Planning

Business Continuity Management Program BCM (part 2)

Published on 18 September, 2013 - 16:45 by annieboulanger Planning
As a follow up to the Business Continuity Management program article, here is a more detailed description of the development and implementation phase objectives and content of the Business Continuity Plan (BCP) for major incidents. This plan is in fact a set of plans which is comprised of the following main components:Emergency action plan and damage assessmentThis is a response plan to deal with activity-disrupting incidents. It aims, in the following order, to ensure the health and safety of...

Cloud Computing

Published on 17 May, 2013 - 10:07 by annieboulanger Clooud computing, Planning
By Patrick Paradis, Information Security AdvisorCloud computing offers undeniable benefits to businesses, such as cost optimization, improved service levels and the use of on-demand services. However, cloud computing also entails significant security issues, such as the confidentiality of information.According to the National Institute of Standards and Technology (NIST), cloud computing is defined as “a model for enabling convenient, on-demand network access to a shared pool of configurable...

Secure Behavior in the Office

Published on 29 April, 2013 - 08:52 by annieboulanger clean desk policy, information security, office security, Planning, secure behavior, Planning
By Philip Veilleux, Information Security AdvisorNowadays, information security is a very common term used in the business world. Previously, security was simply a matter of installing a firewall to protect a corporate network by adding barriers to prevent intruders from access it.In the last few years, information has become electronic, or should I say virtual, in its primary form. What used to be on hard copy or paper form is now stored, processed and transferred electronically, which makes...

Management of technical vulnerabilities

Published on 10 April, 2013 - 11:47 by annieboulanger information security, management, Security Awareness, technical vulnerability management, Planning
By Patrick Paradis, Information Security AdvisorTechnical vulnerabilities are weaknesses in operating systems or software. Exploiting a vulnerability can allow an attacker (e.g. a hacker) or malicious code to increase their access privileges in order to perform malevolent acts.It is therefore important to install security patches (software updates) as soon as possible to eliminate existing vulnerabilities.For individuals, it is recommended to enable security patches to be installed...

Efficient follow-ups to ramp-up your awareness campaign

Published on 10 June, 2011 - 15:23 by annieboulanger Marketing and Communications, Planning
Problem: One of the recurrent questions asked is: How to ramp-up an information security campaign?  Sometimes, getting the participation of people just feels like a walk in the desert… Where is everybody!? The question is complex as there are manyProblem: One of the recurrent questions asked is: How to ramp-up an information security campaign?  Sometimes, getting the participation of people just feels like a walk in the desert… Where is everybody!? The question is complex as there are many...

End users can't be TRAINED

Published on 31 January, 2011 - 00:35 by Terranova Courses, PCI DSS, Section 12.6, Planning
I believe all security awareness trainers understand that most end users can’t really be “trained” in how to protect their systems and their corporate networks. However, if all systems are security protected and configured, security awareness training can assist in helping end users understand the security risks and know what mistakes to avoid making. PCI DSS is primarily focused on technological solutions and most organizations have implemented anti-virus, firewalls, IPS, monitoring and...

Building the business case #6

Published on 20 December, 2010 - 10:56 by Terranova business case, costs vs benefits, measurement, Planning
Arguably, the most important part of your business case is being able to clearly communicate the costs and benefits of a program. Below is a suggestion for this final part of your business case. Cost Benefit Analysis Costs: To fulfill the required mandate for a security awareness training program, we will need to allocate resources and purchase materials for this purpose. To ensure the program’s success on a long-term basis, we are requesting that a Security Awareness Training Manager be...

Building the business case #5

Published on 15 November, 2010 - 23:26 by Terranova business case, measurement, metrics, program delivery, program plan, Planning
This blog entry provides you with a possibility for Section 5 of your business case in which you should discuss how the program will be managed and measured. Security Awareness Program Management An information security awareness steering committee will govern the program and will be ultimately responsible for ensuring the program’s success.  Yearly, the business case will be reviewed and updates made by the committee. The committee will be responsible for appointing the manager of the...

Building the business case #4

Published on 2 November, 2010 - 22:37 by Terranova business case, communication plan, online training, reinforcement tools, Planning
Further building of the business case should include a review of how you will deliver the awareness program.  This blog could be included as Section 4 of your business case. Delivery Methods The method of delivery will be dependant upon the overall goals and expectations of the program. Delivering content monthly would be ideal. However, more realistically, content will be delivered on a quarterly basis. An approach that combines communication of the upcoming training topic (via posters,...

Building the business case #3

Published on 13 October, 2010 - 22:36 by Terranova awareness content, business case, communication, Planning
As a follow up, to the last post, we are now working on Section 3 of the business case.  In this section we review and detail the awareness program content.  Here is the suggested sample content for this section: Awareness Program Content A robust content list fed to the end user on a monthly or quarterly basis will avoid information overload and will allow flexibility in the program so immediate response to current information security risks can be dealt with. A monthly or quarterly...