http://www.infosectoday.com Information Security Today (www.infosectoday.com) provides essential information for managing the security of a modern, evolving enterprise. It is written for information security managers and other technical managers and staff who are the first-line support responsible for the daily, efficient operation of security policies, procedures, standards, and practices. It covers access control systems and methodologies; computer operations security; application and systems development; business continuity and disaster recovery planning; telecommunications and network security; security architecture and models; physical security; cryptography; security management practices; law, investigations, and ethics. en-us Mon, 30 Aug 2010 08:30:00 EST The adaptive security management architecture (ASMA) seeks to take advantage of existing security practices and build upon them to promote the value of security to the business and to ensure a meaningful security posture. The ASMA is as much about the business and the security organization operating as a business unit as it is about security, risk, and compliance. There are many facets to the ASMA to achieve this. Moreover, the characteristics of the ASMA provide clear visibility into operations and security that ultimately translate to adaptability and enabling the business. This excerpt explains how ASMA closes the gap between business needs and security needs and redefines security in the eyes of the business to be seen as a valuable, enabling force. http://www.infosectoday.com/Articles/Adaptive_Security_Management_Architecture/Adaptive_Security_Management_Architecture.htm rich.ohanley@taylorandfrancis.com Mon, 30 Aug 2010 08:30:00 EST While your organization's marketing and sales teams attempt to leverage security as a market differentiator, information security leadership faces the daunting challenge of "doing more with less." This chapter sets out the benefits and provides a business case for an information security management system (ISMS) that conforms to the ISO 27001 standard. http://www.ittoday.info/Articles/ISO_27001_Certification.htm rich.ohanley@taylorandfrancis.com Mon, 23 Aug 2010 08:30:00 EST Filled with first-hand practitioner insights in implementing ITIL in a number of large organizations across industries, Ahmad K. Shuja discusses the key challenges organizations experience as they try to leverage ITIL V3 to achieve desired transformations and approaches that they adopted to address those challenges. The text explains the key components needed to successfully implement, operate, and optimize ITIL service management. The book includes implementation patterns, detailed plans for each of the patterns, and templates and checklists to facilitate the implementation of your transformational efforts. http://www.crcpress.com/product/isbn/9781420089394 rich.ohanley@taylorandfrancis.com Mon, 23 Aug 2010 08:30:00 EST In this article, the authors provide some practical guidelines for virtual team leaders to help discern when team members need direction, support, or a combination--and how best to provide what team members need. http://www.infosectoday.com/Articles/Adaptive_Threats_and_Defenses.htm rich.ohanley@taylorandfrancis.com Mon, 16 Aug 2010 09:30:00 EST The survival of living organisms is often dependent on their ability to compensate for changes in their environment. The ability of an organism to compensate for changes encountered is referred to as adaptation. Predominately, the methods of adaptation involve changes in the organism's behavior, physical characteristics, or both. Some creatures are able to learn new skills or tricks that allow them to cope when changes occur. In other cases an organism might undergo a genetic mutation that provides it with a slight advantage over its rivals allowing it to survive better given the changed conditions. Adaptation can also occur with the combination of altered behaviors and new mutations. The ability to adapt is also exhibited in the cyber realm by threats and defenses. This article is primarily focused on the adaptability of attacker malware and defender security tools. http://www.infosectoday.com/Articles/Adaptive_Threats_and_Defenses.htm rich.ohanley@taylorandfrancis.com Mon, 09 Aug 2010 10:30:00 EST For project managers, the balanced scorecard is an invaluable tool that permits the project manager to link a project to the business side of the organization using a "cause and effect" approach. Some have likened balanced scorecard to a new language, which enables the project manager and business line managers to think together about what can be done to support or improve business performance. This chapter examines the fundamentals of balanced scorecard as it relates to the precepts of project management. It examines the balanced scorecard in relationship to the organization and the people, processes, technologies, and products that are components of discrete projects, programs, and collaborative efforts. http://www.ittoday.info/Articles/Balanced_Scorecard_and_Project_Manager.htm rich.ohanley@taylorandfrancis.com Mon, 02 Aug 2010 11:50:00 EST ITIL is a set of best practices built around a process model-based view of controlling and managing IT operations. ITIL is considered one set of best practices in the more general field of ITSM. It is important to remember that ITIL is truly a library of books. The architecture of ITIL can be thought of as the structure imposed by the titles of the books that describe the best practices. Alternatively, the architecture can be thought of as the set of practices that make up the life cycle that ITIL describes. http://www.itperformanceimprovement.com/Articles/NS-Virtual_Relationships_Require_Real_Conversations.htm