Submit Search
Upload
Writing Security Policies That People Can Actually Read
•
1 like
•
358 views
AI-enhanced title
S
SecureITExperts
Follow
Writing information security policies that people will actually read.
Read less
Read more
Technology
Report
Share
Report
Share
1 of 28
Download now
Download to read offline
Recommended
How to Write Technical Social Media Copy
How to Write Technical Social Media Copy
Amber Kaplan
Webinar: How to Write Technical Social Copy
Webinar: How to Write Technical Social Copy
LEWIS Global Communications
Crisis to calm - An eLearning experience - Vesa Pekkarinen
Crisis to calm - An eLearning experience - Vesa Pekkarinen
Connecting Up
Contiuously Deploying Culture 2.0 - Agile Ísland
Contiuously Deploying Culture 2.0 - Agile Ísland
Rich Smith
BA Masterclass - Top IT trends that can impact your role - SLIDES
BA Masterclass - Top IT trends that can impact your role - SLIDES
Pete Clouston
Latest Security Reports of Automobile and Vulnerability Assessment by CVSS v3...
Latest Security Reports of Automobile and Vulnerability Assessment by CVSS v3...
FFRI, Inc.
Florida Security Training - Report Writing & Observation Class
Florida Security Training - Report Writing & Observation Class
Invictus Security & Firearms Training
Security Training Incident Investigation And Report Writing.Ppt
Security Training Incident Investigation And Report Writing.Ppt
Faheem Ul Hasan
Recommended
How to Write Technical Social Media Copy
How to Write Technical Social Media Copy
Amber Kaplan
Webinar: How to Write Technical Social Copy
Webinar: How to Write Technical Social Copy
LEWIS Global Communications
Crisis to calm - An eLearning experience - Vesa Pekkarinen
Crisis to calm - An eLearning experience - Vesa Pekkarinen
Connecting Up
Contiuously Deploying Culture 2.0 - Agile Ísland
Contiuously Deploying Culture 2.0 - Agile Ísland
Rich Smith
BA Masterclass - Top IT trends that can impact your role - SLIDES
BA Masterclass - Top IT trends that can impact your role - SLIDES
Pete Clouston
Latest Security Reports of Automobile and Vulnerability Assessment by CVSS v3...
Latest Security Reports of Automobile and Vulnerability Assessment by CVSS v3...
FFRI, Inc.
Florida Security Training - Report Writing & Observation Class
Florida Security Training - Report Writing & Observation Class
Invictus Security & Firearms Training
Security Training Incident Investigation And Report Writing.Ppt
Security Training Incident Investigation And Report Writing.Ppt
Faheem Ul Hasan
The Politics of Designing a Large University Website
The Politics of Designing a Large University Website
tamuwww
Implementing Licensing— A Journey
Implementing Licensing— A Journey
Flexera
Demystifying digital accessibility webinar
Demystifying digital accessibility webinar
Association for Project Management
Human computer interaction -Design and software process
Human computer interaction -Design and software process
N.Jagadish Kumar
In-House Content Strategy - MinneWebCon April 2013
In-House Content Strategy - MinneWebCon April 2013
m3ggiesue
IT Project Management by Todd Shyres.
IT Project Management by Todd Shyres.
Todd Shyres, MBA, PMP
TCUK 2012, Bryan Lade, How to sell yourself as a Technical Author
TCUK 2012, Bryan Lade, How to sell yourself as a Technical Author
TCUK Conference
Data Mining & Engineering
Data Mining & Engineering
Visible Technologies
CMU Business & Technology Club - A Rewarding Career in Technology Consulting
CMU Business & Technology Club - A Rewarding Career in Technology Consulting
Larry Gioia
Co-Presented: YOU are the Alpha and Omega of a Secure Future (Kottova / Dray)...
Co-Presented: YOU are the Alpha and Omega of a Secure Future (Kottova / Dray)...
