Those of you who know me will know how keen I am on helping the continued professionalisation of information security, and in providing training, guidance and steer back to the community. I get a lot of queries from individuals in IT or Information Security roles asking for more ways to get information, improve their skillset or even just to learn from others.
Many of you may be familiar with the Stack Exchange family of websites - a question and answer site using reputation weightings to help individuals find answers that they can trust.
We have been working with a new one - Security Stack Exchange - near the end of its public beta - that aims to provide security professionals with a forum thttp://www.blogger.com/img/blank.gifo ask or answer questions around security, risk, governance etc.http://www.blogger.com/img/blank.gif
Some examples to show the range of questions already on the site:
Securing the security guy's home office: what should we do?
http://www.blogger.com/img/blank.gif
Although Incident Response is often handled well in larger organisations, it is very relevant for smaller companies
Establishing routines on what to do if a PC gets stolen?
Security around database password hashing:
If I hash passwords before storing them in my database, is that sufficient to prevent them being retrieved by anyone?
If you deal with information or IT security, governance or risk your input could be very valuable, or if you have questions in these areas someone on the forum could help you out. Either way, have a look and see what you think.
Showing posts with label education. Show all posts
Showing posts with label education. Show all posts
Tuesday, January 18, 2011
Wednesday, November 17, 2010
Security in Scotland
A topic very dear to me is the development of the Information Security profession, but specifically in Scotland, and I thought it would be worthwhile posting some information on initiatives in Scotland that help with this aim, as well as discuss areas where stronger involvement from the wider industry would be welcomed. We have selected a few of the key organisations and events, but if you feel we another is key, please let us know and we'll update this post.
The Institute of Information Security Professionals, of which Rory Alsop is the Scottish chair, is providing support and guidance to universities and companies across the UK through the Graduate Development Scheme, Academic Partnerships, the Accredited Training Scheme and the IISP Skills Framework. The IISP's mission is to be the authoritative body for information security professionals, with the principal objective to advance the professionalism of the industry as a whole. Whilst the existing IISP membership in Scotland is strong I would encourage individuals and companies to visit the website or speak to representatives to understand what they can get out of membership (at all levels from student through to full membership) and more importantly for the industry what they can offer in return from their own experience or skills. The IISP always welcomes speakers who have a story to tell in the information security space, so please get in touch if you would like to present at one of our quarterly events.
Similarly, ISACA aims to define the roles of information systems governance, security, audit and assurance professionals. Through close links with local industry, ISACA Scotland provides guidance, benchmarks and effective tools for organisations in Scotland. The majority of members in Scotland have the CISA certification so here there is a very strong focus on audit and control, but we are seeing increasing numbers in security management, governance of enterprise IT and risk and information systems control. Like the IISP, ISACA Scotland would welcome guest presenters or new members - the global knowledge base and information flow are extensive and the opportunities for networking are invaluable.
The Scottish Universities, under the guidance of Professor Buchanan have created the framework for a Centre of Excellence in Security and Cybercrime in Scotland - with strong links already forming between academia, law enforcement, industry and professional bodies such as the IISP. One goal is to provide academia with a greater awareness of real world security issues and activities through a number of avenues including volunteer work, summer placements, guest lecturers etc. From the perspective of your organisation, if you find that when hiring software developers, for example, you need to give them additional training in secure development or spend resource remediating vulnerable code, the argument for providing a small amount of resource to help develop coursework in these subjects, or to provide the odd guest lecture is a very strong one. As an industry we can make great improvements by simply providing the new entrants with the benefits of at least some of our years learning the hard way.
The e-Crime Scotland website was officially launched at the Scottish Financial Crime Group Conference on the 28th of October. Currently this has been set up with support from, and using the framework developed by the Welsh Assembly, demonstrating an excellent level of sharing of expertise and resource. This website provides a portal of information on e-crime, a reporting mechanism and is planned to develop as Scotland takes greater ownership of content.
