https://www.billbrown.info/series/information-assurance/Recent content in Information Assurance on Bill Brown:Thoughts and Reference Material OnlineHugo -- gohugo.ioenBillBrown.infoThu, 14 May 2026 00:00:00 +0000https://www.billbrown.info/post/building-information-assurance-plan-iso-27002/Thu, 14 May 2026 00:00:00 +0000https://www.billbrown.info/post/building-information-assurance-plan-iso-27002/ <h2 id="building-an-information-assurance-plan-with-iso-27002">Building an Information Assurance Plan with ISO 27002</h2> <p>This proposal has been assembled to address the void of a Information Assurance (IA) program at the Heavy Metal Engineering (HME) Corporation. The proposal will layout an IA plan for HME that includes an overview of IA requirements and discusses the fundamentals of the of the IA approach. The proposal includes an approach to implementing the recommended framework and a risk mitigation strategy for the business. Methods for incident response in the case of an unwanted intrusion occurring will be covered. The last part of the proposal will cover the HME disaster recovery plan for the worldwide organization.</p>https://www.billbrown.info/post/trust-and-safeguards-in-information-security-an-organizational-perspective/Sat, 14 Mar 2026 00:00:00 +0000https://www.billbrown.info/post/trust-and-safeguards-in-information-security-an-organizational-perspective/ <h2 id="trust-and-safeguards-in-information-security-an-organizational-perspective">Trust and Safeguards in Information Security: An Organizational Perspective</h2> <h2 id="hahahugoshortcode73s0hbhb">The word &quot;Trust&quot; is defined as related to information security. Based on ones understanding of securing your environment, what are some of the common safeguards is recommend to ensure trust is viable in an organization? <script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1012089347386563" crossorigin="anonymous"></script> <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-1012089347386563" data-ad-slot="9168865232" data-ad-format="auto" data-full-width-responsive="true"></ins> <script> (adsbygoogle = window.adsbygoogle || []).push({}); </script> </h2> <h2 id="defining-trust-in-information-security">Defining Trust in Information Security</h2> <p>Trust as defined by Jacobs (2016) is a characteristic allowing one entity to assume that a second entity will behave exactly as the first entity expects. Trust can be viewed as assurance in the honesty, skill, character, and certainty of a person or thing.</p>https://www.billbrown.info/post/personnel-and-physical-security-in-information-assurance/Fri, 13 Mar 2026 00:00:00 +0000https://www.billbrown.info/post/personnel-and-physical-security-in-information-assurance/ <h2 id="personnel-and-physical-security-in-information-assurance">Personnel and Physical Security in Information Assurance</h2> <h2 id="personnel-security">Personnel Security</h2> <p>Process and procedures are needed to protect personnel security as Jacobs (2015) points out. The employee responsibilities need to be defined, and the employee must qualify for the role so that the risk is reduced from theft, fraud, or misuse of assets by the employee. <script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1012089347386563" crossorigin="anonymous"></script> <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-1012089347386563" data-ad-slot="9168865232" data-ad-format="auto" data-full-width-responsive="true"></ins> <script> (adsbygoogle = window.adsbygoogle || []).push({}); </script> An excellent example of checking personnel security or identities occurs in businesses that do work on behalf of the government. Each employee, visitor, supplier and any others that interact with the organization require having their identities checked and verified. In some cases, foreign personnel are unable to participate in specific meetings or able to conduct business in various parts of the building due to the sensitive nature of the information handled and discussed. Security policies and procedures for the organization identify what personnel can and cannot do including terminations or disciplinary action was taken for any wrongdoing as discussed by Jacobs (2015). Regular training by the organization is required do be sure team members are up to date with regulations and required constraints that need to be followed. At the time of employment as Jacobs (2015) a job description, already in place is provided to the employee, and the terms and conditions of the employment should be provided as defined by the human resources, compliance and legal teams. The job description should include any security roles and responsibilities required by the job candidate. A candidate background check and drug test also should be conducted before taking on a candidate for employment which will identify any past existing issues with the candidate. If the candidate is hired, the employment contract and nondisclosure agreement should be completed before any organizational assets are provided to the new employee.</p>https://www.billbrown.info/post/risk-management-critical-element-of-security-systems-engineering/Thu, 12 Mar 2026 00:00:00 +0000https://www.billbrown.info/post/risk-management-critical-element-of-security-systems-engineering/ <h2 id="risk-management-as-a-critical-element-of-security-systems-engineering">Risk Management as a Critical Element of Security Systems Engineering</h2> <hr> <p>Explain how Risk Management is a critical element to the Security Systems engineering. Also disucss how Risk Management is a critical component to the Security Systems engineering. Why is Risk Management a critical element of Security Systems engineering.</p> <hr> <script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1012089347386563" crossorigin="anonymous"></script> <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-1012089347386563" data-ad-slot="9168865232" data-ad-format="auto" data-full-width-responsive="true"></ins> <script> (adsbygoogle = window.adsbygoogle || []).push({}); </script> <h2 id="defining-risk-in-security-systems">Defining Risk in Security Systems</h2> <p>Risk Management is a critical component of Security Systems engineering. To understand risk management, let's understand what risks are, vulnerabilities and threats are in relation to security systems. The combination of a threat combined with a vulnerability best defines risk within the realm of security as described by Bejtlich (2004).</p>https://www.billbrown.info/post/systems-engineering-and-information-security-integration-in-the-development-lifecycle/Wed, 05 Nov 2025 00:00:00 +0000https://www.billbrown.info/post/systems-engineering-and-information-security-integration-in-the-development-lifecycle/ <h2 id="systems-engineering-and-information-security-integration-in-the-development-lifecycle">Systems Engineering and Information Security Integration in the Development Lifecycle</h2> <p><strong>Topic:</strong> Systems Engineering and Information Security</p> <h3 id="systems-engineering-overview">Systems Engineering Overview</h3> <p>Systems engineering centers on defining the client's requirements and functionality early in the development cycle. Then one refines and documents the requirements that represent the needs. The method continues into design synthesis, development, system validation, deployment, operation, and retirement while considering the entire problem or also known as the system life cycle (Jacobs, 2016, p. 31). In short systems engineering is an interdisciplinary method to building complex and technologically diverse systems as described by Douglass (2016).</p>