One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 409096 |
| Date de publication | 2017-08-23 13:14:19 (vue: 2017-08-23 13:14:19) |
| Titre | NBlog August 23 - Information Security outreach |
| Texte |  Further to yesterday's ISO27k Forum thread and blog piece, I've been contemplating the idea of extending the security awareness program into an "outreach" initiative for Information Security, or at least viewing it in that way. I have in mind a planned, systematic, proactive approach not just to spread the information risk and security gospel, but to forge stronger more productive working relationships throughout the organization, perhaps even beyond. Virtually every interaction between anyone from Information Security and The Business is a relationship-enhancing opportunity, a chance to inform, communicate/exchange information in both directions, assist, guide, and generally build the credibility and information Security's brand. Doing so has the potential to:Drive or enhance the corporate security culture through Information Security becoming increasingly respected, trusted, approachable, consulted, informed and most of all used, rather than being ignored, feared and shunned (the "No Department");Improve understanding on all sides, such as identifying business initiatives, issues, concerns and demands for Information Security involvement, at an early enough stage to be able to specify, plan, resource and deliver the work at a sensible pace rather than at the last possible moment with next to no available resources; also knowing when to back-off, leaving the business to its own devices if there are other more pressing demands, including situations where accepting information risks is necessary or appropriate for various business reasons;Encourage and facilitate collaboration, cooperation and alignment around common goals;Improve the productivity and effectiveness of Information Security by being more customer-oriented - always a concern with ivory-tower expert functions staffed by professionals who think they (OK, we!) know best;Improve the management and treatment of information risks as a whole through better information security, supporting key business objectives such as being able to exploit business opportunities that would otherwise be too risky, while complying with applicable laws and regulations. |
| Envoyé | Oui |
| Condensat | virtually doing however ;improve able about accept accepting advice alignment all also always any anyone applicable approach approachable appropriate aptitude are area around arrangements aside assets assist assurance august available avoid avoiding awareness back becoming been being best;improve better between beyond blog both brand broker build business but can chance collaborating collaboration come common communicate/exchange complying concern concerns consultants consulted contemplating contingency conventional cooperation corporate could credibility culture customer cut deal deliver demands department devices directions directly down downsides early effectively effectiveness efficiently emphasize employing end enhance enhancing enough escalation especially even event every example expert exploit extending facilitate feared first: forced forge form forming forum from functions further general generally get give goals;improve going good gospel guide harming has have having help hermits idea identifying ignored impending implying improve incident including increasingly inform information informed initiative initiatives interacting interaction interactions internal investing involvement iso27k isolated issues its ivory just key know knowing last laws learn least leaving like looks lot maintaining making managed management manner:we matters may maybe measuring mentioned metrics metrics;we might mind mitigation moment more most nasty nblog necessary next not objectives off ones opportunities opportunity organization oriented other otherwise outreach own pace people perhaps persuading piece place plan planned plans pointless possible potential pressing proactive problems productive productivity professionals program put rather reasons;encourage recognize regulations relationship relationships remaining render resource resources; respected respond rest risk risks risky routes security see sense sensible share short should shunned sides situations skills specialist specify spread staffed stage story strength strong stronger such supplier support supporting sure surprises systematic systematically taking than that them there things think thinking those thread through throughout to:drive too totally tower treated treatment trusted try understanding units unproductive untreated upside used valuable value various vendors versa vice viewing warning way well what when where which who whole winner work working worth worthless; would wrong yesterday your |
| Tags | Cloud |
| Stories | APT 37 |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.