Enterprise risk management

How do companies face and manage risks currently? Do their diverse risk management functions still work in silos? Where does information security fit in this risk management puzzle? Among others, these questions are the triggers for an academic information security study that is presented in this site.

The study investigates how the link of information security with operational risk management brings benefits to any organisation. It has the following sections:

Executive summary
The risk house model
Outcome of the survey: Demographics
Outcome of the survey: Interpretation
Literature review: Thinking path
Literature references
Literature review: Summary
In a nutshell
Present and future
Annex: Link to the survey
Annex: Survey questions
Annex: Survey questions (Spanish)

Information Systems Security sites

- Secure home pc: This site posts regularly articles on day-to-day topics related to endpoint computer security. It targets computer users that are not IT experts but, at the same time, would like to have a secure computer for their daily activities (email, banking, blogging, sharing, etc.).

Security papers

Practical paper about the 8 critical success actions for Information Security in the SANS Leadership Laboratory.

If you are interested on the presentation regarding the 8 critical success actions for an information security function, please leave a comment on this blog.

Paper on two forensic cases, hidden company files and a USB memory stick (submitted for the SANS GIAC Gold Forensic Analyst Certification).

Paper about the DMZ of a start-up (submitted for the SANS GIAC Gold Firewall Analyst Certification).

Paper on secure application development (submitted for the SANS GIAC Gold Security Essentials Certification).

Article on Blackberry deployment in SANS Advisor.

Paper on critical success factors in information security (co-author).

The 8 Critical Success Actions for Infosec: Presentation

This presentation provides some tips about how to create an information security function. It is based on the paper titled 'Eight Critical Success Actions for Information Security'.