Kimberley Dray
SharePoint Governance. Stop features thinking,
SharePoint Governance. Stop features thinking,
Patrick Sledz
Human Factor in Project Management
Human Factor in Project Management
Organizational Development & Change Management
CSA Fall Summit 2017
CSA Fall Summit 2017
Chad Hoffmann
internet usage and limitations, presentation styles
internet usage and limitations, presentation styles
AnjaliBiyani4
Workplace Wellness: Financial Wellness - What Your Managers Need To Know
Workplace Wellness: Financial Wellness - What Your Managers Need To Know
Aggregage
Workplace Wellness: Financial Wellness - What Your Managers Need To Know
Workplace Wellness: Financial Wellness - What Your Managers Need To Know
Naba Ahmed
Opening up Open Source
Opening up Open Source
Derek Buitenhuis
SenseMaker TSC slides.pdf
SenseMaker TSC slides.pdf
TechSoupConnectLondo
Implementing Modernization by Trevor Perry
Implementing Modernization by Trevor Perry
Fresche Solutions
"A3 Language as the glue for Lean Transformation" (LESS 2011, Stockholm)
"A3 Language as the glue for Lean Transformation" (LESS 2011, Stockholm)
Marcin Kokott
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
LoriGlavin3
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
Pixlogix Infotech
More Related Content
Similar to Writing Security Policies That People Can Actually Read
The Politics of Designing a Large University Website
The Politics of Designing a Large University Website
tamuwww
Implementing Licensing— A Journey
Implementing Licensing— A Journey
Flexera
Demystifying digital accessibility webinar
Demystifying digital accessibility webinar
Association for Project Management
Human computer interaction -Design and software process
Human computer interaction -Design and software process
N.Jagadish Kumar
In-House Content Strategy - MinneWebCon April 2013
In-House Content Strategy - MinneWebCon April 2013
m3ggiesue
IT Project Management by Todd Shyres.
IT Project Management by Todd Shyres.
Todd Shyres, MBA, PMP
TCUK 2012, Bryan Lade, How to sell yourself as a Technical Author
TCUK 2012, Bryan Lade, How to sell yourself as a Technical Author
TCUK Conference
Data Mining & Engineering
Data Mining & Engineering
Visible Technologies
CMU Business & Technology Club - A Rewarding Career in Technology Consulting
CMU Business & Technology Club - A Rewarding Career in Technology Consulting
Larry Gioia
Co-Presented: YOU are the Alpha and Omega of a Secure Future (Kottova / Dray)...
Co-Presented: YOU are the Alpha and Omega of a Secure Future (Kottova / Dray)...
Kimberley Dray
SharePoint Governance. Stop features thinking,
SharePoint Governance. Stop features thinking,
Patrick Sledz
Human Factor in Project Management
Human Factor in Project Management
Organizational Development & Change Management
CSA Fall Summit 2017
CSA Fall Summit 2017
Chad Hoffmann
internet usage and limitations, presentation styles
internet usage and limitations, presentation styles
AnjaliBiyani4
Workplace Wellness: Financial Wellness - What Your Managers Need To Know
Workplace Wellness: Financial Wellness - What Your Managers Need To Know
Aggregage
Workplace Wellness: Financial Wellness - What Your Managers Need To Know
Workplace Wellness: Financial Wellness - What Your Managers Need To Know
Naba Ahmed
Opening up Open Source
Opening up Open Source
Derek Buitenhuis
SenseMaker TSC slides.pdf
SenseMaker TSC slides.pdf
TechSoupConnectLondo
Implementing Modernization by Trevor Perry
Implementing Modernization by Trevor Perry
Fresche Solutions
"A3 Language as the glue for Lean Transformation" (LESS 2011, Stockholm)
"A3 Language as the glue for Lean Transformation" (LESS 2011, Stockholm)
Marcin Kokott
Similar to Writing Security Policies That People Can Actually Read
(20)
The Politics of Designing a Large University Website
The Politics of Designing a Large University Website
Implementing Licensing— A Journey
Implementing Licensing— A Journey
Demystifying digital accessibility webinar
Demystifying digital accessibility webinar
Human computer interaction -Design and software process
Human computer interaction -Design and software process
In-House Content Strategy - MinneWebCon April 2013
In-House Content Strategy - MinneWebCon April 2013
IT Project Management by Todd Shyres.
IT Project Management by Todd Shyres.
TCUK 2012, Bryan Lade, How to sell yourself as a Technical Author
TCUK 2012, Bryan Lade, How to sell yourself as a Technical Author
Data Mining & Engineering
Data Mining & Engineering
CMU Business & Technology Club - A Rewarding Career in Technology Consulting
CMU Business & Technology Club - A Rewarding Career in Technology Consulting
Co-Presented: YOU are the Alpha and Omega of a Secure Future (Kottova / Dray)...
Co-Presented: YOU are the Alpha and Omega of a Secure Future (Kottova / Dray)...
