Knowledge Corner - Information Protection :: SEC: Strategic Security Advisory Services for CSOs

Security Barometer

Is your security organization hiring?

Top Downloads

What Does the Board and Senior Management Need to Know About Corporate Security?

Workplace Security Playbook: The New Manager’s Guide to Security Risk

Case Study: Risk Management and Security Metrics at Boeing

Site Risk/Threat Assessment Ranking Template

Are You Thinking Strategically?

Take a sneak peek at our new Knowledge Corner resource pages. We’re working on making SEC resources easier for you to find what you need including resources related to security strategic planning, influencing senior management, risk assessment, leadership strategies and security metrics.

Contact us if you want to know the ways we assist security practitioners.

Tools
	Information Protection Program: RACI Matrix Created By: Security Executive Council For each regulation/guideline relevant to your organization, assign the roles and responsibilities.	Resource is for Tier One Leaders only

	Information Protection Program: Risk Assessment and Compliance Checklist Created By: Security Executive Council This tool and audit benchmark is designed to assess information security management practices using a framework of 102 security objectives. It is a compilation of common practices from standards (ISO 17799) and audit documentation from exemplary companies.	Resource is for Tier One Leaders only

	Information Protection Program: Security Awareness & Training Menu and Facility Management Self-Assessment Created By: Security Executive Council A matrix that provides awareness and training options and an example of a self-assessment for managers.	Resource is for Tier One Leaders only

Research & Benchmarks
	Not Following Established Policy Tops List of Most Significant Threats to Information Protection Created By: Security Executive Council An advance release of a summary of research conducted by Kennesaw State University CISE in partnership with the SEC reports that the most significant threat from internal sources was the inability/unwillingness to follow established policy. This was followed by disclosure due to insufficient training.

	Security Barometer Results - Personal Electronic Devices in the Workplace Created By: Security Executive Council This SEC poll found the number of respondents reporting using personal electronic devices in the workplace has increased to 80%.

	Security Barometer Results: Do Cyber and Corporate Security Work Together in Your Organization? Created By: Security Executive Council Results of a Security Barometer poll that investigated the extent of integration and cooperation between these two groups.

	Security Executive Council Trend Report: Benefits and Risks of Web 2.0 in the Enterprise Created By: Security Executive Council Enterprises are adopting Web 2.0 applications in increasing numbers to improve communication and workflow within their businesses and to improve relationships with clients. Businesses employing such applications must be prepared to face the risks that accompany it.	Resource is for Tier One Leaders only

	The State of Security Convergence Created By: Kathleen Kotwica, PhD, EVP and Chief Knowledge Strategist, SEC; Principal Analyst, Security Leadership Research Institute, and Herb Mattord, PhD, CISM, CISSP, Kennesaw State University - Department of Information Systems The convergence of corporate and cyber security is often said to enhance resilience by broadening the view of risk, providing more rapid detection of threats and response to emerging events, and improving intelligence sharing.

	Threats to Information Protection An early release summary of "Threats to Information Protection 2015" provides a glimpse into the results of extensive research performed by Kennesaw State University's Center for Information Security Education (CISE) in partnership with the SEC. The summary material briefly covers the top ranked general, internal, and external threats to information protection. The research also investigated trends in staffing, changes in attack patterns and high risk technologies.

	Trend Research: Bring Your Own Device (BYOD) To Work Created By: Security Executive Council This resource was developed based on a Tier 1 Leader and their IT colleague looking at productivity around the topic of BYOD to work (e.g., if I had my own phone or computer (e.g., Apple brand device) I could increase my productivity.) The research was then expanded to include further information on what peer corporations are doing in this area (e.g., pros, cons, must haves, challenges, risks and liabilities). TIER 1 LEADERS: Log-in to obtain your copy. OTHER VISITORS: Click the title to order this SEC resource.	Resource is for Tier One Leaders only

Presentation Materials
	Information Protection Program: BoD Presentation Created By: Security Executive Council A briefing in PowerPoint of an information protection framework to the Board of Directors.	Resource is for Tier One Leaders only

Books/Guidelines/Manuals
	Information Protection Playbook, 1st Edition Created By: Security Executive Council The primary goal of the Information Protection Playbook is to serve as a comprehensive resource for information protection (IP) professionals who must provide adequate information security at a reasonable cost. Using the guidelines provided in the Information Protection Playbook, security and information technology (IT) managers will learn how to implement the five functions of an IP framework: governance, program planning, risk management, incident response management, and program administration. TIER 1 LEADERS: Log-in to obtain your copy. OTHER VISITORS: Click the title to order this SEC resource.	Resource is for Tier One Leaders only

	IT Security Response to Misconduct Allegations Created By: John Thompson, Security Executive Council Emeritus Faculty This guide was written for the security executive to distribute to the person who has never been in the investigative field but is most likely to directly receive reports of misconduct allegations. It is for the business professional who has never been to an introductory investigations course. The series is also useful to the security executive or law department attorney who tasked with training professionals on what to do when they receive an allegation of wrongdoing. This book guides the non-security business professional through the investigative process up to the appropriate time to involve trained investigators. A Tier 1 Leader item available for purchase. Visit our store.	Resource is for Tier One Leaders only

Articles
	Budget, Staffing, Accountability: How Can a Service Technology Roadmap Help? Created By: Security Executive Council In the first part of this series, we talked about what a security service and technology roadmap is, what its benefits are, and how to start developing one. Now we focus on some specific situations in which a technology roadmap can help an organization.

	The Mission is Not Cybersecurity-It's Enterprise Security Created By: George Campbell, SEC Faculty Security's current business model can deliver on the routine service demands, but our role in meeting these increasingly consequential risks will require a much more inclusive and mature presence.

Forums
	Faculty Advisor: A Holistic Information Protection Program Created By: Greg Kane, Security Executive Council Staff My organization is about to revamp our information protection program. Can you provide any guidance as to how to make sure it’s holistic and will be embraced by all? Read Security Executive Staff member, Greg Kane's, answer to this question.

	Faculty Advisor: Web 2.0 and Business Risks Created By: David A. Meunier, Security Executive Council Content Expert Faculty What is your perception of the risks of Web 2.0 and what businesses should consider before deploying Web 2.0 applications? Read SEC Faculty member David Meunier’s answer to this question.