Will it make a difference if we do security for business sake?
The security departments and the business always crash when comes to justify security expenses in the context of business justification (why did you buy that NAC device for?) My idea is basically in everything that security department do, should be prefixed with the word business e.g. business cybersecurity , business security incident management , business penetration test (you get the idea). By doing this then the mindset shift from doing security for the security sake and becomes doing security for the business ( not in the business of information security). My simplify model below reflects this SABSA thinking and I will expand it more in the later date.
A certified Information Security professional, with demonstrated experience spanned more than 10 years in financial, banking, consulting, and payment card industries in managing Information Security System Management ISMS.
A post graduate degree holder in Information Security Management (M.Sc); Certified Information Security Manager (CISM), Payment Card Industry Qualified Security Assessor (PCI QSA), SABSA Chartered Security Architect (SCF), ISO 27001 Lead Auditor, CREST Registered Technical Security Architect (TSA), CREST Registered Penetration Tester (CRT), and a member of ISACA.
Demonstrated to be reliable, trustworthy, and meticulous person; working in a controls-focused environment, multinational, and multicultural organisation over the years and gained a good understanding of what is required of the Information Security professional. .
Specialties:
ISMS based on ISO/IEC 27001/2
Payment Card Industry (PCI) DSS - QSA led services - PCI Scoping, Gap Analysis and Formal Assessment (RoC)
IT Governance, Risk and Compliance (GRC) Management
Cyber Security
Penetration Testing
Enterprise Security Architecture
Technical Security Architecture
View all posts by kinyoka
The Cybersecurity Consultant 