InfoSec Philippines

Information Security, Technology News and Opinions

Posts Tagged ‘Awareness’

Getting funding for Security Initiatives by ENISA

Posted by Jaime Raphael Licauco, CISSP, GSEC on November 8, 2008

In my last seminar for ISACA Manila on Introduction to ISMS, I was asked a question on how to get approval for funding for security projects. I answered that Awareness was key. Upper level management have to have an idea what the risks are to their organization, and the possible consequences. Because coming up with the solution would not matter if there doesn’t seem to be a problem. I then said that a report by ENISA (European Network and Information Security Agency) might help. The report I was talking about was, “Obtaining support and funding from senior management.”

The report talks about five areas identified as being crucial in obtaining corporate security investments:

  1. Define the investment rationale and the stakeholders.
  2. Build a persuasive business case to make senior management better understand the value of the investment.
  3. Estimation of costs: allows organisations to identify the most common expenses which they may incur and make rough estimates.
  4. Linking business benefits to information security initiative, define and calculate performance metrics.
  5. Detail a typical path to face a corporate executive in a senior management briefing. Effective communication is critical: the right information should be delivered at the right time, in the right manner, preferably 6-12 months ahead the project.

For more information and where you can download the report, click here. And since we’re talking about awareness and awareness is the best control for social engineering, ENISA also has a whitepaper on “How to avoid on-line manipulation.”

Another good article that talks about different approaches that can help influence management for their approval is, ISMS Implementation – The bottom-Up approach.

Updated Links

I updated the Security Awareness and Training Links to include Microsoft’s Technet on Security Awareness. The free 120 MB zip file includes, Security Awareness Program Development Guidance, Sample Awareness Materials, Sample Training Materials, and the following sample templates:
* Brochure Templates
* E-Mail Invite Template
* Fact Sheet Templates
* FAQs
* Newsletter Template
* Poster Templates
* PowerPoint Templates
* Quick Reference Card

I also added a Philippine Tech Blogs links page.


Posted in Awareness, ISMS, Whitepapers | Tagged: , , , , , , , | 1 Comment »