SharePoint Governance. Stop features thinking,
SharePoint Governance. Stop features thinking,
Human Factor in Project Management
Human Factor in Project Management
CSA Fall Summit 2017
CSA Fall Summit 2017
internet usage and limitations, presentation styles
internet usage and limitations, presentation styles
Workplace Wellness: Financial Wellness - What Your Managers Need To Know
Workplace Wellness: Financial Wellness - What Your Managers Need To Know
Workplace Wellness: Financial Wellness - What Your Managers Need To Know
Workplace Wellness: Financial Wellness - What Your Managers Need To Know
Opening up Open Source
Opening up Open Source
SenseMaker TSC slides.pdf
SenseMaker TSC slides.pdf
Implementing Modernization by Trevor Perry
Implementing Modernization by Trevor Perry
"A3 Language as the glue for Lean Transformation" (LESS 2011, Stockholm)
"A3 Language as the glue for Lean Transformation" (LESS 2011, Stockholm)
Recently uploaded
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
LoriGlavin3
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
Pixlogix Infotech
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
panagenda
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
LoriGlavin3
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
Farhan Tariq
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
TopCSSGallery
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
marketing932765
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
LoriGlavin3
A Framework for Development in the AI Age
A Framework for Development in the AI Age
Cprime
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
Knoldus Inc.
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Alkin Tezuysal
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
itnewsafrica
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
Lonnie McRorey
How to write a Business Continuity Plan
How to write a Business Continuity Plan
Databarracks
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
Manik S Magar
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Pim van der Noll
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
Hiroshi SHIBATA
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
Wes McKinney
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
LoriGlavin3
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
fnnc6jmgwh
Recently uploaded
(20)
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
A Framework for Development in the AI Age
A Framework for Development in the AI Age
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
How to write a Business Continuity Plan
How to write a Business Continuity Plan
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Writing Security Policies That People Can Actually Read
1.
Writing Security Policies That
People Can Actually Read!!! With Your Host: Brad Bemis (CISSP, CISA, and Known Troublemaker) © 2011 Network Computing Architects, all rights reserved
2.
Shameless Self-Promotion • Brad
Bemis, CISSP, CISA, ABCDEGFHIJKLMNOP… – Senior Security Consultant with NCA in Bellevue WA – 20+ years in the information security industry – AAS in Personnel Management (i.e. HR) – BS in Information Technology – MS in Education (Underway) – + Business & Psychology – Highly opinionated – But mostly right ;-) © 2011 Network Computing Architects, all rights reserved
3.
The Standard Disclaimers •
I am not a lawyer, nor do I play one on TV • Policy development is a subjective topic • There are several different approaches • Lots of policy presentations out there • This one will be a little different • Non-traditional approach • Everything is changing • Gotta keep up!!! © 2011 Network Computing Architects, all rights reserved
4.
Here‟s The Challenge
Turning This: Into This: © 2011 Network Computing Architects, all rights reserved
5.
Where we‟re at
Today • How many of your employees: – Know where your policies are? – Have spent time reading them? – Know what they say? – Understand what they mean? – Make an effort to comply with them? – Help make sure that others comply with them? • The numbers usually start low with the first question • They tend to get lower as you move down the list! © 2011 Network Computing Architects, all rights reserved
6.
Conventional Wisdom • For
a security policy to be successful: – Must have management support – Must have an assigned owner – Must establish clear roles and responsibilities – Must be relevant to the organization – Must be focused, realistic, and enforceable – Must adequately address security needs – Must align with risk management principles – …and so on. Sure, but what else? © 2011 Network Computing Architects, all rights reserved
7.
Traditional Approach
Policies Standards/Guidelines Processes/Procedures © 2011 Network Computing Architects, all rights reserved
8.
Why It‟s Not
Working • First of all – users don‟t care what we call things! – They just want to get stuff done – their stuff!! • We tend to write for the wrong audience – Auditors, legal types, technical people • There‟s usually way too much material – 30 different documents, 300 pages of „stuff‟ • They‟re not really put together very well – Intro, applicability, scope, purpose, etc. – More words used to describe than to state them! © 2011 Network Computing Architects, all rights reserved
9.
A Couple of
Other Key Issues • We often use the wrong kind of language – Formal vs. informal – directive vs. conversational – Punitive vs. positive – stick vs. carrot • We don‟t make them very easy to find – Most policies are buried on some obscure site – They‟re usually just collections of „stuff‟ • We try to bridge an enormous gap ineffectively – Thinking that „awareness‟ is the answer – Great campaign points to bad policy © 2011 Network Computing Architects, all rights reserved
10.
