DIY Webinar #4 – How To Build an Awareness & Training Program

The Information Security Leadership Forum is please to announce the fourth in our DIY Webinar Series, “How To Build an Awareness & Training Program.”

academics intro webinarIn this fourth session in our DIY webinar series on, we’ll be engaging attendees in a high-level discussion on how to construct an employee information security awareness and training program, based on the ACADEMICS methodology. It doesn’t matter whether you’re developing your awareness and training program for the topic of security, privacy, business continuity, etc. the methodology works for all shapes and sizes. The real value of an information security employee awareness and training program is that it distributes the basic knowledge required by employees across the organizations to know how to and why, protect sensitive organizational information assets.

After the Webinar

This webinar will be the launching point to establish an industry working group on this topic. No matter whether you’re new to the topic, or a seasoned expert participating in this event and the work group that follows will be a great stepping stone for your career and the community at large.

DIY Webinar #3 – How To Build an Interim Business Continuity Plan

The Information Security Leadership Forum is please to announce the third in our DIY Webinar Series, “How To Build an Interim Business Continuity Plan.”

Interim BCPAfter this webinar you will know based on the case study you will be introduced to, how our speaker has helped one client overcome this issue that plagues many medium and large sized organizations, who have not made the full investment yet to build their business continuity program. Don’t be the reason your organization folded after the next disaster, register and participate in this captivating webinar.

After the Webinar

This webinar will be part of a litmus test to understand the interest of this community to move beyond the basics and establish a formal working group and initiatives on the topic of Business Continuity within the Information Security Leadership Forum.

DIY Webinar #2 – How To Measure Your Information Security Program for Tangible Business Value

The Information Security Leadership Forum is please to announce the second in our DIY Webinar Series, “How To Measure Your Information Security Program for Tangible Business Value.”

Measure_Business_ValueOne of the biggest challenges for information security leaders and the programs they manage, is to find ways to identify and articulate tangible value for the investment an organization makes in its information security program. Learning to establish and maintain a performance measurement program with defined objectives, focus areas, and performance indicators is fundamental to achieving this critical understanding and communicating value proposition to the business.

During this webinar attendees will learn how to:

  1. identify business objectives & define security program objectives
  2. Identify performance measurements
  3. analyze performance indicators to assess effectiveness
  4. have a meaningful conversation with business leaders on the security program’s performance

After the Webinar

This webinar will be the launching point to establish an industry working group on the topic of information security metrics. No matter whether you’re new to the topic, or a seasoned expert participating in this event and the work group that follows will be a great stepping stone for your career and the community at large.

DIY Webinar #1- Building a Business Focused Information Security Program, and Achieve Compliance as a Byproduct

The Information Security Leadership Forum is please to announce the first in our DIY Webinar Series, “Building a Business Focused Information Security Program, and Achieve Compliance as a Byproduct.”

Business_Focused_SecurityOne of the biggest challenges for many organizations is that their information security program was historically built in a tactical fashion, threat vector by threat vector, counter measure by counter measure, without focused consideration to or alignment with the business strategy. After all, Information Security leaders have traditionally come from IT. To be fair and honest, in IT we know IT well, but how well do we even know or understand where our company is going and how it will get there. This is exacerbated by the fact that our Information Security Departments have historically been under manned and over worked. It’s not like we would not have wanted to do this if we had time, but who had the time. Weren’t we all fighting fires and trying to keep up with the hackers? When asked, most security leaders today will tell you that their budget submission and project pipeline has been predicated on audit and security assessment findings.

During this webinar attendees will learn how to right size their security program aligning them with the business strategy and associated objectives, to demonstrate tangible evidence of value to the organization. In this one hour presentation you will be afforded an understanding of how using the ISO 27001 as a framework you can:

  • Define program objectives based on your organization’s business strategy;
  • Build an information security program around the business strategy;
  • Establish metrics and monitor performance; and
  • Achieve compliance as a byproduct.

After the Webinar

This webinar will be the launching point to establish an industry working group on the topic of enterprise information security strategy. No matter whether you’re new to the topic, or a seasoned expert participating in this event and the work group that follows will be a great stepping stone for your career and the community at large.

Do Your Company Execs Get it?

Presumably you’ve heard of IQ (Intelligence Quotient) and EQ (Emotional Intelligence), so let’s start a conversation about SQ (Security Intelligence). Not threat intelligence or anything like that, but rather one’s knowledge and understanding level of information security, the risks it is designed to combat, and the impact when failing to follow through.

Many information security professionals would score in a comfortable zone of SQ, but what about the business leaders in their organizations who make the ultimate decisions regarding supporting and sponsoring internal security strategies and the budgets to businessman workingrealize these strategies. When their SQ is low, this could inadvertently result in poor investment decisions with devastating impact.

This subject is offered as an opener for a dialogue on the topic. In your opinion, is this a real issue? Does something needs to be done to support security leaders in the trenches?

Having been a security leaders in the field, and supporting other CISOs for many years now, I for one think we as a collective community inside the ISLF could do great things by collaborating and putting together an executive educational tool kit for CISOs.

What are your thoughts?