- O-ISM3
-
Articles
- Ten ways ISMS fail
- How can you Measure how Secret a Secret is?
- What is the Maturity of your ISMS?
- Risk, Investment and Maturity
- Compliance vs Continuous Improvement
- A primer in Metrics driven Process Management
- Process Management with Security Metrics
- Measuring Security
- Beyond Authentication, Authorization and Accounting
- Return On Security Investment
- Standards, standards, standards, Are they any good?
-
by Vicente Aceituno Canal
- Slideshare
- Youtube
- Youtube (Spanish)
- Contact
-
Foundations
- Ask Smart Questions to Set Security Service Levels
- Can you pass the O-ISM3 Test?
- The CIA triad is not helping you as much as you think
- Advanced Classification of Information
- Security Foundations Series: Secrecy
- Security Foundations Series: Privacy
- Security Foundations Series: Availability
- Security Foundations Series: Expiration
- Security Foundations Series: Retention
- Security Foundations Series: Quality
- Security Foundations Series: Compliance
- Security Foundations Series: Technical Objectives
- Security Foundations Series: Intellectual Property you Own
- Security Foundations Series: Intellectual Property you Use
- What is an Operational, Positive Definition of Security
- Operational Definitions for Security
- Information Assurance Markup Language
- Security Quarks help communicate with non IT people
- Security Quarks and the Cookie Monster
- Information Security Paradigms
Information Security Professional
Cybersecurity management leader; actively challenging established practices with proven and practical alternatives. Over 15 years experience in management of information security, I am the lead author of the Information Security Management Standard O-ISM3, published by The Open Group in 2011 (updated version to be published in 2017). My unique skills are:
- Making information security understandable for everyone, including the business stakeholders.
- Translating business needs into security requirements.
- Integration of information security with other IT practices (infrastructure, software development, outsourced services)
- Designing and leveraging Information security metrics.
I have been long involved in the development of my profession: former President of the Spanish chapter of the Information Security Systems Association; former President of the First Information Security Testing Conferences. Member of the Security Forum Steering Committee of The Open Group; ISMS Forum Member, ISACA member.
My articles have been published in ISACA's Control, the ISSA Journal, SC Magazine Online, Pentest Magazine, ENISA Quarterly, Revista SIC, Red/Seguridad.