Let‟s Talk Basics •
What a security policy is: – A statement of intent or commitment – A principle or rule to guide decision making – A description of organizational expectations • What a security policy is not: – A legally binding contract – A document written for auditors – A vehicle for placing blame elsewhere © 2011 Network Computing Architects, all rights reserved
11.
A Compliance View •
What PCI says about policies: – Have one! Make sure it covers PCI topics! Maintain it! – You can read requirement 12 if you want the details • What HIPAA says about policies: – Implement policies to avoid/manage security violations! – Check out section 164.308 for additional information • What SOX says about policies: – Or rather, what‟s your auditors interpretation of SOX? – Policies are pretty much a given no matter who you talk to © 2011 Network Computing Architects, all rights reserved
12.
Here Comes the
„But‟ • Not a single one of these requirements says: – Policies need to be a long, drawn-out affair – Policies need to be written like legal documents – Policies should be filled with contractual language – Policies have to address every possible eventuality – Policies exist for the sole purpose of making auditors happy • Why then do we see so many policies written this way? • What can we do differently as an industry to change this? • How do we write security policies people can actually read? © 2011 Network Computing Architects, all rights reserved
13.
There IS a
Way… • Understand the purpose and context • Define and analyze your audience • Frame up your overall message • Use conversational language • Leverage visuals if you can • Educate and entertain • Simplify everything • Make it a tool!!! © 2011 Network Computing Architects, all rights reserved
14.
Purpose and Context •
What is it that you are trying to accomplish? • Is a policy the right tool for the job? • How will a policy help the situation? • How will you share/communicate it? • Who will own, maintain, and enforce it? • What about exceptions and violations? • What‟s the organizational culture like? • What can you get away with? © 2011 Network Computing Architects, all rights reserved
15.
Audience Analysis •
Who is your intended audience? • Any similarities between audience members? • Any differences between audience members? • What do the audience members do? • What‟s important to this audience? • How busy is this audience? • What is expected of them? • What else? © 2011 Network Computing Architects, all rights reserved
16.
Message Framing •
Think about the purpose and context… • Think about the audience members… • What‟s the behavior you want to influence? • How would you describe the desired behavior? • How will you measure a shift in that behavior? • What‟s the basic message you need to convey? • What‟s the long form of that message – details? • How can you boil it down to 3 to 5 sentences? © 2011 Network Computing Architects, all rights reserved
17.
Using The Right
Language • Still keeping all of the former steps in mind… • How would you convey your message to: – Your child, your grandparents, your clueless uncle Bob • How would you TALK to someone about it? • Rewrite your message to be conversational • Write for the „lowest common denominator‟ • Keep it short, sweet, and to the point! • Engage the audience with your message! © 2011 Network Computing Architects, all rights reserved
18.
Leverage Visuals •
Visuals are not typical in most policy documents • These are usually reserved for „awareness‟ efforts • “A picture paints a thousand words” though • Do you want to write a thousand words? • Do you expect people to read a thousand words? • Good visuals can really help – even in policies! • Make sure they are relevant and appropriate • Don‟t go overboard… © 2011 Network Computing Architects, all rights reserved
19.
Educate and Entertain •
Try inserting some levity and irreverence… • Your audience is more likely to read your policies • People learn better when they are entertained • Levity inspires confidence, trust, and creativity • Companies that use levity outperform others • It really all depends on your corporate culture • You don‟t need to be a comedian – just fun • Like visuals, keep it relevant and appropriate © 2011 Network Computing Architects, all rights reserved
20.
Simplify Everything •
Only write policies that need to be written • Get rid of all the „fluff‟ – it‟s unnecessary! • Create a [fun] security handbook to use • Put a memorable title on your handbook • Organize it by what people need to DO! • Remember, employees are busy people • Security is NOT their top priority – accept it! • Blur the lines between policies and awareness © 2011 Network Computing Architects, all rights reserved
21.
Give Them a
Tool • The policy document isn‟t your end-point • Your handbook is just one way to move forward • Add quick references, cheat sheets, check lists • Anything that can make security easier for folks • The BEST tool is a well done website – easily found • Simple screen „What Are You Trying to Do?‟ • Take a „nested‟ approach to „navigation‟ • Get feedback and make improvements!!! © 2011 Network Computing Architects, all rights reserved
22.
