Information Security
InformationSecurity concerns itself with the technical aspects of SecurityManagement. The migration of material (and links) from SecurityManagement is not yet complete. -- dl
This is not the normal definition. InformationSecurity is about the security of information (and as such is really what's discussed on the SecurityManagement page. (inserts reminder to self to do a little gnoming later)
Resources
People to watch in InformationSecurity industry
- BruceSchneier
- Jothy Rosenberg
a WebServicesSecurity guru, founder of GeoTrust? and author of "Securing Web Services with WS-Security" (ISBN 0672326515).
Some of his articles include:
- "Visibility and health of WebServices the missing element" at
- John Pescatore
a GartnerInc VP with expertise in matters related to SecurityManagement.
Some of his views include:
- "Enterprises need to include security costs in Platform decisions"
Industry trends and developments
- Comparative study of IT security criteria 2001
- Paid Hackers
- Phishing (see section in SocialEngineering) becoming big time at end 2004
GoogleHacking becoming important battleground in early 05
Standards related to Information security
- Comparative study of IT security criteria 2001
- NIST Computer Security Resource Center.
Evolving interface between Information security and IT Audit -- Source: DonTurnblade
-
Undesputed Roles
-
Information Security
- Identity Management
- Incident Response
- Technology hardening standards
-
IT Audit
- Escallation can skip directly to top brass.
- IT Governance standards
-
Information Security
-
Examples of VP level relationship between IT Audit and Information Security
-
Information Security is a unit inside IT Audit
- Earnst & Young
-
Informaiton Security is a peer unit beside IT Audit
- Many leading mortgage lender companies
-
Information Security is the parent unit of IT Audit
- Verisign
-
Information Security is a unit inside IT Audit
See also InfoSec, WebApplicationSecurity, NetworkSecurity