<?xml version="1.0"?>
<rss version="2.0">
   <channel>
      <title>Governance Professional Qualifications by ruth sutton</title>
      <link>https://padlet.com/ruthsutton3aaa/hwx20l4tpj6c05g9</link>
      <description></description>
      <language>en-us</language>
      <pubDate>2021-03-02 13:05:29 UTC</pubDate>
      <lastBuildDate>2022-01-24 15:38:25 UTC</lastBuildDate>
      <webMaster>hello@padlet.com</webMaster>
      <image>
         <url></url>
      </image>
      <item>
         <title>Piotr Czajkowski</title>
         <author></author>
         <link>https://padlet.com/ruthsutton3aaa/hwx20l4tpj6c05g9/wish/2002501700</link>
         <description><![CDATA[<div>The governance professional acts <strong>as organisational memory</strong>, ensuring compliance, maintaining ethical considerations, and advising on solutions.</div>]]></description>
         <enclosure url="" />
         <pubDate>2022-01-20 10:12:22 UTC</pubDate>
         <guid>https://padlet.com/ruthsutton3aaa/hwx20l4tpj6c05g9/wish/2002501700</guid>
      </item>
      <item>
         <title>Cameron</title>
         <author></author>
         <link>https://padlet.com/ruthsutton3aaa/hwx20l4tpj6c05g9/wish/2002507329</link>
         <description><![CDATA[<div>CISO - They oversee all of the different Information security activities,&nbsp;setting out to achieve or establish the companies vision and work with staff to be able to develop this into something the company can use, (Such as helping bring in a Cyber Security Culture, or ISO 27001) </div>]]></description>
         <enclosure url="" />
         <pubDate>2022-01-20 10:15:59 UTC</pubDate>
         <guid>https://padlet.com/ruthsutton3aaa/hwx20l4tpj6c05g9/wish/2002507329</guid>
      </item>
      <item>
         <title>Arby </title>
         <author></author>
         <link>https://padlet.com/ruthsutton3aaa/hwx20l4tpj6c05g9/wish/2002507606</link>
         <description><![CDATA[<div>Vulnerability Assessor - Scan applications / systems to identify vulnerabilities, using manual testing techniques including creating scripts and apps for vulnerability testing. After testing, creating vulnerability assessments as reports.&nbsp;<br><br>Auditors (Information systems) - Implementing an audit strategy, planning and conducting audits, then performing re-examinations to see if the recommendations have been put in place. It also includes evaluating risk management practices, evaluating practices vs control framework.<br><br>Ops Security Manager - Responsible for maintaining the safety and security of an organisation. </div>]]></description>
         <enclosure url="" />
         <pubDate>2022-01-20 10:16:10 UTC</pubDate>
         <guid>https://padlet.com/ruthsutton3aaa/hwx20l4tpj6c05g9/wish/2002507606</guid>
      </item>
      <item>
         <title>Dawn Cornforth - CISCO - A chief information security officer (CISO) is the senior-level executive within an organization responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. The CISO directs staff in identifying, developing, implementing, and maintaining processes across the enterprise to reduce information and information technology (IT) risks. They respond to incidents, establish appropriate standards and controls, manage security technologies, and direct the establishment and implementation of policies and procedures. The CISO is also usually responsible for information-related compliance (e.g. supervises the implementation to achieve ISO/IEC 27001 certification for an entity or a part of it). The CISO is also responsible for protecting proprietary information and assets of the company, including the data of clients and consumers. CISO works with other executives to make sure the company is growing in a responsible and ethical manner.Typically, the CISO&#39;s influence reaches the entire organization. Responsibilities may include, but not be limited to:Computer emergency response team/computer security incident response teamCybersecurityDisaster recovery and business continuity managementIdentity and access managementInformation privacyInformation regulatory compliance (e.g., US PCI DSS, FISMA, GLBA, HIPAA; UK Data Protection Act 1998; Canada PIPEDA, Europe GDPR)Information risk managementInformation security and information assuranceInformation security operations center (ISOC)Information technology controls for financial and other systemsIT investigations, digital forensics, eDiscoveryHaving a CISO or an equivalent function in organizations has become standard practice in business, government, and non-profits organizations. By 2009, approximately 85% of large organizations had a security executive, up from 56% in 2008, and 43% in 2006. In 2018, The Global State of Information Security Survey 2018 (GSISS), a joint survey conducted by CIO, CSO, and