An Example for
Dummies • Look at the success of the „for Dummies‟ series • Their books embody everything here (and more) – “From the start, For Dummies was a simple, yet powerful concept: Relate to the anxiety and frustration that people feel about technology by poking fun at it with books that are insightful and educational and make difficult material interesting and easy. Add a strong dose of personality, a dash of comic relief with entertaining cartoons, and — voilá — you have a For Dummies book.” • An invaluable approach to security policies © 2011 Network Computing Architects, all rights reserved
23.
The Parts of
Tens • The last section of any „for Dummies‟ book • Essentially a „top 10 list‟ on a particular topic • Each item has an entertaining title • Includes a brief, amusing summary • Often closes out with a „tip‟ • Probably the single best model to follow • Imagine if security policies were written this way • Hmmm… People might actually read them!!! © 2011 Network Computing Architects, all rights reserved
24.
“I Object” • What
are some common objections? – Security is serious business – You can‟t write funny policies – You can‟t hold people accountable using these – You can‟t meet compliance requirements using these – Auditors/legal departments/executives may not like them • Getting past these objections – First, who are you really writing these policies for? – You want people to read and understand them, right? © 2011 Network Computing Architects, all rights reserved
25.
The End Justifies
the Means • In the end, policies are about setting expectations • They‟re put in place to help (not hinder) people • We can do more – we can do better!!! • Remember: – A GOOD policy is one that people READ! – A GOOD policy is one that people UNDERSTAND! – A GOOD policy is one that people FOLLOW! © 2011 Network Computing Architects, all rights reserved
26.
Questions??? © 2011 Network
Computing Architects, all rights reserved
27.
About the Author:
Brad Bemis is the Principle Security Consultant for Network Computing Architects (NCA) in Bellevue WA, and has over 20 years of practical experience in IT and information security. He is also a Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Associate Business Continuity Planner (ABCP), and Lean Six Sigma Greenbelt; with several additional technology-centric certifications from Cisco, Microsoft, and CompTIA. Brad holds associate degrees in both Personnel Management and in Information Systems Technology, a Bachelors of Science in Information Technology, and is currently pursuing a Masters of Science in Education. He has also engaged in graduate level course-work towards a Masters of Business Administration and a Masters of Science in Clinical Psychology. Brad has worked with multiple Fortune 500 companies, military organizations, and government agencies around the world; in roles ranging from Systems Security Administrator to Chief Information Security Officer (and everything in-between). Although highly skilled across multiple security disciplines, his main passion is information security awareness and training – evangelizing the message and engaging others. He is also very active in the security community, including: contributions to the Cloud Security Alliance (CSA), board positions with the Greater Seattle Area Chapter of the Cloud Security Alliance and the Pacific Northwest Chapter of the Information Systems Security Association (ISSA), participation in several other professional associations, sharing insights and experience across a number of on-line security forums, and much much more. Additional information can be found on Brad's professional blog at www.secureitexpert.com. © 2011 Network Computing Architects, all rights reserved
28.
About NCA’s Information
Security Practice: NCA’s Information Security Practice is an ISO 27001 Certified Professional Security Services Consultancy with offices in Bellevue WA, Portland OR, and Las Gatos CA. We offer a wide range of professional security services that can be scaled and customized to meet the business needs of any organization. Our major core competencies include: • Program Management: Building and managing a holistic information security program. • Governance: Incorporating security into enterprise or IT governance frameworks. • Risk Management: Measuring and managing information security and other related risks. • Compliance: Ensuring that all internal and external requirements are being met. • Identity & Access Management: Managing identities and permissions for systems and users. • Perimeter Defense & Firewall Management: Defending the borders between networks. • Traditional & Mobile End-Point Protection: Securing fixed and mobile end-point devices. • Virtualization & Cloud Computing: Migrating customers to the cloud safely and securely. • Event Management & Incident Response: Detecting and responding to security incidents. • Awareness & Training: Engaging people in the process of security on a daily basis. Through a number of strategic partnerships we can also deliver additional services in the areas of: • Managed Services: Managing the day-to-day operational security of information systems. • Application Security & Penetration Testing: Validating controls for business applications. • Business Continuity & Disaster Recovery: Sustaining the business during emergencies. Learn more today at http://ncanet.com Or call 877-KNOW NCA (877-566-9622) © 2011 Network Computing Architects, all rights reserved
Download now