Articles

Welcome to our articles page. You will find articles on various aspects of Information Security and Business Continuity promulgated here. This is done on an ongoing basis for free of cost for your education. We emphasize your cooperation to refrain from redistributing our content for commercial purposes without our prior written consent. However, you are free to use it for your personal (educational and research) purposes or to implement a certain roadmap or strategy in your organization.

 

We partner with CyAlpha — a Calgary-based Cyber consulting firm, to offer you the above services.


InfoSec Strategy, Core Series Rhonald John Rose InfoSec Strategy, Core Series Rhonald John Rose

Developing Information Security Strategy: Concluding IDENTIFY phase

Continuing where we left in the previous article, in this article, we discuss the last four activities involved in the IDENTIFY phase, that is organizational boundaries, security frameworks, how to assess the current state of the previous security programs, and finally, how to assess the maturity of the security systems that are already in place.

Read More
InfoSec Strategy, Core Series Rhonald John Rose InfoSec Strategy, Core Series Rhonald John Rose

Developing Information Security Strategy: Planning for stakeholder requirements

In this article, you will learn about profile canvas templates and how to integrate them into a workshop setting. Developing hypothetical stakeholder profiles before the workshop can help you figure out the direction the interviews should take. Customer profile canvas lets you learn more about the expectations of the business from the Cybersecurity strategy.

Read More
Core Series, InfoSec Strategy Rhonald John Rose Core Series, InfoSec Strategy Rhonald John Rose

Developing Information Security Strategy: Introduction

This is the first of a new multipart educational series: Developing Information Security Strategy.

Organizations sometimes build walled gardens to secure information — a heavily armed ecosystem that does not interact freely with the outside world to support ideas that can push the company forward.

We have used Design Thinking process to radically rethink the way we design and implement InfoSec Strategy in the organizations.

This is not yet another framework such as COBIT to implement your InfoSec strategy. Instead, this is a method to design your InfoSec strategy that benefits your organization and receive support from your peers.

In this series, we will explore a range of topics that are necessary to create an optimal strategy, including:

  • How to incorporate security operations into your strategy

  • Information classification

  • How to integrate SIEM, SOAR and SDAR

  • When to outsource some or all of of your InfoSec strategy

Read More