Dissemination of Information Security Knowledge

The daily work as information security practitioner is rather a chaotic one. The challenges has nothing to do with the zero-day attack that may happen any second or project deadlines. After more than 12 years of experiences as auditor, security manager and security consultant, I found the security domain is growing exponentially as user and business are more aware of risks in their even more Internet connected lifestyle. A security manager job duty is expanding from purely IT departments controls to application controls and even to privacy compliance.

With such rapid development of risk landscape, daily work of a security practitioner is no different from studying three to four PhDs concurrently with hundreds of email arriving your mail box. Research in information security and risk management is difficult as it is still evolving and also closely tied to cultural and management style. Research skills are important but doing it alone without the directions and collaboration with other professionals is like the toil of Sisyphus.

“make the knowledge accessible and usable”

The most rewarding experiences in my career is the discussion and sharing with people in the industry. By joining activities and meetings organised by PISA, CSA, ISC2 and ISO SC27, I met with friends and mentors who are both intellectual and forwarding thinking. The idea of having a blog connecting information security professionals in Asia is coming from these experiences.

The satellite image at the top only shows the Asia regions are physically separated by ocean. It does not show there are also legislation, languages and ideology separations. These logical separations create some obstacles for close collaboration. Unlike security professionals in US and EU where they could meet and collaborate relative conveniently, Asia professionals will need to rely more on cyberspace for idea exchanges.

In short, this team blog has one goal as stated in the About page ” to inspire more information security professionals and practitioners to come forward and share their knowledge, understanding, and experience with the community.”

This entry was posted in China, China, Hong Kong, Japan, Singapore, Taiwan and tagged on by .

About antonyma

Engineering trained, Antony has the qualifications of CISA, Oracle DBA and BS7799 ISMS assessor. He also received a LLM in Intellectual Property & Information Technology Law from The University of Hong Kong. Founder of travel tech statup www.powerdata2go.com Antony was th Chairman of Professional Information Security Association (PISA) from 2009 to 2010. He also joined ISC2 workshop on developing a new cloud security certification. Current positions include: 1. Chairman of Cloud Security Alliance (Hong Kong & Macau Chapter) 2. Convenor of HK OGCIO Working Group on Cloud Security and Privacy 3. Hong Kong delegate to ISO SC 27 committee, which drafts security standards like ISO27001. email : antony.linkedin@gmail.com Specialties Retail Banking System & Process, IT Security, Copyright Law, Audit & Control, Technology Risk Management, Cloud Security

3 thoughts on “Dissemination of Information Security Knowledge

  1. mengchow

    Like the icon. 🙂 Over the years, I also learned that when we share knowledge, it is not a one-way transfer of knowledge. As we share, we gain from the experience in the process, when questions get raised, more understanding emerged, and more learning results. Our understanding will be limited, or may even stagnated if they are not discoursed.

    Reply
  2. jeanfrancoisraymond

    Antony, agree that things in this field are changing very rapidly – the world is getting more connected, not less. New devices and ways to interconnect are more and more plentiful. This is clearly making things challenging for IS professionals.

    This having been said, the profession has matured enormously over the last 10 years. Ten years ago, IS professionals were a rag tag crew of mathematicians, network engineers, sysadmin, etc. No one had formal training in IS, best practices/standards were not widely applied and shared, the broad skill set you refer to (legal, compliance, policies documentation, cryptography, awareness, technology) were often not readily available within IS teams. I know many will disagree with me on this but, I’d argue that today, we mostly “get information security”. Things are not perfect, but we understand what is needed, from training/education and strategy to monitoring and continual improvement. I believe this makes the increased complexity you refer to easier to manage.

    Case in point is cloud computing, a new technology that creates important information security risks. I find it amazing that the security community, mostly through the cloud security alliance, put their heads together and created an impressive body of cloud information security related body of work in just a few years!

    In conclusion, yes things are getting more complex, but we also have more tools and support than we have ever had.

    Reply
  3. myung

    “Make the knowledge accessible and usable”

    Indeed it is the key of why we have Internet, web, wikipedia and blog post here. Security is a complicated topic to many, especially layman. It’s time to share our knowledge and experience in an easy to understand language, from users’ point of view and make those really accessible and usable.

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s