Access "Information security maturity model"
This article is part of the July/August 2010 issue of Debunking myths about the advanced persistent threat (APT)
How well do your colleagues in other departments understand what security does? If executives had to grade how well you're doing as a function supporting the business, would they know what questions to ask? Last year, Forrester Research found that roughly half of all CISO or equivalent roles reported directly to C-level executives, yet we still see a significant number of these individuals struggling to articulate how security supports the broad organization. Operational metrics and compliance reports reflect performance to some extent, although the scope of these measures is limited, and they rarely address the interests of the business. To meet these challenges, security professionals should use a framework to evaluate the process maturity of all functions for which the security organization is responsible. Measuring process maturity takes the conversation out of the technology world and presents an assessment of how well you approach your different responsibilities. For example, using COBIT maturity levels, you can assess whether your incident response ... Access >>>
Premium Content for Free.
Security response teams grapple with cloud computing security concerns
No clear answers at conference but experts urge organizations to proceed with caution.
Understanding the advanced persistent threat
Think you know all you need to know about the advanced persistent threat? We'll define APT and dispel a few myths.
- Security response teams grapple with cloud computing security concerns
Building an information security skills matrix
Your information security skills matrix – that connection between your tangible skills and personal qualities – is what separates you from your peers.
The pros and cons of security software-as-a-service
Security software-as-a-service can help organizations reduce security headaches but also can present challenges.
- Building an information security skills matrix
Information security maturity model
by Chris McClean, Contributor
Use an information security maturity model to illustrate how security supports the organization.
Three hazards to avoid in planning a career in information security
Building a career plan just might lead security professionals headfirst into some dubious challenges.
Insecure software: A never-ending saga
Insecure software has been a long-standing issue in the industry. Progress on secure software development is critical.
- Information security maturity model by Chris McClean, Contributor
More Premium Content Accessible For Free
The rapid evolution of MDM solutions
Mobile device management (MDM) continues to grow at a feverish pace, both in terms of adoption and mobile security features. BYOD policies, and the ...
Enterprise network security visibility: Beyond traditional defenses
Organizations have implemented various network security technologies to gain better visibility into their networks. However, these security ...
Compliance and risk modeling
You can fight compliance or embrace it, but one way or the other, you can’t escape it. Increasingly, smart organizations are not just accepting ...