Filter By:

Recent Blogs & Podcasts

Insights

\ Management & Leadership 



November 14, 2017 | Recruiting, Hiring and Retention
By David Kolb, IANS Faculty

 Handling Chaos: Thriving When Policy and Business Priorities Clash

Information security professionals must be able to thrive in a turbulent environment where corporate policy, goals and priorities don’t always align across departments. In this webinar, IANS Faculty David Kolb discusses how to put multiple conflicting forces in perspective and better manage diverse demands by putting big ideas such as emotional intelligence, political intelligence and organizational intelligence into practice.

Read More »


October 31, 2017 | Security Policies and Strategy

 Comprehensive Security Policy Generator

One of the best ways to construct a set of comprehensive information security policies is to start with the control categories laid out in ISO 27001 Annex A (also known as ISO 27002), and then describe what infosec policies apply to each of the controls. This document does just that, giving organizations the power to measure their current policies against this framework or develop new ones that align with the full scope of the ISO 27002 controls. 

Read More »


October 17, 2017 | Recruiting, Hiring and Retention

 Information Security Job Description Templates

With the information security workforce shortage projected to reach 2-3 million over the next few years, organizations are putting a greater emphasis on their recruiting process to better fill out their security teams. Use these sample infosec job descriptions to set the foundation for role expectations and attract the most highly qualified professionals to your organization. 

Read More »


October 16, 2017 | Security Policies and Strategy

 CISO Impact Security Process Maturity Matrix

For security organizations, understanding where you stand from a maturity perspective can offer valuable insight into which processes and procedures need to be improved. These charts depict specific processes and procedures within information security mapped to the various stages of maturity within IANS' CISO Impact framework. 

Read More »


October 16, 2017 | Enterprise and IT Compliance Management

 Critical Security Controls (CSC) Assessment Tool

One way to assess organizational maturity around information security is to use the CIS Critical Security Controls (CSC). Use this tool to perform an initial assessment of your maturity level and track your progress on what percentage of CSC your organization is currently following. 

Read More »


October 16, 2017 | Enterprise and IT Compliance Management

 Critical Security Controls (CSC) 20 Master Mapping Tool

Understanding and managing different security frameworks can be a daunting task. This tool offers a detailed matrix for mapping the CSC 20 to a number of different frameworks, including the NIST CSF, ISO 27002, NSA MNT and many more. 

Read More »


September 27, 2017 | Security Policies and Strategy
By David Kolb, IANS Faculty

 Getting the Board on Board

Information security is no longer a cursory topic embedded in a quarterly discussion of organizational risk; it’s now an uncomfortably frequent topic on many board agendas. In this report, IANS Faculty David Kolb offers tips to ensure that when summoned to the board, you are prepared and succinct, and use the opportunity to build trust, deepen organizational understanding and get the support you need to provide excellent information security. 

Read More »