Leadership Solutions

glasses2_copy.jpg

Knowledge Corner - Information Protection

The Knowledge Corner offers many resources to help you manage risk. Explore the topics offered in the navigation bar or if you can't find what you're looking for, use Find it For Me!™

The icons shown adjacent to the titles of these resources provide information about sources.
  • blue icon = Tools, solutions, research and publications created by Security Executive Council
  • cyan icon = Materials created by Security Executive Council strategic alliance partners
  • green icon = Other material reviewed and deemed relevant to security and risk management executives by the Security Executive Council




Tools

   

Information Protection Program: RACI Matrix  This is Security Executive Council material  

Created By: Security Executive Council
For each regulation/guideline relevant to your organization, assign the roles and responsibilities.
Resource is for Tier One Leaders only
Resource is for Tier One Leaders only
   

Information Protection Program: Risk Assessment and Compliance Checklist  This is Security Executive Council material  

Created By: Security Executive Council
This tool and audit benchmark is designed to assess information security management practices using a framework of 102 security objectives. It is a compilation of common practices from standards (ISO 17799) and audit documentation from exemplary companies.
Resource is for Tier One Leaders only
Resource is for Tier One Leaders only
   

Information Protection Program: Security Awareness & Training Menu and Facility Management Self-Assessment  This is Security Executive Council material  

Created By: Security Executive Council
A matrix that provides awareness and training options and an example of a self-assessment for managers.
Resource is for Tier One Leaders only
Resource is for Tier One Leaders only

Research & Benchmarks

   Not Following Established Policy Tops List of Most Significant Threats to Information Protection This is Security Executive Council material  
Created By: Security Executive Council
An advance release of a summary of research conducted by Kennesaw State University CISE in partnership with the SEC reports that the most significant threat from internal sources was the inability/unwillingness to follow established policy. This was followed by disclosure due to insufficient training.
 
   Security Barometer - Centralized Risk Repository This is Security Executive Council material  
Created By: Security Executive Council
A centralized repository of risks provides a robust foundation for an effective risk management program. This latest Security Executive Council quick poll covering centralized risk repositories shares some enlightening results.
 
   

Security Executive Council Trend Report: Benefits and Risks of Web 2.0 in the Enterprise This is Security Executive Council material  

Created By: Security Executive Council
Enterprises are adopting Web 2.0 applications in increasing numbers to improve communication and workflow within their businesses and to improve relationships with clients. Businesses employing such applications must be prepared to face the risks that accompany it.
Resource is for Tier One Leaders only
Resource is for Tier One Leaders only
   Threats to Information Protection This is Security Executive Council material  
An early release summary of "Threats to Information Protection 2015" provides a glimpse into the results of extensive research performed by Kennesaw State University's Center for Information Security Education (CISE) in partnership with the SEC. The summary material briefly covers the top ranked general, internal, and external threats to information protection. The research also investigated trends in staffing, changes in attack patterns and high risk technologies.
 
   Trend Research: Bring Your Own Device (BYOD) To Work This is Security Executive Council material  
Created By: Security Executive Council
This resource was developed based on a Tier 1 Leader and their IT colleague looking at productivity around the topic of BYOD to work (e.g., if I had my own phone or computer (e.g., Apple brand device) I could increase my productivity.) The research was then expanded to include further information on what peer corporations are doing in this area (e.g., pros, cons, must haves, challenges, risks and liabilities).
TIER 1 LEADERS: Log-in to obtain your copy.
OTHER VISITORS: Click the title to order this SEC resource.
Resource is for Tier One Leaders only
Resource is for Tier One Leaders only
   Using Twitter for Business Purposes This is Security Executive Council material  
Created By: Security Executive Council
In this security barometer the Council wanted to get an idea of how Twitter is being used for business purposes among our risk management leaders. We are sharing some good feedback that might be of interest to you as you consider if and how Twitter might play a role in your risk management programs.
 

Presentation Materials

   

Information Protection Program: BoD Presentation  This is Security Executive Council material  

Created By: Security Executive Council
A briefing in PowerPoint of an information protection framework to the Board of Directors.
Resource is for Tier One Leaders only
Resource is for Tier One Leaders only

Books/Guidelines/Manuals

   IT Security Response to Misconduct Allegations This is Security Executive Council material  
Created By: John Thompson, Security Executive Council Emeritus Faculty
This guide was written for the security executive to distribute to the person who has never been in the investigative field but is most likely to directly receive reports of misconduct allegations. It is for the business professional who has never been to an introductory investigations course. The series is also useful to the security executive or law department attorney who tasked with training professionals on what to do when they receive an allegation of wrongdoing. This book guides the non-security business professional through the investigative process up to the appropriate time to involve trained investigators.
A Tier 1 Leader item available for purchase. Visit our store.
Resource is for Tier One Leaders only
Resource is for Tier One Leaders only
   Information Protection Playbook, 1st Edition This is Security Executive Council material  
Created By: Security Executive Council
The primary goal of the Information Protection Playbook is to serve as a comprehensive resource for information protection (IP) professionals who must provide adequate information security at a reasonable cost. Using the guidelines provided in the Information Protection Playbook, security and information technology (IT) managers will learn how to implement the five functions of an IP framework: governance, program planning, risk management, incident response management, and program administration.
TIER 1 LEADERS: Log-in to obtain your copy. OTHER VISITORS: Click the title to order this SEC resource.

