With a chief information security officer and key roles established for policy and training, engineering and operations, risk assessment, and security testing and compliance, we are ready to execute on opportunities, challenges, and expansion that await the Church. Leadership and Governance Which is more vital to security in an organization: the right people or the right conceptual-framework? The Trusted Computer System Evaluation Criteria (TCSEC), also known as the Orange Book, on computer security for the Department of Defense was first published in 1983 by a team of top scientists at the National Security Agency (NSA). Its groundbreaking information was considered useful for almost two decades, a singular accomplishment in the realm of technology. While the right people and the right criteria are both important, leadership and the staffing of key roles have been vital to beginning a new age of information security at the Church. While working at NSA, the INFOSEC chief scientist mentioned to me that no matter how great or important any produced criteria were, the criteria would only be sustainable as long as the right people were attracted, retained, and cultivated by the organization. At the Church, we are now beginning to adopt recognized standards and implement a governance framework that increases accountability and improves results. Leadership and governance is the cornerstone of our information security. Read more.
Continue reading at the original source →