InformationSecurity concerns itself with the technical aspects of SecurityManagement. The migration of material (and links) from SecurityManagement is not yet complete. -- dl ''This is not the normal definition. InformationSecurity is about the security of information (and as such is really what's discussed on the SecurityManagement page. (inserts reminder to self to do a little gnoming later)'' ---- '''Resources''' '''People to watch in InformationSecurity industry''' * BruceSchneier * Jothy Rosenberg a WebServicesSecurity guru, founder of GeoTrust? and author of "Securing Web Services with WS-Security" (ISBN 0672326515). Some of his articles include: * "Visibility and health of WebServices the missing element" at **http://www.line56.com/print/default.asp?ArticleID=4987 * John Pescatore a GartnerInc VP with expertise in matters related to SecurityManagement. Some of his views include: * "Enterprises need to include security costs in Platform decisions" **http://www.internetnews.com/ent-news/article.php/3351501 ''Industry trends and developments'' * ''Comparative study of IT security criteria 2001 '' ** http://www.initiatived21.de/druck/news/publikationen2002/doc/22_1053502416.pdf * ''Paid Hackers'' ** http://www.nwanews.com/story.php?paper=adg§ion=Business&storyid=101108 * ''Phishing (see section in SocialEngineering) becoming big time at end 2004'' ** http://www.reuters.com/newsArticle.jhtml?type=technologyNews&storyID=7372770 ''GoogleH''''''acking becoming important battleground in early 05'' *http://www.computerworld.com/printthis/2005/0,4814,100051,00.html ''Standards related to Information security'' * ''Comparative study of IT security criteria 2001 '' ** http://www.initiatived21.de/druck/news/publikationen2002/doc/22_1053502416.pdf * ''NIST Computer Security Resource Center''. ** http://csrc.nist.gov/ ''Evolving interface between Information security and IT Audit'' -- Source: DonTurnblade * ''Undesputed Roles'' ** ''Information Security'' *** ''Identity Management'' *** ''Incident Response'' *** ''Technology hardening standards'' ** ''IT Audit'' *** ''Escallation can skip directly to top brass.'' *** ''IT Governance standards'' * ''Examples of VP level relationship between IT Audit and Information Security'' ** ''Information Security is a unit inside IT Audit'' *** ''Earnst & Young'' ** ''Informaiton Security is a peer unit beside IT Audit'' *** ''Many leading mortgage lender companies'' ** ''Information Security is the parent unit of IT Audit'' *** ''Verisign'' ---- See also InfoSec, WebApplicationSecurity, NetworkSecurity ---- CategorySecurity CategoryEnterpriseComputingConcerns