's never been harder to maintain cybersecurity during offboarding

Information Security Learn Path at Enterprise World

OpenText Information Management

Security has become job #1 for every organization and that’s especially true when it comes to Enterprise Information Management (EIM). The Information Security Learn Path at OpenText™ Enterprise World 2019 in Toronto provides practical tools and best practices for using OpenText products and solutions to secure data and information across the enterprise.

Workshop on the Economics of Information Security

Schneier on Security

Last week, I hosted the eighteenth Workshop on the Economics of Information Security at Harvard. Ross Anderson liveblogged the talks. conferences economicsofsecurity securityconferences

The anatomy of effective information security management

IT Governance

With the ever-increasing risks faced by every UK organisation from cyber crime, there is significantly increased pressure on every information security manager to deliver effective security. This manager and their team are expected to plan, implement and monitor suitable measures to protect confidential assets and to mitigate losses in the event of a security breach. Build your knowledge and skills in information security management.

Beyond the China Personal Information Security Specification


Organizations doing business in China should pay attention to recent action by the Cyberspace Administration of China regarding the regulation of cross-border personal information transfers. On June 13, 2019, the Cyberspace Administration of China published draft Measures on Security Assessment of the Cross-Border Transfer of Personal Information. What Is the China Personal Information Security Specification? Security Assessments.

What are the best books on information security?

IT Governance

As the risk of suffering a data breach continues to increase, information security has become a critical issue for all organisations – especially as the GDPR prescribes large administrative fines for organisations that fail to appropriately secure the personal data they process. However, information security best practice can often be challenging to understand and implement. An Introduction to Information Security and ISO 27001:2013 – A Pocket Guide.

Build a successful career in information security management with CISMP

IT Governance

With an average salary of more than £50,000 a year, you can understand why so many people are pursuing a career in information security management. The only requirement is an appropriate qualification, like CISMP (Certificate in Information Security Management Principles). Look at other qualifications that might suit you >> The CISMP qualification is often enough to verify your status as an information security expert.

Nine Duties of an Information Security Professional

IG Guru

by Dr. Shuyler Jan Buitron, DCS, MSIA, CISSP, MCSE Throughout my information technology and information security careers, I have encountered many different philosophies and ways of operating. The information security professional represents the profession wherever heshe goes. I spent some time mulling over the responsibilities of the information security professional or for the profession in […].

Priceless advice for information security managers

IT Governance

As an information security manager, you enter each day not knowing what it may bring, in spite, perhaps, of having a well-formed plan or at least a to-do list. But what all information security managers must appreciate is that there is no such thing as 100% security and you can never be 100% risk free. In Once more unto the Breach Andrea Simmons offers priceless advice for information security managers, including: Delivering a security project.

5 Ways artificial intelligence Is Being Used to Keep Sensitive Information Secure

Security Affairs

Artificial intelligence is an immensely helpful tool for businesses and consumers alike, how to use artificial intelligence to secure sensitive Information. By processing data quickly and predicting analytics, AI can do everything from automating systems to protecting information. In fact, keeping data secure is a significant part of what AI does in the modern world, though some hackers use technology for their own means. .

Physical Fails for Information Security and Privacy

IG Guru

Physical Fails for Information Security and Privacy August 7, 2018 Hosted by Rebecca Herold [Download MP3] [itunes] [Bookmark Episode] Guest Information Andrew Ysasi Episode Description This episode covers a problem as bad today as it was decades ago and in many ways worse. Breaches caused by unauthorized access to physical forms of information: on printed […]. The post Physical Fails for Information Security and Privacy appeared first on IG GURU.

Hundreds Arrested After Cops Dismantle Encrypted Phone Network via Information Security Magazine

IG Guru

The post Hundreds Arrested After Cops Dismantle Encrypted Phone Network via Information Security Magazine appeared first on IG GURU. Breach Business information privacy information security Risk News SecurityCheck out this article here.