     Click here to view a short video describing this resource in more detail.
Resource is for Tier One Leaders only
Resource is for Tier One Leaders only

Articles

    2011 Annual Report for the Security Executive Council  This is Security Executive Council material  
Created By: Security Executive Council
This year's report covers activities, initiatives and resources in a three page condensed document. The information may be used to learn the kinds of support the SEC can offer you as well as a glimpse into what its members are tackling.
Click to download PDF file
745KB
    A Risk Management Perspective on How Security in Cloud Computing is Different from Security in Outsourced Services  This is Security Executive Council material  
Created By: Security Executive Council Staff
Security professionals compare and contrast the challenges facing cloud computing vs. outsourcing.
Click to download PDF file
211KB
    Confronting Global Risk  This is Security Executive Council material  
Created By: Francis D’Addario, Security Executive Council CSO Emeritus
Collective knowledge, common purpose, and intelligent action are fundamental stepping stones for global risk mitigation. To that end, the Overseas Security Advisory Council (OSAC) convened stakeholders in Washington, DC, on November 18 and 19, 2009. Those gathered for the 24th annual briefing, hosted by co-chairs Jeffrey Culver, U.S. State Department director of diplomatic security service, and David Schrimp, 3M’s director of corporate security services, took away a valuable experience. 
Click to download PDF file
116KB
    Is America Building a Cyber Security Sand Castle? William Crowell, former Deputy Director of the National Security Agency, helps explain how private sector efforts coupled with public sector policies can mitigate cyber threats. This is Security Executive Council material  
Created By: Marleah Blades, Security Executive Council Staff
Security has had more than 20 years to adjust to life in the Information Age. That’s the equivalent of two or three lifetimes in high-tech years. But it seems every time we feel closest to truly securing our networks, data and information, cybersecurity once again slithers out of our reach.
Click to download PDF file
500KB
    Is ERM leaving security behind? This is Security Executive Council material  
Created By: Marleah Blades, Security Executive Council Staff
Ideally, enterprise risk management (ERM) is a top-down, formal framework for identifying, prioritizing, analyzing, monitoring and managing all types of risk that an enterprise faces. It provides solid guidance for executive decision-making. It is headed by the strong leadership of a B-level or C-level officer and it enjoys the enthusiasm and involvement of the board and the entire executive team. It is founded on a clear articulation of the company’s risk appetite — aligned with business goals — that is communicated to employees at all levels. It is supported by a cross-functional management and advisory team that shares information about business unit risk.
Click to download PDF file
654KB
    Maintaining Security Employee Training When Faced With a Tight Budget  This is Security Executive Council material  
Created By: Security Executive Council Staff
Security professionals offer solutions for keeping security staff up-to-date despite budget restraints.
Click to download PDF file
257KB
    Network protection for security systems  This is Security Executive Council material  
Created By: Ray Bernard, Security Executive Council Subject Matter Expert Faculty
Networked security systems have a variety of vulnerabilities, and even standalone systems are not vulnerability-free. Security system networks can also have unique vulnerabilities that do not occur with business networks. The questions below were posed during a tech lab at ISC West around best practices for protecting IP-based security systems (www.BPforIP.com), where you can download two white papers relating to this topic. In this issue's column, I'm posing questions for you, the reader, to answer.
Click to download PDF file
351KB
    Protecting Companies from Identity Theft This is Security Executive Council material  
Created By: Marleah Blades, Security Executive Council Staff
SEC member Tony Heredia of Target and emeritus faculty Dick Lefler discuss how the data breach is changing how corporations look at what used to be mainly a consumer problem. From the June 2008 issue of ST&D magazine.
Click to download PDF file
352KB
    Protecting Intellectual Property  This is Security Executive Council material  
Created By: Security Executive Council Staff
Security professionals offer ways of ensuring the safety of your company's intellectual property.
Click to download PDF file
396KB
    The Myth of Convergence  This is Security Executive Council material  
Created By: George Campbell, Security Executive Council Emeritus Faculty
I love the headline in the January 13th Network World article Debate rages over converging physical and IT security! Not one CSO or CIO was invited to the debate, and I was enthralled with the notion that converged security fits in such a tiny IT package.
Click to download PDF file
331KB

Forums

   Faculty Advisor: A Holistic Information Protection Program This is Security Executive Council material  
Created By: Greg Kane, Security Executive Council Staff
My organization is about to revamp our information protection program. Can you provide any guidance as to how to make sure it’s holistic and will be embraced by all? Read Security Executive Staff member, Greg Kane's, answer to this question.
 
   Faculty Advisor: How Some Organizations Approach Information Assurance This is Security Executive Council material  
Created By: Herbert J. Mattord and Dr. Mike Whitman
Have you observed any changes or shifts in the way leading organizations are approaching IT and information assurance? Read Mattord and Whitman's response to this question.
 
   Faculty Advisor: Web 2.0 and Business Risks This is Security Executive Council material  
Created By: David A. Meunier, Security Executive Council Content Expert Faculty
What is your perception of the risks of Web 2.0 and what businesses should consider before deploying Web 2.0 applications? Read SEC Faculty member David Meunier’s answer to this question.