Information Security, InfoSec, Risk and Security Awareness

Information Security

InfoSec

Risk

Security Awareness

Assessing Third-Party InfoSec Risk Management

Security Boulevard

JUNE 14, 2023

Information security (InfoSec) risk management with third parties, including outsourcing, requires persistence and consistency due to the primary business risk it presents. Third-party managers need to have insights into a variety of areas of information security, including.

InfoSec

InfoSec Risk Information Security CISO

InfoSec Reviews in Project Management Workflows

Security Boulevard

FEBRUARY 8, 2021

I have attended numerous security conferences over the past several years, and at each one, I repeatedly hear about the importance of information security being incorporated within the planning and requirement analysis phase of the software development life cycle (SDLC). I agree – this is very important.

InfoSec

InfoSec Information Security Software CISO

Join 29,000+

Insiders

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Trending Sources

Security Awareness Training and Human Risk Management Company AwareGO Achieves Year of Outstanding Growth

CyberSecurity Insiders

FEBRUARY 3, 2022

SAN ANTONIO–( BUSINESS WIRE )–Security Awareness Training and Human Risk Management company AwareGO today announced company milestones achieved and overall performance for 2021, including record year-over-year online revenue growth of 219%, enterprise revenue growth of 156%, and total revenue growth of 116%.

Security Awareness

Security Awareness Risk Marketing Cybersecurity

NBlog Aug 8 - musing on ISO/IEC 27014 & infosec governance

Notice Bored

AUGUST 7, 2020

This morning I've been studying the final draft of the forthcoming second edition of ISO/IEC 27014 "Governance of information security" , partly to update ISO27001security.com but mostly out of my fascination with the topic. This will support the delivery of security education, training and awareness programs.

Government

Government InfoSec Information Security Accountability

Domotics - a can-o-worms

Notice Bored

APRIL 12, 2022

This morning, I’ve been browsing and thinking about ISO/IEC 27403 , a draft ISO27k standard on the infosec and privacy aspects of “domotics” i.e. IoT things at home. Dynamics and diversity: people, devices and services plus the associated challenges and risks, are varied and changeable. Security monitoring and management (e.g.

IoT

IoT InfoSec Risk Security Awareness

The discomfort zone

Notice Bored

JULY 4, 2022

I feel more confident about the underlying generic principles of risk, compliance, conformity, obligations, accountabilities, assurance and controls though, and have the breadth of work and life experience to appreciate the next point. The mind map is a brief glimpse of the landscape, as I see it. Documented! Maintained!

Risk

Risk Accountability InfoSec CISO

Meet the 2021 SC Awards judges

SC Magazine

MAY 1, 2021

Cedric Leighton is founder and president of Cedric Leighton Associates, a strategic risk and leadership management consultancy. Since founding Cedric Leighton Associates, he has become an internationally known strategic risk expert. Leighton is also a founding partner of CYFORIX, specializing in the field of cyber risk.

Computers and Electronics

Computers and Electronics Technology Education Information Security

Hi-5 With A CISO Dmitriy Sokolovskiy, Avid Technology

Security Boulevard

MAY 20, 2021

CybeReady’s Hi-5 brings together InfoSec leaders for peer-to-peer sharing via five short questions and insights. Dmitriy Sokolovskiy has been working in the cybersecurity space for over 14 years in dedicated security roles, in addition to 9 more years working in various IT areas.

CISO

CISO Technology InfoSec Information Security

NBlog Aug 19 - IAAC Directors' Guides

Notice Bored

AUGUST 18, 2020

Some time back I bumped into a handy management guide on information risk - a double-sided leaflet from the I nformation A ssurance A dvisory C ouncil. Regulation and Legislation - outlines directors' compliance responsibilities relating to information risk and security, privacy etc.

Risk

Risk Security Awareness Government Information Security

Hi-5 With A CISO Andrea Szeiler, Transcom

Security Boulevard

MAY 4, 2021

CybeReady’s Hi-5 brings together InfoSec leaders for peer-to-peer sharing via five short questions and insights. She held Audit and Security leadership roles in leading European companies. In 2014 she founded WITSEC, a professional group of women working in IT and Information Security […].

CISO

CISO InfoSec Information Security Cybersecurity

NBlog Aug 23 - ISMS comms plan

Notice Bored

AUGUST 23, 2020

Oh no, it's more circumspect: the standard says "the organization shall determine the need for internal and external communications relevant to the information security management system". on security awareness which is already in the plan anyway: maybe we should mention A.7.2.2 in the preamble though.

Information Security

Information Security Security Awareness Security Performance Risk

Introducing Behavioral Information Security

The Falcon's View

AUGUST 29, 2017

The focus of the boot camp was around "behavior design," which was suggested to me by a friend who's a leading expert in modern, progress security awareness program management. I concluded that maybe this sub-field would be called something like "behavioral security" and started doing searches on the topic.

Information Security

Information Security InfoSec Social Engineering Security Awareness

New data could help CISOs quantify the value of a strong security culture

SC Magazine

FEBRUARY 26, 2021

Building a security awareness training program to develop a strong infosec culture requires time and money, and chief information security officers frequently try to make a case for such an investment by citing return on investment and other metrics of success. . Christiaan Colen / CC BY-SA 2.0 ).

CISO

CISO Security Awareness Phishing InfoSec

The Business Value of the Social-Engineer Phishing Service

Security Boulevard

JUNE 18, 2021

The post The Business Value of the Social-Engineer Phishing Service appeared first on Security Boulevard. Phishing attacks continue to plague organizations across the globe with great success, but why? Cybercriminals are targeting the human element of organizations. Additionally, they are developing techniques to use an.

Social Engineering

Social Engineering Engineering Phishing Penetration Testing

What actually drives information security?

Notice Bored

MAY 14, 2022

The 'obvious' driver for information security is information risk: valuable yet vulnerable information must be secured/protected against anything that might compromise its confidentiality, integrity or availability, right? What does management want/expect out of information security?

Information Security

Information Security Risk Healthcare Government

Cyber Security Informer

Assessing Third-Party InfoSec Risk Management

InfoSec Reviews in Project Management Workflows

Trending Sources

Security Awareness Training and Human Risk Management Company AwareGO Achieves Year of Outstanding Growth

NBlog Aug 8 - musing on ISO/IEC 27014 & infosec governance

Domotics - a can-o-worms

The discomfort zone

Meet the 2021 SC Awards judges

Hi-5 With A CISO Dmitriy Sokolovskiy, Avid Technology

NBlog Aug 19 - IAAC Directors' Guides

Hi-5 With A CISO Andrea Szeiler, Transcom

NBlog Aug 23 - ISMS comms plan

Introducing Behavioral Information Security

New data could help CISOs quantify the value of a strong security culture

The Business Value of the Social-Engineer Phishing Service

What actually drives information security?

Stay Connected