The Control Policy Group

Data security best practices from the trenches.

Register here for one of the upcoming workshops on on data security.

Download material from previous episodes of “security, risk and common sense”

October 29, 2009 – Building trust between security management & employees

The workplace is an arena of “forced relationships”. Usually, we do not choose our team members or bosses. It is vitally important to establish a behavior that leads to trust. In this workshop, we will learn, through specific examples, the barriers to trust building and how trust is earned and maintained.

Download the presentation – Presenter:  Isaac Botbol – IB Communications Skills

October 22, 2009 – A platform for risk and compliance intelligence

Learn how to breakdown risk silos. Save money and make wiser decisions.

It’s impossible to make good risk decisions that benefit  business strategy when the organization approaches risk and compliance in scattered silos that do not collaborate with each other.

Download the presentation – A powerful platform for risk and compliance intelligence – Presenter: Michel Godet

October 15, 2009 – Business Process and Security management

• business process and security management – is a good presentation by OS Balaji who  talks about tying security into the business at all levels – from employee awareness, to customer service, to partners, secure software development – all the way up to strategy and the security policy the board enunciates to the stakeholders.
• Read OS Balaji’s blog – Resonance – Striking chord with concepts of Business Process ,Quality and Commonsense Management
• Connect with him on Linkedin
• Free threat modeling software PTA Professional

September 3, 2009 – Data security metrics and a value based approach

• The presentation: Data security metrics and a value based approach to information protection
• Free software download for quantitative risk analysis PTA Professional
  (Participants in the workshop will receive a free product key for PTA Pro after download)
• A customer solution case study – Data security threat assessment
• A white paper on running information security like you run your own business

September 10, 2009 – Selecting Data security technology

• The presentation: Selecting data security technology – a threat model based approach
• A customer solution case study – How telecom operator 013 Barak choose a DLP solution
• A white paper on preventing intellectual property abuse
• Free software download for threat analysis : PTA Professional
  (Participants in the workshop will receive a free product key for PTA Pro after download)

September 17, 2009 – Selling Data security technology

• The presentation: Selling data security technology – a threat model based approach
• An essay on selling security with fear – “Sturm und Drang came to be associated with literature or music aiming to frighten the audience or imbue them with extremes of emotion”.

• An essay from April 2008 on Why IT projects fail after I read a Gartner study that predicted that by the end of 2008, 90% of all organizations will fail in their first attempt at data governance.

September 24, 2009 – Writing an effective acceptable usage procedure in 2 pages or less

• The presentation: writing an effective security procedure – talks about how too much choice for employees and security staff today is not a good thing.
• A sample AUP – sample acceptable usage policy that can be used as a read and understand agreement between the employer and employee or contractor

October 1, 2009 – Homeland security

• The presentation: home(land security) – “Strengthening the weakest link”- talks about how companies should not ignore what employees take home nor what they bring to work. The presentation talks a close look at threats of cyberstalking overflowing into the workplace and discusses 8 key vulnerabilities of blogging.
• An essay I wrote in October 2007 about whether or not you should allow employees to blog from the office and blog posting Blogging from work- a threat or a vulnerability? in May that year.

October 8, 2009 – Data security for SMB – Fly first class on a budget

• The presentation: data security for SMB – is a talk about data security priorities for a SMB (small to medium sized business of 150 – 500 employees), cultural differences between Americans and Europeans and how to set an approved usage policy and enforce it with good general management and DLP “Light” technology.
• An essay that I wrote on my blog in July 2009 – Data loss for SME – “Is an SMB like the old German expression – Kleine Kinder kleine Sorgen, große Kinder große Sorgen? “Small children, small problems, big children, big problems”?
  The problem with firewall/anti-virus/anti-spam is that they are defensive means against known signatures rather than proactive means of mitigating the next attack launched from inside the network.
  
• Preparing for a disaster
  Be prepared with a good disaster recovery plan. The DRP is designed to assist companies in responding quickly and effectively to a natural disaster or terror event and restore business as quickly as possible.
  Read more Preparing a disaster recovery plan.

Register here for Security, compliance and common sense.