Tuesday, May 22, 2012

Must Reads: Useful Books for Managers

Again - as stated in other places - this blog is my own little personal digital shelf. I can find easily direct others to information later. I will share this one a lot.

Life is incredibly short. In my 20s I laughed at the idea of a mid-life crisis. In my late 30s, quickly approaching 40... I sneezed, blinked, opened my eyes and 20 years flew by.

I heard a preacher say, "You will be the same person with the same problems 20 years from now. The only things that will change this are the books you read and the company you keep." Towards that end, I'm sharing a list of books created by Rob Davis, someone I know well and highly respect.
-----------

[Rob Davis] Below are a few books I've found very useful over the years.
MUST READ FOR FIRST LINE MANAGERS IN ANY FUNCTIONAL GROUP
First, Break All the Rules: What the World's Greatest Managers Do Differently
Influencer: The Power to Change Anything
The Effective Executive: The Definitive Guide to Getting the Right Things Done
What Management Is: How It Works and Why It's Everyone's Business
MUST READ FOR SECOND LINE MANAGERS AND ABOVE IN FIELD SALES
Developing The Leader Within You
Integrity: The Courage to Meet the Demands of Reality
The Extraordinary Leader : Turning Good Managers into Great Leaders
Good to Great: Why Some Companies Make the Leap... and Others Don't
The Channel Advantage

Monday, May 14, 2012

Spreadsheet: ISO PCI HIPAA 800-53 FedRAMP CSA SANS SCSEM CESG

Get the 'Common Authorities on Information Assurance' spreadsheet here. (xlsx)

[2016-02-03 Update]
-- PCIv3.1 controls spreadsheet: http://www.cloudauditcontrols.com/2016/02/pci-dssv31-controls-guidance-testing.html
-- NIST SP 800-53A r4 spreadsheet: http://www.cloudauditcontrols.com/2016/02/sp-800-53a-revision-4-controls.html

Just back from London... where the joke was for me to close a deal at Hogwarts:).

I had some time on the plane to clean and organize material into a single source document. I have much more interesting stuff than this, but alas, I can't share it unless you're a customer. And I like you. And you know how to get into Hogwarts.

There are different spreadsheets floating around with ISO, PCI, NIST, HIPAA, and more so that you can play to your heart's content. Here's mine. Why do I do this? It's fun for me and it forces me to digest to a certain extent what's in there.

We have vCM and Archer, real tools for managing compliance. It does make a quick, compelling view into exactly why a (good) compliance management tool can be sooooo helpful. :) Have fun! It's under the documents tab.

The most complete set of controls? 
Recently a customer asked my opinion about what I thought was the most complete set of controls. There are several I like, and some that are far too narrowly focused to build a comprehensive program. My answer? NIST SP800-53. Here's a look at some commonly referred to sources.

Common Regulations, Standards, Audit Practices and Guides: SOX | GLBA | FFIEC | Basel II | FCRA | HIPAA | NERC | NRC | CFAA | FISMA | FRCP | FISCAMPrivacy Act of 1974 | Safe Harbor | NYSE | PCI-DSS | COSO  | CESG | NIST | ISO 27001:2005 | ISO/IEC 27002-2005 | OGC ITIL | BCI | CobiT | ISACA | AICPA | ISACA | OECD | CSA | ENISA