InfoSec Philippines

Information Security, Technology News and Opinions

Posts Tagged ‘ENISA’

Getting funding for Security Initiatives by ENISA

Posted by Jaime Raphael Licauco, CISSP, GSEC on November 8, 2008

In my last seminar for ISACA Manila on Introduction to ISMS, I was asked a question on how to get approval for funding for security projects. I answered that Awareness was key. Upper level management have to have an idea what the risks are to their organization, and the possible consequences. Because coming up with the solution would not matter if there doesn’t seem to be a problem. I then said that a report by ENISA (European Network and Information Security Agency) might help. The report I was talking about was, “Obtaining support and funding from senior management.”

The report talks about five areas identified as being crucial in obtaining corporate security investments:

  1. Define the investment rationale and the stakeholders.
  2. Build a persuasive business case to make senior management better understand the value of the investment.
  3. Estimation of costs: allows organisations to identify the most common expenses which they may incur and make rough estimates.
  4. Linking business benefits to information security initiative, define and calculate performance metrics.
  5. Detail a typical path to face a corporate executive in a senior management briefing. Effective communication is critical: the right information should be delivered at the right time, in the right manner, preferably 6-12 months ahead the project.

For more information and where you can download the report, click here. And since we’re talking about awareness and awareness is the best control for social engineering, ENISA also has a whitepaper on “How to avoid on-line manipulation.”

Another good article that talks about different approaches that can help influence management for their approval is, ISMS Implementation – The bottom-Up approach.


Updated Links

I updated the Security Awareness and Training Links to include Microsoft’s Technet on Security Awareness. The free 120 MB zip file includes, Security Awareness Program Development Guidance, Sample Awareness Materials, Sample Training Materials, and the following sample templates:
* Brochure Templates
* E-Mail Invite Template
* Fact Sheet Templates
* FAQs
* Newsletter Template
* Poster Templates
* PowerPoint Templates
* Quick Reference Card

I also added a Philippine Tech Blogs links page.

Advertisements

Posted in Awareness, ISMS, Whitepapers | Tagged: , , , , , , , | 1 Comment »

Social Networking Articles about the Philippines

Posted by Jaime Raphael Licauco, CISSP, GSEC on November 4, 2008

A couple of interesting articles about Social Networking in the Philippines have come out in the past few months.

  • (Inquirer.net) Friendster fame, magnet for ads,
  • (Inquirer.net) Filipinos still make up big chunk of Friendster users,
  • (Inquirer.net) RP has highest percentage of social network users.
  • Wikipedia even has an article on Social Networking in the Philippines.

    1to1Media published an article regarding social networking sites such as Facebook and Multiply in Photo Tagging Portends New Frontier for Privacy Pros.

    If you’re interested in Social Networking and Social Engineering attacks using them, you might want to check out ENISA’s podcast on Locking Down Social Networking Vulnerabilities, this was given in Infosecurity Europe 2008 earlier this year. Enisa also has a Position Paper on Security Issues and Recommendations for Online Social Networks which was presented at the echallenges conference in the Hague on Oct 25, 2007. You can download the 36 page pdf from the above link.

    Posted in News, Philippines, Privacy, Social Networking | Tagged: , , , , , , , | Leave a Comment »