5 ways to improve your information security in 2019

IT Governance

Protecting your organisation against cyber crime can sometimes feel like a never ending game of security whack-a-mole. Just as soon as you’ve secured one weakness, it seems as though another vulnerability rears its head. In this post, we outline five essential ways of keeping your organisation secure. 1) Support cyber security staff. Cyber security staff often cite a lack of organisational support as their biggest concern.

How to create an information security policy

IT Governance

ISO 27001 says that you must document an information security policy. What is an information security policy? An information security policy is one of the mandatory documents outlined in Clause 5.2 of ISO 27001 and sets out the requirements of your information security management system (ISMS). Key elements of your information security policy. Help with creating an information security policy template.

Does Information Security Have a Future?

IG Guru

Buitron, DCS, MSIA, CISSP, MCSE Even though the apparent and hopeful answer to the title question is ‘yes, information security does have a future,’ several challenges affect the future of information security, now commonly called InfoSec or cybersecurity. The post Does Information Security Have a Future? IG News Information Governance information security Risk News Security Careers future Riskby Dr. Shuyler J.

Kick-start your career in information security management

IT Governance

If you’re looking to develop a career in information security, the CISMP training course is a great starting point. It provides a broad introduction to information security management upon which more technical qualifications can be built. Special offer: Receive a free copy of Information Security Management Principles – the official textbook for the CISMP qualification (RRP: £24.99) when you book this course.

What are the best books on information security?

IT Governance

And with thousands of books on information security, it can be hard to know where to begin. We’ve handpicked the best titles to better equip people looking to advance their careers in information security. An Introduction to Information Security and ISO 27001:2013 – A Pocket Guide. Written by an acknowledged expert on the ISO 27001 standard, this is the ideal resource for anyone wanting a clear, concise and easy-to-read primer on information security.

How to document your information security policy

IT Governance

With cyber security affecting businesses worldwide, it is important that all organisations have a policy in place to state and record their commitment to protecting the information that they handle. We have collated some information from Alan Calder’s Nine Steps to Success: An ISO 27001 Implementation Overview and IT Governance: An international guide to data security and ISO 27001/ISO 27002 to help you produce your own information security policy.

GDPR compliance and information security: reducing data breach risks

IT Governance

But despite organisations’ focus on this part of the Regulation, many still aren’t sure what effective security looks like or how they should achieve it. Yes, most information security experts will be able to explain what confidentiality, integrity and availability mean, but other terms, like ‘risk’, are surprisingly vague. ISO 27001 is the international standard for creating and maintaining an ISMS (information security management system).


5 ways to improve your information security

IT Governance

Organisations are always looking for ways to improve their security posture, but the process is often frustrating. As soon as they secure one weakness, cyber criminals find another one. Here are five essential ways you can keep your organisation secure. Leaders should support cyber security staff. Cyber security staff often cite a lack of organisational support as their biggest concern.

5 information security policies your organisation must have

IT Governance

How CISMP can help your information security career

IT Governance

A career in information security management is very alluring: it’s rewarding, there’s a high demand for skilled professionals and it comes with a generous salary. All you need to do to get started is gain a Certificate in Information Security Management Principles (CISMP). Those who become certified might wish to branch out into specialist areas, such as ISO 27001 or the Payment Card Industry Data Security Standard (PCI DSS).

Introducing Behavioral Information Security

The Falcon's View

The focus of the boot camp was around "behavior design," which was suggested to me by a friend who's a leading expert in modern, progress security awareness program management. Suddenly, it occurred to me, "Hey, you know what we really need is a new sub-field that combines all aspects of security behavior design, such as security awareness, anti-phishing, social engineering, and even UEBA." I recently had the privilege of attending BJ Fogg's Behavior Design Boot Camp.

Iowa and Nebraska Enact Information Security Laws

Hunton Privacy

Recently, Iowa and Nebraska enacted information security laws applicable to personal information. Iowa’s law applies to operators of online services directed at and used by students in kindergarten through grade 12, whereas Nebraska’s law applies to all commercial entities doing business in Nebraska who own or license Nebraska residents’ personal information. Operators also are prohibited from selling or renting students’ information.