PwC,[1][2] concluded that 85% of businesses have a CISO or equivalent. The role of CISO has broadened to encompass risks found in business processes, information security, customer privacy, and more. As a result, there is a trend now to no longer embed the CISO function within the IT group. In 2019, only 24% of CISOs report to a chief information officer (CIO), while 40% report directly to a chief executive officer (CEO), and 27% bypass the CEO and report to the board of directors. Embedding the CISO function under the reporting structure of the CIO is considered suboptimal, because there is a potential for conflicts of interest and because the responsibilities of the role extend beyond the nature of responsibilities of the IT group.In corporations, the trend is for CISOs to have a strong balance of business acumen and technology knowledge. CISOs are often in high demand and compensation is comparable to other C-level positions that also hold a similar corporate title.A typical CISO holds non-technical certifications (like CISSP and CISM), although a CISO coming from a technical background will have an expanded technical skillset. Other typical training includes project management to manage the information security program, financial management (e.g. holding an accredited MBA) to manage infosec budgets, and soft-skills to direct heterogeneous teams of information security managers, directors of information security, security analysts, security engineers and technology risk managers. Recently, given the involvement of CISO with Privacy matters, certifications like CIPP are highly requested.A recent development in this area is the emergence of &quot;Virtual&quot; CISOs (vCISO, also called &quot;Fractional CISO&quot;).[3] These CISOs work on a shared or fractional basis, for organizations that may not be large enough to support a full-time executive CISO, or that may wish to, for a variety of reasons, have a specialized external executive performing this role. vCISOs typically perform similar functions to traditional CISOs, and may also function as a &quot;interim&quot; CISO while a company normally employing a traditional CISO is searching for a replacement.[4] Key areas that vCISOs can support an organization include:Advising on all forms of cyber risk and plans to address themBoard, management team, and security team coachingVendor product and service evaluation and selectionMaturity modeling - https://en.wikipedia.org/wiki/Chief_information_security_officer#:~:text=A%20chief%20information%20security%20officer%20%28%20CISO%29%20is,ensure%20information%20assets%20and%20technologies%20are%20adequately%20protected.operations and engineering team processes, capability and skillsBoard and management team briefings and updatesOperating and Capital budget planning and review</title>
         <author></author>
         <link>https://padlet.com/ruthsutton3aaa/hwx20l4tpj6c05g9/wish/2002508026</link>
         <description><![CDATA[]]></description>
         <enclosure url="https://en.wikipedia.org/wiki/Chief_information_security_officer#:~:text=A%20chief%20information%20security%20officer%20%28%20CISO%29%20is,ensure%20information%20assets%20and%20technologies%20are%20adequately%20protected." />
         <pubDate>2022-01-20 10:16:25 UTC</pubDate>
         <guid>https://padlet.com/ruthsutton3aaa/hwx20l4tpj6c05g9/wish/2002508026</guid>
      </item>
      <item>
         <title>James Silver</title>
         <author>jamesmoseley1998</author>
         <link>https://padlet.com/ruthsutton3aaa/hwx20l4tpj6c05g9/wish/2002509541</link>
         <description><![CDATA[<div>CISO - Someone who oversees strategic, operational and budgetary aspects of data management and protection. - The people who makes and develops security procedures for business's or organizations.&nbsp;<br>SOC - Analyst who works as part of a team to help monitor and fight security threats to organizations infrastructures.<br>PT / EH - Technician who, with permission, tests out organizations infrastructure via hacking into them and making security reports.<br>Risk and Compliance Manager<br>Security Architect<br>Security Manager</div>]]></description>
         <enclosure url="" />
         <pubDate>2022-01-20 10:17:19 UTC</pubDate>
         <guid>https://padlet.com/ruthsutton3aaa/hwx20l4tpj6c05g9/wish/2002509541</guid>
      </item>
      <item>
         <title>Chief Information Security Officer (CISO)Security Operations Centre analyst ( SOC)Penetration Tester / Ethical HackerGovernance Risk and Compliance Manager ( GRC)Security ArchitectOperational Security Manager</title>
         <author>ruthsutton3aaa</author>
         <link>https://padlet.com/ruthsutton3aaa/hwx20l4tpj6c05g9/wish/2002510606</link>
         <description><![CDATA[]]></description>
