The Holistic Information Security Practitioner (HISP) training and certification supports our learning in compliance and information security by complementing other personal certifications we may already have such as CISSP, CISA, CISM and CFA.    HISP provides a good grounding in international best practices for information security and audit governance by integrating ISO 27000 standards along with ITIL, COBIT and COSO.  We all are aware of these control structures, but how do we work to create a holistic program for our organizations and customers and not disparate projects?

HISP courses are running throughout the US and on April 27 - May 1 Radian Compliance will host EFortress as they teach this course at our Naperville Training Center.  Click here for registration information and to learn more about the HISP certification.

ASIS International had formed a Technical Committee to develop a Business Continuity Standard for the United States.  This committee is made up of over 160 people from around the world, who are Business Continuity Management practictioners, standards developers and members of Business Continuity Institutions such as DRII.   A subset of this committee has been selected to come together as a working group to write the new standard based on committee input.  Lisa DuBrock, Radian Compliance’s Managing Partner, is not only a member of the Technical Committee, but has been selected to be a member of the working committee.   The first meeting is set for next week, January 15^th and 16^th in Arlington, Virginia. 

The committee has been soliciting initial comments from practictioners world-wide to be used by the working group when developing the new standard.  These comments are due 1/9/09.  ASIS has also decided that they will utilize BS 25999 as a starting point for this standard.  As a Technical Expert for BSI Management Systems,  the certifying body for BS 25999, Lisa is excited that this standard will be recognized as the jumping off point for this effort. 

Lisa will provide  an update to this blog upon her return next week from Arlington.  Until then…be safe.

Security: Risk and Reward By Andreas M. Antonopoulos , Network World , 12/30/2008

 Though these predictions are based on primary research and many, many discussions with chief security officers, they concern information security only and can be affected by external factors that are unpredictable (at least by me). 

Relevant Predictions….Regulatory compliance will be back with a vengeance. All the scandals and Ponzi schemes you heard about in 2008 will become subtitles for new regulations in 2009 and beyond. Regulations in hedge funds, credit-default swaps and derivatives are just the beginning. A whole new industry of auditors, special software and consultants will rise to meet the challenge. You thought the Sarbanes-Oxley Act was a pain? Just wait.
Security projects will struggle for funding. It will take a lot of arguing to get a budget for more than upkeep in 2009. But wait, regulatory compliance comes to the rescue: Use compliance to push through budget requests on everything. It’s 2007 all over again!   Read the Entire Article