in

Training And Awareness Blog

ISM-Community Releases Top Ten for IT Security Management

Press Release for the ISM Top Ten List:

ISM-Community Releases Top Ten for IT Security Management

Worldwide community of information security managers cuts through the FUD to offer the fundamentals

Washington, DC June 28th, 2007 — The Non-Profit Information Security Management Community (http: //www.ism-community.org/) today announced its ISM-Community Top Ten list, an awareness document that describes a series of key issues that effect today’s information security managers.

Taking a refreshing break from the typical fear, uncertainty, and doubt that information security managers are deluged with on a daily basis, the ISM-Community presents a simple, easily-understood, pragmatic approach towards managing information security.

"The ISM Community Top 10 will provide security management and professionals with guiding principles to build a solid program within any organization. It also serves as a great reminder to managers of existing programs to focus on the fundamentals."--Ed Bellis, CISO Orbitz Worldwide, ISM-Community Top Ten Contributor

The Top Ten list describes key concepts that should be part of any effective information security program.  Organizations can quickly compare their current information security program against the Top Ten list and determine if and whether they need to improve.

“The ISM-Community Top Ten offers invaluable insight into how to get security management embedded into your organization – advice from some of the top InfoSec people in the industry.” --Tim Smith, Director Bridge Point Communication, Top Ten Main Author

The Top Ten list is released under a Creative Commons license and can be downloaded for free from the ISM-Community website at http://www.ism-community.org/files/ .

"The Chief Security Officers and Chief Information Security Officers that I’ve talked to about the ISM  Top Ten have told me, ‘Finally, some home truths and straight-talking advice from real world security people and not thinly disguised marketing or spin from people wanting you to buy products’" –Mark Curphey, ISM-Community Founder

The ISM-Community is developing other projects along the lines of the Top Ten to be released throughout the upcoming months touching on 5 key focus areas: identity and privacy, risk management, policies and standards, training and awareness, and information security management commons.

"If the Top Ten is an indicator, the ISM-Community shows real promise to become the thought leaders in information security management.  The Top Ten is an excellent starting point, and future projects will only build upon the foundation that the Top Ten provides.”—Michael Smith, ISM-Community Leader

For additional information or inquiries contact: Michael Smith at 703.855.0890 (Not for Publication), info.ismcommunity@gmail.com or http://www.ism-community.org/ .

 

About ISM-Community:

The ISM-Community, founded in 2006 by a group of information security managers, is a “Community of Practice” where people can collaborate on information security both online and in person, creating and sharing things that improve everyone’s collective working life and that everyone can use for free, without conditions.  We don’t want the baggage of formal organizations, politics or hidden agendas but do want a sensible amount of organization and structure.  More information can be found on our website at http://www.ism-community.org/aboutus.aspx

 

Downloadable .doc

Published Jun 29 2007, 04:22 PM by rybolov
Filed under: , ,

Comments

 

The Guerilla CISO » Blog Archive » Top Ten Announcement/Press Release Now Up said:

Pingback from  The Guerilla CISO  » Blog Archive   » Top Ten Announcement/Press Release Now Up

June 29, 2007 5:36 PM
 

Manage your Information Security - Manage your Business said:

Pingback from  Manage your Information Security - Manage your Business

July 3, 2007 8:28 PM

About rybolov

Russian Linguist, linux administrator, flyfisher, and security geek at-large.

My official press bio:

Michael Smith is the Chief Information Security Officer with the Unisys Federal Service Delivery Center based in Reston, Virginia. His scope of responsibility includes both providing governance and managing risk for several data centers, Security Operations Center, Network Operations Center, Server Management Team, and several disaster recovery sites.

Michael has performed numerous tasks throughout the Certification and Accreditation (C&A) process for clients in the Federal Civilian and Department of Defense environments. He has designed and performed security testing and evaluation engagements against national level systems in both the Federal Civilian and Department of Defense environments.

Michael graduated from the prestigious Defense Language Institute in Monterey, CA with a Department of Defense advanced linguistic certification in Russian and spent several years on active duty in the US army as a translator and specialist in information security.

Michael assisted with development of a DITSCAP methodology and Standard Operating Procedures for the Department of Defense's Tricare Management Activity (TMA) as well as performed many of the tasks associated with that methodology. Throughout the time Michael spent working with the TMA, he was responsible for development of documentation, performing security testing and evaluation, evaluating and conducting assessments of physical security, and the development and performance of risk assessments for remote sites throughout the continental United States.

While engaged with the Transportation Security Administration, Michael developed C&A documentation for numerous systems and sites throughout the Transportation Security Administration and helped to use C&A as the catalyst to build a security program.

In 2004, Michael was activated as a member of the Virginia National Guard and deployed to Afghanistan, where he conducted numerous combat patrols as an infantry squad leader.

All Rights Reserved - The ISM-Community
Powered by Community Server (Commercial Edition), by Telligent Systems