         <enclosure url="" />
         <pubDate>2022-01-20 10:17:57 UTC</pubDate>
         <guid>https://padlet.com/ruthsutton3aaa/hwx20l4tpj6c05g9/wish/2002510606</guid>
      </item>
      <item>
         <title>Vulnerability AssessorsPenetration TestersAuditors: ISO 27001 auditorsHMG accreditors</title>
         <author>ruthsutton3aaa</author>
         <link>https://padlet.com/ruthsutton3aaa/hwx20l4tpj6c05g9/wish/2002511477</link>
         <description><![CDATA[]]></description>
         <enclosure url="" />
         <pubDate>2022-01-20 10:18:30 UTC</pubDate>
         <guid>https://padlet.com/ruthsutton3aaa/hwx20l4tpj6c05g9/wish/2002511477</guid>
      </item>
      <item>
         <title>Adeel</title>
         <author></author>
         <link>https://padlet.com/ruthsutton3aaa/hwx20l4tpj6c05g9/wish/2002512982</link>
         <description><![CDATA[<div>Certified Information Systems Auditor (CISA) refers to a designation issued by the Information Systems Audit and Control Association (ISACA). The designation is the global standard for professionals who have a career in information systems, in particular, auditing, control, and security. CISA holders demonstrate to employers that they have the knowledge, technical skills, and proficiency to meet the dynamic challenges facing modern organizations.</div>]]></description>
         <enclosure url="" />
         <pubDate>2022-01-20 10:19:26 UTC</pubDate>
         <guid>https://padlet.com/ruthsutton3aaa/hwx20l4tpj6c05g9/wish/2002512982</guid>
      </item>
      <item>
         <title>Liam</title>
         <author></author>
         <link>https://padlet.com/ruthsutton3aaa/hwx20l4tpj6c05g9/wish/2002513654</link>
         <description><![CDATA[<div><br>Responsibilities may include, but not be limited to:<br><br></div><ul><li><a href="https://en.wikipedia.org/wiki/Computer_emergency_response_team">Computer emergency response team</a>/computer security incident response team</li><li><a href="https://en.wikipedia.org/wiki/Cybersecurity">Cybersecurity</a></li><li><a href="https://en.wikipedia.org/wiki/Disaster_recovery">Disaster recovery</a> and <a href="https://en.wikipedia.org/wiki/Business_continuity_management">business continuity management</a></li><li><a href="https://en.wikipedia.org/wiki/Identity_and_access_management">Identity and access management</a></li><li><a href="https://en.wikipedia.org/wiki/Information_privacy">Information privacy</a></li><li>Information <a href="https://en.wikipedia.org/wiki/Regulatory_compliance">regulatory compliance</a> (e.g., US <a href="https://en.wikipedia.org/wiki/PCI_DSS">PCI DSS</a>, <a href="https://en.wikipedia.org/wiki/FISMA">FISMA</a>, <a href="https://en.wikipedia.org/wiki/GLBA">GLBA</a>, <a href="https://en.wikipedia.org/wiki/HIPAA">HIPAA</a>; UK <a href="https://en.wikipedia.org/wiki/Data_Protection_Act_1998">Data Protection Act 1998</a>; Canada <a href="https://en.wikipedia.org/wiki/PIPEDA">PIPEDA</a>, Europe <a href="https://en.wikipedia.org/wiki/General_Data_Protection_Regulation">GDPR</a>)</li><li><a href="https://en.wikipedia.org/wiki/Information_risk_management">Information risk management</a></li><li><a href="https://en.wikipedia.org/wiki/Information_security">Information security</a> and <a href="https://en.wikipedia.org/wiki/Information_assurance">information assurance</a></li><li><a href="https://en.wikipedia.org/wiki/Information_security_operations_center">Information security operations center</a> (ISOC)</li><li><a href="https://en.wikipedia.org/wiki/Information_technology_controls">Information technology controls</a> for financial and other systems</li><li>IT investigations, <a href="https://en.wikipedia.org/wiki/Digital_forensics">digital forensics</a>, <a href="https://en.wikipedia.org/wiki/EDiscovery">eDiscovery</a></li></ul><div><br>Security Architect - A security architect creates and designs security for a system or service, maintains security documentation and develops architecture patterns and security approaches to new technologies. Skills required are Analysis, Communication SKills, Design Secure Systems, Enabling and informing risk based decisions, Research and Innovation, Specific security technology and understanding</div>]]></description>
         <enclosure url="" />
         <pubDate>2022-01-20 10:19:46 UTC</pubDate>
         <guid>https://padlet.com/ruthsutton3aaa/hwx20l4tpj6c05g9/wish/2002513654</guid>
      </item>
      <item>
         <title>Rebecca </title>
         <author></author>
         <link>https://padlet.com/ruthsutton3aaa/hwx20l4tpj6c05g9/wish/2002516315</link>