The Scottish Financial Crime Group, under the ownership of the Scottish Business Crime Centre, has been working with law enforcement and clearing banks for the last 35 years, but more recently through the annual conferences and an active presence in many forums has been in a good position to draw on expertise from a wide range of specialist individuals and organisations to develop opportunities to disrupt the criminal element in our society. Membership of the SFCG or at the very least, attendance at the annual conference is invaluable both from a learning perspective and an opportunity to influence discussion relating to financial crime.
The National Information Security Conference is held in St. Andrews each summer and provides speakers renowned within their field, education and an excellent networking opportunity to meet like minded individuals from industry and security experts. This three day residential event attracts many security professionals who are trying to drive the industry forwards and should not be missed!
On the more technical front, the Scottish OWASP chapter, headed up by Rory McCune is a growing group of individuals from across various industries focused on improving web application security. Join the mailing list to find out about meetings, initiatives etc. The scope of interest includes everything from SCADA to online banking and from smart meters to social networking.
The Institute of Information Security Professionals, of which Rory Alsop is the Scottish chair, is providing support and guidance to universities and companies across the UK through the Graduate Development Scheme, Academic Partnerships, the Accredited Training Scheme and the IISP Skills Framework. The IISP's mission is to be the authoritative body for information security professionals, with the principal objective to advance the professionalism of the industry as a whole. Whilst the existing IISP membership in Scotland is strong I would encourage individuals and companies to visit the website or speak to representatives to understand what they can get out of membership (at all levels from student through to full membership) and more importantly for the industry what they can offer in return from their own experience or skills. The IISP always welcomes speakers who have a story to tell in the information security space, so please get in touch if you would like to present at one of our quarterly events.
Similarly, ISACA aims to define the roles of information systems governance, security, audit and assurance professionals. Through close links with local industry, ISACA Scotland provides guidance, benchmarks and effective tools for organisations in Scotland. The majority of members in Scotland have the CISA certification so here there is a very strong focus on audit and control, but we are seeing increasing numbers in security management, governance of enterprise IT and risk and information systems control. Like the IISP, ISACA Scotland would welcome guest presenters or new members - the global knowledge base and information flow are extensive and the opportunities for networking are invaluable.
The Scottish Universities, under the guidance of Professor Buchanan have created the framework for a Centre of Excellence in Security and Cybercrime in Scotland - with strong links already forming between academia, law enforcement, industry and professional bodies such as the IISP. One goal is to provide academia with a greater awareness of real world security issues and activities through a number of avenues including volunteer work, summer placements, guest lecturers etc. From the perspective of your organisation, if you find that when hiring software developers, for example, you need to give them additional training in secure development or spend resource remediating vulnerable code, the argument for providing a small amount of resource to help develop coursework in these subjects, or to provide the odd guest lecture is a very strong one. As an industry we can make great improvements by simply providing the new entrants with the benefits of at least some of our years learning the hard way.
The e-Crime Scotland website was officially launched at the Scottish Financial Crime Group Conference on the 28th of October. Currently this has been set up with support from, and using the framework developed by the Welsh Assembly, demonstrating an excellent level of sharing of expertise and resource. This website provides a portal of information on e-crime, a reporting mechanism and is planned to develop as Scotland takes greater ownership of content.
The Scottish Financial Crime Group, under the ownership of the Scottish Business Crime Centre, has been working with law enforcement and clearing banks for the last 35 years, but more recently through the annual conferences and an active presence in many forums has been in a good position to draw on expertise from a wide range of specialist individuals and organisations to develop opportunities to disrupt the criminal element in our society. Membership of the SFCG or at the very least, attendance at the annual conference is invaluable both from a learning perspective and an opportunity to influence discussion relating to financial crime.
The National Information Security Conference is held in St. Andrews each summer and provides speakers renowned within their field, education and an excellent networking opportunity to meet like minded individuals from industry and security experts. This three day residential event attracts many security professionals who are trying to drive the industry forwards and should not be missed!
On the more technical front, the Scottish OWASP chapter, headed up by Rory McCune is a growing group of individuals from across various industries focused on improving web application security. Join the mailing list to find out about meetings, initiatives etc. The scope of interest includes everything from SCADA to online banking and from smart meters to social networking.
Subscribe to:
Posts (Atom)