Information security and compliance training for the healthcare sector

IT Governance

Furthermore, the sector depends on its workforce to provide vital care, which is only possible when information is shared and available at the point of delivery. To address the rising threat of data breaches across all sectors, new compliance requirements which aim to harmonise and improve data security practices. and healthcare must address the new DSP (Data Security and Protection) Toolkit. Healthcare Training GDPR Information security

7 top challenges for chief information security officers in 2020

Information Management Resources

Cyber security Data security Cyber attacksAttackers are always growing smarter, more creative and more aggressive, and environments are always growing more complex.

China Issues Updated Draft Amendments to Information Security Technology Specification

Hunton Privacy

On October 22, 2019, the drafting group of China’s National Information Security Standardization Technology Committee (“NISSTC”) released a third set of draft amendments to the Information Security Technology – Personal Information Security Specification (GB/T 35273 – 2017) (the “Updated Draft Specification”). Data controllers shall clearly state how they handle the sensitive personal information collected for account cancellation (e.g.,

Your enterprise information security budget is too small

OpenText Information Management

The largest information security and digital risk conference in the world, RSAC 2018, recently descended on the Moscone Center in San Francisco for a packed week on all things cyber security. It was a lively conference and many of the smartest experts in the industry came together to discuss how they see the landscape around … The post Your enterprise information security budget is too small appeared first on OpenText Blogs.

How OpenText Information Security employees prevent cybersecurity threats

OpenText Information Management

The Equifax breach disclosed in September 2017 validates why Information Security is at the forefront of the mainstream media, once again. This high visibility attack comes alongside an upswing in hackers manipulating the code of … The post How OpenText Information Security employees prevent cybersecurity threats appeared first on OpenText Blogs. OpenText Careers & Culture Information Security vacancies

Do you know the difference between cyber security and information security?

IT Governance

You often see people use the terms ‘ cyber security ’ and ‘ information security ’ interchangeably. That’s because, in their most basic forms, they refer to the same thing: the integrity and confidentiality of information. Information security. Information is at the heart of any organisation, whether it’s business records, personal data or intellectual property. There are two sub-categories of information security. Cyber security.

2019 Predictions: Information security will be given a seat at the table without asking

Thales eSecurity

Many years ago, a board member said to me, “We’ve employed you to do information security, so why do we have to do anything?” My experience in the past has been that information/cyber security professionals have often been relegated to giving advice on the threat landscape and risks, and then futilely lobbying the board for visibility and resources to put appropriate controls in place. Data security

An Action Plan to Fill the Information Security Workforce Gap

Dark Reading

Nothing says #whorunstheworld like an all-female blue team taking down a male-dominated red team in a battle to protect sensitive customer data, and other ideas to entice women into a cyber career

Your First Month as a CISO: Forming an Information Security Program

Dark Reading

It's easy to get overwhelmed in your new position, but these tips and resources will help you get started

Firms lack faith in information security operations centers

Information Management Resources

The top barrier to success is a lack of visibility into IT security infrastructure effectiveness, according to Ponemon survey

The 5 biggest information security concerns facing organisations

IT Governance

When implementing defences to keep data secure, organisations should rightly put a lot of effort into preventing external actors penetrating them, but as the 2018 BCI Horizon Scan Report reminds us, there are many other things to prepare for. No matter who breaches an organisation, it is typically because of a lack of technological defences and poor information security policies (or a failure to enforce them).

Information Security and Compliance Through the Prism of Healthcare and Retail


Organizations must focus strategically on how to manage digital content and understand that: 1) end-users are consuming technology differently; 2) consumer devices are being increasingly used as “on-ramps” to digital workflows; and 3) how you secure the scan and capture process becomes increasingly important. 2 -- Retail provides useful lessons in the importance of decentralized capture and the security challenges it creates.

Improve your information security with risk assessment software

IT Governance

A risk assessment is one of the first tasks an organisation should complete when preparing its cyber security policy and programme. vsRisk is an information security risk assessment software tool created by industry-leading ISO 27001 experts. It’s fully aligned with ISO 27001 , the international standard that describes best practice for an information security management system, and helps you conduct an information security risk assessment quickly and easily.