Tag Archives: Security Management

Security is a growing field, and with its growth come many different career options. As you gain experience in different security areas, you may choose to further specialize or move into management in that area. Some security roles include analyst, network security engineer, auditor, computer forensics and penetration testing. Analyst Security analysts interpret security information from within the organization and from outside entities and make recommendations to management. They review security logs and data collectors for organizational systems and alert colleagues to potential threats. Some analysts work in a Network…

Continue reading

Gerald Wilde had a theory called risk homeostasis.  This theory hypothesizes that people have a level of acceptable risk.  When they perceive that there is less risk, they will take more risky actions to bring them to an acceptable level and when they perceive more risk, they will be more cautious.  Information security is very concerned with managing risk and reducing it to an organizationally acceptable level.  However, an organization is made up of many people and they may have a different level of acceptable risk than the organization does. …

Continue reading

ISO 27000 is a set of security standards that organizations can implement to provide an industry-recognized minimum level of security.  ISO 27000 came out of the BS (British Standard) 7799, originally published in 1995 in three parts.  The first part of BS 7799, dealing with the best practices of information security, was incorporated in ISO 17799 and made part of the ISO 27000 series in 2000.  Part two, titled “Information Security Management Systems - Specification with Guidance for Use” became ISO 27001 and dealt with the implementation of an information…

Continue reading

As you laugh at my title, anticipating several paragraphs of satire, think about what I’ve just said because I’m serious…to a degree.  These traits, mostly viewed in a negative light, can also be harnessed to deliver better security solutions.  Just remember that little trick of moderation.  Observe. The Paranoid: The first of these unlikely traits is paranoia.   Security professionals are called to be somewhat distrustful of people and wary of their actions.   The security professional’s circle of trust is limited because he or she must be watchful for suspicious or…

Continue reading

Many organizations use Cisco devices to interconnect, protect, filter, and manage networks so it is important to understand ways to improve the security of these devices as part of your information security program. Within this article three basic access controls, you can implement on any Cisco device will be discussed. These access controls are intended for those who are new to Cisco, so if you are a Cisco veteran, please peruse some of our more advanced articles on Cisco and information security. The three basic access controls you can implement are as…

Continue reading

Data Loss Prevention (DLP) is one of those terms that is often mentioned but less often defined. The term can be as ambiguous as its scope which can be both large and small. So what is DLP and why does it matter? Data Loss Prevention (DLP) is an effort to reduce the risk of sensitive data being exposed to unauthorized persons. Data is extremely valuable to organizations. Just think of trade secrets, financial information, research data, health information, personal information, source code or credit card numbers and you begin to understand…

Continue reading