rich.ohanley@taylorandfrancis.com Mon, 12 Jul 2010 08:30:45 EST This guide gives you a starting point and an all-in-one resource for building an awareness program for your organization. Rebecca Herold applies knowledge obtained through her work in education, creating a comprehensive resource of nearly everything involved with managing an infosec and privacy training course. This book includes examples and tools from a wide range of businesses, enabling you to select effective components that will benefit your organization. You'll progress from the inception of an education program through development, implementation, delivery, and evaluation. http://www.crcpress.com/product/isbn/9781439815458 rich.ohanley@taylorandfrancis.com Mon, 12 Jul 2010 08:30:45 EST Can you build a trusting relationship when you've never had an actual conversation? (And no, IM, email, text, Twitter and blog "conversations" don't count!) While it may be possible, it's pretty unlikely. Most business conversations tend to focus on tasks and priorities, whether to review the progress of a current project, delegate actions or make decisions. To build relationships, a certain kind of conversation needs to take place that goes beyond the usual checklist review or status report. While this type of conversation requires more effort, it's almost impossible to collaborate successfully without it. This article offers guidelines to create opportunities for conversations expressly designed to build relationships. http://www.itperformanceimprovement.com/Articles/NS-Virtual_Relationships_Require_Real_Conversations.htm rich.ohanley@taylorandfrancis.com Tue, 06 Jul 2010 09:12:45 EST Organizations need to keep information such as employee personnel records, financial statements, contracts and leases, and more. Given the vast amount of paper and digital media that amasses over time, effective information destruction policies and practices are now a necessary part of doing business and will likely save organizations time, effort and heartache, legal costs as well as embarrassment and more. In today's litigious environment, there are a plethora of aggressive lawyers that would love to devour your organization for failure to take due care around document and media destruction. This article looks at the key areas to ensure that your organization does not fall prey to such lawyers when it comes to the physical destruction of documents and records. http://www.ittoday.info/Articles/Destruction_Requirements.htm rich.ohanley@taylorandfrancis.com Mon, 28 Jun 2010 08:30:45 EST Many of the software books available clearly highlight the problems with current software development but don't provide comprehensive, easily actionable, ground-level solutions. Covering the entire secure software development life cycle that ties all development together, this book presents quality software development strategies and practices stressing resilience requirements with precise, actionable, and ground-level inputs that connect directly with their creators. The text helps developers understand fundamental problems and provides them with best practices, principles, design methodology, programming guidance, and testing practices. http://www.crcpress.com/product/isbn/9781439826966 rich.ohanley@taylorandfrancis.com Mon, 28 Jun 2010 08:30:45 EST Most everyone outsources some part of their technology operation for all sorts of good-and occasionally bad-reasons. There's a reason why the IT services industry is clipping along at well over $1B per day in the United States alone. More and more companies have discovered the benefits of outsourcing relative to the recruitment and maintenance of large internal IT staffs. In the early years, we all thought outsourcing was about saving money, but then we discovered the truth: outsourcing it not only about saving money, but it's about rerouting money from non-core to core activities. http://www.ittoday.info/Articles/Core_IT_Competency.htm rich.ohanley@taylorandfrancis.com Mon, 21 Jun 2010 10:30:45 EST A variety of laws and regulations have surfaced over the past decade in an attempt to strengthen the security of information stored within the companies to which the information assets are entrusted. As a result of these laws and regulations, various security control "standards" and "frameworks" have evolved and become popular means to meet the requirements of the laws. Because laws and regulations are intentionally developed at a higher, "what needs to happen" level vs. the "how to secure the information" level, the standards and control frameworks become valuable tools to ensure that security is planned, organized, implemented, tested, and monitored. http://www.infosectoday.com/Articles/Control_Frameworks_for_Compliance.htm rich.ohanley@taylorandfrancis.com Mon, 14 Jun 2010 11:30:45 EST Watch as Jim Tiller talks with Steve Fried about mobile device security at Infosecworld 2010. http://www.ittoday.info/Video/Fried_MDS_Interview.mp4 rich.ohanley@taylorandfrancis.com Tue, 01 Jun 2010 15:30:45 EST Explaining how mobile devices can create a backdoor to security threats, this book details actions that can be taken to defend against these threats. It defines the concepts essential to understanding the security threats to contemporary mobile devices, and takes readers through the policy, process, and technology decisions that must be made. Highighting the risks inherent when mobilizing data, the text supplies a proven methodology for identifying, analyzing, and evaluating these risks. It examines the methods used to store and transport mobile data and illustrates how the security of that data changes as it moves from place to place. http://www.crcpress.com/product/isbn/9781439820162 rich.ohanley@taylorandfrancis.com Tue, 01 Jun 2010 08:30:45 EST