[ISN] Book excerpt: 'The Holistic Operational Readiness Security Evaluation: HORSE Project Series'

From: InfoSec News <alerts_at_private>
Date: Thu, 8 Nov 2012 03:09:18 -0600 (CST)
http://www.csoonline.com/article/720982/book-excerpt-the-holistic-operational-readiness-security-evaluation-horse-project-series-

[Buy it: http://www.amazon.com/exec/obidos/ASIN/1468063871/infosecnews-20
or via http://www.shopinfosecnews.org/  - WK]


By Michael D. Peters
CSO
November 07, 2012

This book includes a comprehensive set of policies based on 
international standards of best practice. The global standard that comes 
closest to hitting the mark is the International Standards Organization 
(ISO) series 27001 and 27002 which replaced the former ISO 17799, all of 
which define an outline on information security policies. The policies 
contained in this book are organized based on the ISO 27001 and 27002 
frameworks. While there are still legal and technical hurdles an 
international standard must surmount, this book provides the next best 
opportunity that you have implementing your own holistic set of 
information technology and security organizational governance policies.


The Security Trifecta

Security does not have to be complicated. I have spent my career within 
information security demystifying what for some is a like understanding 
a foreign language (or like raising teenagers). The fact of the matter 
is that by taking three well defined pragmatic steps, we raise the bar 
and achieve success; governance documentation, technological enforcement 
and vigilant teamwork working together to promote security.

Governance Documentation: The foundation for what we do is based upon 
the written word. We collectively, collaboratively, cooperatively 
establish standards that are based upon philosophy, legal requirements, 
best practices, and regulatory demands.

Technological Enforcement: When governance documentation has been 
established, we set about implementing and enforcing those standards as 
much as possible through the usage of technology. Some technology 
implementations allow for the end user to exercise greater choice and 
control, whereas others strictly enforce our standards taking the human 
choice element out of the mixture.

Vigilant Teamwork: The reality is that nothing works very well without 
teamwork. Controls and standards break down without careful tending just 
like weeds take over our gardens without vigilance. We must regularly 
review our security standards validating their relevancy and we will 
remain agile to adapt to the changing business landscape putting into 
practice carefully considered revisions to our ongoing security program.

[...]


______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org 
Received on Thu Nov 08 2012 - 01:09:18 PST

This archive was generated by hypermail 2.2.0 : Thu Nov 08 2012 - 01:21:22 PST