Security zone: opinions and insights from experienced professionals

managerial controls. Issues of management, accountability and operational strategy are evolving quickly.

To help IT departments navigate some of the challenges, Computer Weekly invited (ISC)2 certified members to share their experience and opinions of current issues. Experienced professionals specialising in the management and or practice of information security, this group has tackled a number of interesting topics. These range from evaluating the business case for standards, assessing metrics, and setting priorities for PCI compliance, to more technical concerns such as securing the database, testing malware products and patching Macs.

IT has a significant consultative as well as administrative role to play in the management of information security. These articles have been developed to help you think through the challenges and influence decision makers. Appearing regularly in Computer Weekly, they are now archived here for your reference.

• Business and IT security
• Eavesdropping, hacking and malware
• Outsourcing and IT security
• Regulation, legislation and compliance
• Security strategies
• Web 2.0 and social networking
• (ISC)2 links
• Other links

 

Business and IT security

• UK reliant on US for innovation by Rob Newby (November 2007)
• Virtualisation is not a theoretical risk Lee Newcombe (December 2007)
• Defences must return business value by David Gregg (December 2007)
• Meet the business continuity manager's new best friend by Brian Davey (March 2008)
• Database administration security strategy by Lee Newcombe (April 2008)
• Metrics programmes need right design to justify security investment by Lee Newcombe (September 2008)
• Information security economics for the individual by Ionut Ionescu (February 2008)
• Penetration testing - define your objectives by Lee Newcombe (May 2009)
• Catalogue security systems to improve their management by Peter Drabwell (June 2009)
• Understanding why staff break the rules by Andrew Kays (June 2009)
• Push for the use of centralised data by Sean Pollonais (July 2009)
• Enabling confidence in the cloud by Lee Newcombe (August 2009)
• Secure by design? by Andrew Kays (October 2009)
• Why we should be more concerned about password authentication by Jason Hart (January 2010)
• Setting security boundaries for de-mergers by Michael Pike, (May 2010)
• A dedicated security incident response function is essential by David Gregg (June 2010)
• More effort needed to manage third party connections by Chris Samuel (December 2010)
• Extending compliance to the cloud by James Hanlon (March 2011)

 

Eavesdropping, hacking and malware

• The trouble with testing anti-malware by David Harley (January 2008)
• Tackling the network eavesdropping risk by Tom King (March 2008)
• Can you prevent scraping or data harvesting? by Marino Zini (November 2009)
• Faking IT support by David Harley (October 2010)

 

Outsourcing and IT security

• Outsourcing improves security jobs by Peter Berlich (November 2007)
• Outsourced risk must be outlined in commercial agreements by James Nunn-Price (March 2008)
• Ensuring security in offshoring by Michael Pike (March 2010)
• Cloud computing puts the spotlight on security architecture by Lee Newcombe (November 2010)

 

Regulation, legislation and compliance

• The positive side of regulatory compliance by Brian Shorten (January 2008)
• Assessing automation for conquering the compliance hydra by James Hanlon (January 2008)
• PCI: A matter of timing by Rob Newby (May 2008)
• Promoting accountability through ISO/IEC 27001 & 27002 (formerly ISO/IEC 17799) by David Gregg (December 2008)
• How to apply master data management by Sean Pollonais (October 2009)
• IT governance through ISO/IEC 38500 by Chris Power (January 2011)

 

Security strategies

• Actions for the IT team during a PR crisis by Paul Maloney (April 2008)
• Macs and malware: What are the dangers? by David Harley (July 2008)
• Plug your zero-day vulnerability gap by Mike Edlund (July 2008)
• Asking the right questions: how information security needs to gather intelligent information by Julian Castle (September 2008)
• Why 'need to know' is not always best practice by Alex Baxendale (October 2008)
• Be prepared for quantum computing by Andrea Simmons (February 2009)
• Keep IT security separate by Chris Samuel (September 2009)
• Forensics: Don’t hamper the investigation by Matthew Parker (September 2009)
• Checklist for winning IT security funding by Steve Maslin (October 2009)
• An open source approach to web application security by Fabio Cerullo (September 2010)

 

Web 2.0 and social networking

• Managing your organisation's social network footprint by Paul Maloney (April 2008)
• Web 2.0 blows a hole in business by Matt Atkinson (May 2008)

 

(ISC)2 links

• Industry resources
• Career tools

 

Other links

• Computer Weekly Security Think Tank
• Security alerts
• Security software
• Security devices
• NCC's top ten security blunders of 2008
• Security predictions for 2009
• Managing security in outsourcing and off-shoring
• Building an information security strategy
• Building an information security strategy - reprise
• Database administration security strategy
• Sourcefire expands security strategy