How to Share Best Security Practices

Similar documents
How to gain and maintain ISO certification

Benchmark of controls over IT activities Report. ABC Ltd

IT Governance Implementation Workshop

IT Audit in the Cloud

ISO 27001:2005 & ISO 9001:2008

MANAGEMENT DEVELOPMENT COURSES

Re: Experience with the Framework for Improving Critical Infrastructure Cybersecurity ( Framework )

Hence to overcome these challenges, it has become imperative to learn these topics and create awareness amongst the employees.

Cybercrime & Cybersecurity: the Ongoing Battle International Hellenic University

Recommendation for IT Governance Using the COBIT 4.1 Framework

Val-EdTM. Valiant Technologies Education & Training Services. Workshop on Change Management. All Trademarks and Copyrights recognized.

Terms of Reference for an IT Audit of

ISO 9001 Quality Management System Lead Auditor Training (IRCA)

Criticism of Implementation of ITSM & ISO20000 in IT Banking Industry. Presented by: Agus Sutiawan, MIT, CISA, CISM, ITIL, BSMR3

Frequency Asked Questions Information Security Management System (ISMS) Standards Version 3.0 May 2005

Assurance of Open Source Projects

Choosing Ascentor as your cyber security partner. Secure your information Strengthen your business

Information Security Management Systems. Chief Operating Officer, Director of Strategy and Business Development, Chief Information Security Officer

San Francisco Chapter. Presented by Mike O. Villegas, CISA, CISSP

Service management: what standards can do for business the example of FitSM Cloud Security Alliance - All Rights Reserved.

Compliance Security Continuity

List of courses offered by Marc Taillefer

How To Build An Open Source Data Infrastructure

Security Organization & Awareness. Januari, 28/29th th CENTR Security Workshop Brussels Bert ten Brinke

ITIL Foundation Certification Course

State of South Carolina InfoSec and Privacy Career Path Model

DoD Directive (DoDD) 8570 & GIAC Certification

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

Trends in Information Technology (IT) Auditing

ISACA ON-SITE TRAINING DELIVERS EXPERT INSTRUCTION AT YOUR WORKPLACE

Integrating the Project Portfolio Management and Service Portfolio Management: The Governance of Enterprise IT Perspective

Val-EdTM. Valiant Technologies Education & Training Services. 2-day Workshop on Business Continuity & Disaster Recovery Planning

Training Catalogue

Compliance & information security A (bit of a) rant. Jodie Siganto

Open Access to scientific data. SwissCore Annual Event Brussels, 14 May 2014

Understanding Management Systems Concepts

Career Survey. 1. In which country are you based? 2. What is your job title? 3. Travel budget. 1 of 28. Response Count. answered question 88

How To Implement An Information Security Management System

ow to use CobiT to assess the security & reliability of Digital Preservation

Introduction to ISACA and ITGI By Georges Ataya, International Vice President, ISACA

IMPLEMENTATION OF HIGH-PERFORMANCE SECURITY MANAGEMENT PROCESSES

CLASSIFICATION SPECIFICATION FORM

CSI study. A white paper from the itsmf Finland Continual Service Improvement Special Interest Group

Information Security and Governance in ERP Implementation (JD Edwards)

ITIL Service Lifecycle Operation

Information Security Management Systems

IT Security Management 100 Success Secrets

Information Security Certifications

BCS Specialist Certificate in Business Relationship Management Syllabus. Version 1.9 March 2015

ISACA Tools Help Develop Cybersecurity Expertise

IT Service Management ITIL, COBIT

GIAC Program Overview 2015 Q4 Version

ITSM Governance In the world of cloud computing

Information Security Specialist Training on the Basis of ISO/IEC 27002

G11 EFFECT OF PERVASIVE IS CONTROLS

REPORT PSO Workshop. Beneficiaries Accountability in Humanitarian Assistance The Hague, 10 December Henk Tukker

PRCA Communications Management Standard (CMS) for In-House Teams

BCS Specialist Certificate in Service Desk & Incident Management Syllabus

Governance and Management of Information Security

G13 USE OF RISK ASSESSMENT IN AUDIT PLANNING

Auditors Need to Know June 13th, ISACA COBIT 5 for Assurance

Don t let your SIeM become your Nightmare!

CFIR - Finance IT 2015 Cyber security September 2015

Revised October 2013

>

Service Desk Institute 10 Steps To Successful ITSM Tool Selection

Tutorial: Towards better managed Grids. IT Service Management best practices based on ITIL

Document Hierarchy of Information Security. Corporate Security Policy. Information Security Standard. General Directive(s) Specific Directive(s)

Using COSO Small Business Guidance for Assessing Internal Financial Controls

Chayuth Singtongthumrongkul

Safer food supply chains why assessments are great news for your business

WELCOME LETTER Business Opportunity overview and next steps

ROLE PROFILE INFORMATION SECURITY ANALYST

NetIQ FISMA Compliance & Risk Management Solutions

COBIT 5 for Risk. CS 3-7: Monday, July 6 4:00-5:00. Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.

SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles

COBIT 5: A New Governance Framework for Managing & Auditing the Technology Environment CS 6-7: Tuesday, July 7 3:30-4:30

AN OVERVIEW OF INFORMATION SECURITY STANDARDS

IBM Hosted Application Scanning

Cybersecurity Audit Why are we still Vulnerable? November 30, 2015

Specialist consultancy for the transport and logistics sector

What We Do. security. outsourcing. policy and program. application. security. training & awareness. security solutions

Core Fittings C-Core and CD-Core Fittings

Brochure Service Design SPO

IT Senior Audit Leader

Citation for published version (APA): Berthing, H. H. (2014). Vision for IT Audit Abstract from Nordic ISACA Conference 2014, Oslo, Norway.

Implementing the Business Owner concept for IT systems. Tony Lester September 2012

System Audit Framework

HP Cyber Security Control Cyber Insight & Defence

Methodology for a Practical Implementation of Management Standards in Concrete Service Provisioning Scenarios

GIAC Certification. Enterprise Solution

Asset Transfer Stage 2 Main Application Form

How to gain accreditation for a G-Cloud Service

WSECU Cyber Security Journey. David Luchtel VP IT Infrastructure & Opera:ons

Sector Development Ageing, Disability and Home Care Department of Family and Community Services (02)

Roles & Grades Rate Cards and Applicable SFIA Skills

Big Data: Impact, Benefits, Risk and Governance

ITIL v3 Service Manager Bridge

Enabling Information PREVIEW VERSION

Brochure Service Design ILO

Transcription:

How to Share Best Security Practices Urpo Kaila, EUDAT Security Officer urpo.kaila@csc.fi, security@eudat.eu WISE Workshop for Information Security for E-infrastructures 2015-10-22, Barcelona This work is licensed under the Creative Commons CC-BY 4.0 licence. Attribution: EUDAT www.eudat.eu EUDAT receives funding from the European Union's Horizon 2020 programme - DG CONNECT e-infrastructures. Contract No. 654065 www.eudat.eu

Standard Building Blocks of Information Security Several frameworks available Security Reviews and Tes9ng Confiden9ality Integrity Availability So<ware and Service Development Security Security and Risk Management Computer Security Network Security Opera9onal Security Assets - > Risks - > Controls - > Metrics Governance & ITSM Access Controls Asset Management

Different kind and levels of security skills Auditors Directors IT Security Managers Administrators, Operators Programmers IT - Support Service Managers Users Experts on technical security Security Managers, Operating Engineers

Well known legacy professional security skills definitions and certifications Security Management (ISC)² CBK ISACA COBIT PECB Generic CISSP CISM GCED GCIH GSNA Technical Security SANS CEH BoK Vendor specific (includes security) MTA RHCSE

How do you measure security skills? By bragging? By experience? CV? By trainings obtained? By certifications achieved? Skills certifications are standard requirements in the private sector Obtaining and maintaining such certification is somewhat expensive A certification shows that a person knows at least the basics of the trade it does not prove that the person is a senior professional, which requires more experience.

A common problem with generic security skills and security guidelines It is difficult to apply them efficiently in your organisation Proceed from outlining to to implementation

How can skills become practice? The principles and theoretical skills must be adapted in your context in an reasonable and in an efficient way Best practices should be implemented Definition (wikipedia): A best practice is a method that has consistently shown superior. Best practices are used to maintain quality and can be based on benchmarking. Best practices are a feature in many of accredited management standards.

How could implementation be easier? Necessary prerequisites Skills Management support A plan with check-ups Leadership (it will not just happen) Share experiences on how to implement with your peers Also cover confidential/sensitive information Informal information often more crucial than formal documents Apply the House of Chatham rule One size does not fit all

A successful track record I ve had rewarding experiences in sharing best practices with Several government agencies Private companies NREN s Universities Research infrastructures It would probably have been extremely difficult for us to achieve ISO 27001 without sharing best practices earlier The standards and frameworks tell you what to do Best practices tells you, by examples, how to do it

Methods of sharing best practices Articles, books Presentations Trainings Reviews and audits Guidelines Site visits Workshops Informal communication N.B. Everything does not need to be formalised, informal f2f meetings are also very valuable

Suggestions for joint ISMS activities Joint skills transfer program on operational security A training kit for Site Security Officers A non-profit lightweight skills certification for Site- Security Officers A voluntary practice sharing program for Site visits for ISMS sharing Peer reviews/audits of ISMS Articles on current ISMS practices Develop a multilateral NDA covering all of above An effort to apply resources and funding for all above I personally volunteer to contribute if feasible

Thank you! All comments are welcome to: urpo.kaila@csc.fi EUDAT related security incidents -> csirt@eudat.eu Other EUDAT security related -> security@eudat.eu www.eudat.eu

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information