InformationSecurity concerns itself with the technical aspects of SecurityManagement. The migration of material (and links) from SecurityManagement is not yet complete. -- dl
This is not the normal definition. InformationSecurity is about the security of information (and as such is really what's discussed on the SecurityManagement page. (inserts reminder to self to do a little gnoming later)
Resources
People to watch in InformationSecurity industry
a
WebServicesSecurity guru, founder of GeoTrust
?? and author of "Securing Web Services with WS-Security" (
ISBN 0672326515 ).
Some of his articles include:
- "Visibility and health of WebServices the missing element" at
- John Pescatore
a
GartnerInc VP with expertise in matters related to
SecurityManagement.
Some of his views include:
- "Enterprises need to include security costs in Platform decisions"
Industry trends and developments
- Comparative study of IT security criteria 2001
- Paid Hackers
- Phishing (see section in SocialEngineering) becoming big time at end 2004
GoogleHacking becoming important battleground in early 05
Standards related to Information security
- Comparative study of IT security criteria 2001
- NIST Computer Security Resource Center.
Evolving interface between Information security and IT Audit -- Source:
DonTurnblade
- Undesputed Roles
- Information Security
- Identity Management
- Incident Response
- Technology hardening standards
- IT Audit
- Escallation can skip directly to top brass.
- IT Governance standards
- Examples of VP level relationship between IT Audit and Information Security
- Information Security is a unit inside IT Audit
- Informaiton Security is a peer unit beside IT Audit
- Many leading mortgage lender companies
- Information Security is the parent unit of IT Audit
See also InfoSec, WebApplicationSecurity, NetworkSecurity
CategorySecurity CategoryEnterpriseComputingConcerns
Information Security