Leadership Solutions

Edited_new_mems_people_shake2_copy.jpg

Knowledge Corner - Information Protection

The Knowledge Corner offers free resources to the public to plan and manage corporate security programs. If you can't find what you're looking for, use Find it For Me!™.
Contact us if you want to know the other ways we assist security practitioners.




Tools

   

Information Protection Program: RACI Matrix  This is Security Executive Council material  

Created By: Security Executive Council
For each regulation/guideline relevant to your organization, assign the roles and responsibilities.
Resource is for Tier One Leaders only
Resource is for Tier One Leaders only
   

Information Protection Program: Risk Assessment and Compliance Checklist  This is Security Executive Council material  

Created By: Security Executive Council
This tool and audit benchmark is designed to assess information security management practices using a framework of 102 security objectives. It is a compilation of common practices from standards (ISO 17799) and audit documentation from exemplary companies.
Resource is for Tier One Leaders only
Resource is for Tier One Leaders only
   

Information Protection Program: Security Awareness & Training Menu and Facility Management Self-Assessment  This is Security Executive Council material  

Created By: Security Executive Council
A matrix that provides awareness and training options and an example of a self-assessment for managers.
Resource is for Tier One Leaders only
Resource is for Tier One Leaders only

Research & Benchmarks

   Not Following Established Policy Tops List of Most Significant Threats to Information Protection This is Security Executive Council material  
Created By: Security Executive Council
An advance release of a summary of research conducted by Kennesaw State University CISE in partnership with the SEC reports that the most significant threat from internal sources was the inability/unwillingness to follow established policy. This was followed by disclosure due to insufficient training.
 
   Security Barometer - Centralized Risk Repository This is Security Executive Council material  
Created By: Security Executive Council
A centralized repository of risks provides a robust foundation for an effective risk management program. This latest Security Executive Council quick poll covering centralized risk repositories shares some enlightening results.
 
   

Security Executive Council Trend Report: Benefits and Risks of Web 2.0 in the Enterprise This is Security Executive Council material  

Created By: Security Executive Council
Enterprises are adopting Web 2.0 applications in increasing numbers to improve communication and workflow within their businesses and to improve relationships with clients. Businesses employing such applications must be prepared to face the risks that accompany it.
Resource is for Tier One Leaders only
Resource is for Tier One Leaders only
   Threats to Information Protection This is Security Executive Council material  
An early release summary of "Threats to Information Protection 2015" provides a glimpse into the results of extensive research performed by Kennesaw State University's Center for Information Security Education (CISE) in partnership with the SEC. The summary material briefly covers the top ranked general, internal, and external threats to information protection. The research also investigated trends in staffing, changes in attack patterns and high risk technologies.
 
   Trend Research: Bring Your Own Device (BYOD) To Work This is Security Executive Council material  
Created By: Security Executive Council
This resource was developed based on a Tier 1 Leader and their IT colleague looking at productivity around the topic of BYOD to work (e.g., if I had my own phone or computer (e.g., Apple brand device) I could increase my productivity.) The research was then expanded to include further information on what peer corporations are doing in this area (e.g., pros, cons, must haves, challenges, risks and liabilities).
TIER 1 LEADERS: Log-in to obtain your copy.
OTHER VISITORS: Click the title to order this SEC resource.
Resource is for Tier One Leaders only
Resource is for Tier One Leaders only
   Using Twitter for Business Purposes This is Security Executive Council material  
Created By: Security Executive Council
In this security barometer the Council wanted to get an idea of how Twitter is being used for business purposes among our risk management leaders. We are sharing some good feedback that might be of interest to you as you consider if and how Twitter might play a role in your risk management programs.
 

Presentation Materials

   

Information Protection Program: BoD Presentation  This is Security Executive Council material  

Created By: Security Executive Council
A briefing in PowerPoint of an information protection framework to the Board of Directors.
Resource is for Tier One Leaders only
Resource is for Tier One Leaders only

Books/Guidelines/Manuals

   IT Security Response to Misconduct Allegations This is Security Executive Council material  
Created By: John Thompson, Security Executive Council Emeritus Faculty
This guide was written for the security executive to distribute to the person who has never been in the investigative field but is most likely to directly receive reports of misconduct allegations. It is for the business professional who has never been to an introductory investigations course. The series is also useful to the security executive or law department attorney who tasked with training professionals on what to do when they receive an allegation of wrongdoing. This book guides the non-security business professional through the investigative process up to the appropriate time to involve trained investigators.
A Tier 1 Leader item available for purchase. Visit our store.
Resource is for Tier One Leaders only
Resource is for Tier One Leaders only
   Information Protection Playbook, 1st Edition This is Security Executive Council material  
Created By: Security Executive Council
The primary goal of the Information Protection Playbook is to serve as a comprehensive resource for information protection (IP) professionals who must provide adequate information security at a reasonable cost. Using the guidelines provided in the Information Protection Playbook, security and information technology (IT) managers will learn how to implement the five functions of an IP framework: governance, program planning, risk management, incident response management, and program administration.
TIER 1 LEADERS: Log-in to obtain your copy. OTHER VISITORS: Click the title to order this SEC resource.

     Click here to view a short video describing this resource in more detail.
Resource is for Tier One Leaders only
Resource is for Tier One Leaders only

Articles

    Is America Building a Cyber Security Sand Castle? William Crowell, former Deputy Director of the National Security Agency, helps explain how private sector efforts coupled with public sector policies can mitigate cyber threats. This is Security Executive Council material  
Created By: Marleah Blades, Security Executive Council Staff
Security has had more than 20 years to adjust to life in the Information Age. That’s the equivalent of two or three lifetimes in high-tech years. But it seems every time we feel closest to truly securing our networks, data and information, cybersecurity once again slithers out of our reach.
Click to download PDF file
500KB
    Is ERM leaving security behind? This is Security Executive Council material  
Created By: Marleah Blades, Security Executive Council Staff
Ideally, enterprise risk management (ERM) is a top-down, formal framework for identifying, prioritizing, analyzing, monitoring and managing all types of risk that an enterprise faces. It provides solid guidance for executive decision-making. It is headed by the strong leadership of a B-level or C-level officer and it enjoys the enthusiasm and involvement of the board and the entire executive team. It is founded on a clear articulation of the company’s risk appetite — aligned with business goals — that is communicated to employees at all levels. It is supported by a cross-functional management and advisory team that shares information about business unit risk.
Click to download PDF file
654KB
    Protecting Intellectual Property  This is Security Executive Council material  
Created By: Security Executive Council Staff
Security professionals offer ways of ensuring the safety of your company's intellectual property.
Click to download PDF file
396KB
    The Myth of Convergence  This is Security Executive Council material  
Created By: George Campbell, Security Executive Council Emeritus Faculty
I love the headline in the January 13th Network World article Debate rages over converging physical and IT security! Not one CSO or CIO was invited to the debate, and I was enthralled with the notion that converged security fits in such a tiny IT package.
Click to download PDF file
331KB

Forums

   Faculty Advisor: A Holistic Information Protection Program This is Security Executive Council material  
Created By: Greg Kane, Security Executive Council Staff
My organization is about to revamp our information protection program. Can you provide any guidance as to how to make sure it’s holistic and will be embraced by all? Read Security Executive Staff member, Greg Kane's, answer to this question.
 
   Faculty Advisor: Web 2.0 and Business Risks This is Security Executive Council material  
Created By: David A. Meunier, Security Executive Council Content Expert Faculty
What is your perception of the risks of Web 2.0 and what businesses should consider before deploying Web 2.0 applications? Read SEC Faculty member David Meunier’s answer to this question.