         <description><![CDATA[<div><strong>CISO - </strong>senior-level executive within an organisation responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected.<br><strong>SOC -</strong> is a cybersecurity professional who works as part of a team to monitor and fight threats to an organisation's IT infrastructure, and to assess security systems and measures for weaknesses and possible improvements. <br><strong>Pen Tester - </strong>ethical hacker, is an authorised simulated cyberattack on a computer system.<br><strong>GRC Manager -</strong> is<strong> </strong>responsible for the assessing and documenting of the organisation's compliance and risk posture as they relate to the its information assets.<br><strong>Sec Architect -</strong> management-level individuals who oversee the security of an organisation’s network.<br><strong>Ops Sec Manager - </strong>is responsible for maintaining the safety and security of an organisation, inspecting the facility's condition, the performance of operational tools and equipment, and the compliance of workstream processes to the safety regulations and protocols of the company.</div>]]></description>
         <enclosure url="" />
         <pubDate>2022-01-20 10:21:20 UTC</pubDate>
         <guid>https://padlet.com/ruthsutton3aaa/hwx20l4tpj6c05g9/wish/2002516315</guid>
      </item>
      <item>
         <title>Dawn Cornforth - Responsibilities of Ethical Hackers and Penetration Testers - Ethical hackers and penetration testers have similar daily responsibilities in that they work to expose vulnerable areas in the network of a company in order to prevent hacks, viruses, and other forms of security attacks. Ethical hackers use their expertise to test attacks on a network the way a malicious hacker would, exposing security flaws and fixing these areas of concern. Penetration testers roles are a little broader, overseeing security in everything from mobile applications to source code. They may also work more directly with employees on the safety of their daily work and routine computing practices.https://bestaccreditedcolleges.org/articles/ethical-hacker-vs-penetration-tester.html</title>
         <author></author>
         <link>https://padlet.com/ruthsutton3aaa/hwx20l4tpj6c05g9/wish/2002517621</link>
         <description><![CDATA[]]></description>
         <enclosure url="https://bestaccreditedcolleges.org/articles/ethical-hacker-vs-penetration-tester.html" />
         <pubDate>2022-01-20 10:22:05 UTC</pubDate>
         <guid>https://padlet.com/ruthsutton3aaa/hwx20l4tpj6c05g9/wish/2002517621</guid>
      </item>
      <item>
         <title>Cameron</title>
         <author></author>
         <link>https://padlet.com/ruthsutton3aaa/hwx20l4tpj6c05g9/wish/2002518427</link>
         <description><![CDATA[<div>ISO 27001 Lead Auditor - The lead auditor is responsible for the carrying out the main part of the audit, they look at a section of the items within an information security management system and from that deem whether or not a company is fit to be certified as an ISO 27001 holder.&nbsp;<br><br>These activties can be anything from document review, to observation or even interviews, and can cover any items within the ISO 27001 ISMS.</div>]]></description>
         <enclosure url="" />
         <pubDate>2022-01-20 10:22:36 UTC</pubDate>
         <guid>https://padlet.com/ruthsutton3aaa/hwx20l4tpj6c05g9/wish/2002518427</guid>
      </item>
      <item>
         <title>Adeel</title>
         <author></author>
         <link>https://padlet.com/ruthsutton3aaa/hwx20l4tpj6c05g9/wish/2002520154</link>
         <description><![CDATA[<div>A SOC analyst is a cybersecurity professional who works as part of a team to monitor and fight threats to an organization's IT infrastructure, and to assess security systems and measures for weaknesses and possible improvements. The SOC in the job title stands for security operations centre; this is the name for the team, which consists of multiple analysts and other security pros, and often works together in a single physical location. A SOC may be an internal team serving a single enterprise or an outsourced service providing security for one or more external clients.</div>]]></description>
         <enclosure url="" />
         <pubDate>2022-01-20 10:23:41 UTC</pubDate>
         <guid>https://padlet.com/ruthsutton3aaa/hwx20l4tpj6c05g9/wish/2002520154</guid>
      </item>
      <item>
         <title>Samuel</title>
         <author></author>
         <link>https://padlet.com/ruthsutton3aaa/hwx20l4tpj6c05g9/wish/2002522183</link>
         <description><![CDATA[<div><br>Penatration Tester/Ethical Hacker acts as external threat in order determine the weaknesses in an organisations network.<br><br>CISO - The chief information security officer (CISO) is the executive responsible for an organization's information and data security<br><br><br><br>&nbsp;</div>]]></description>
         <enclosure url="" />
         <pubDate>2022-01-20 10:24:54 UTC</pubDate>
         <guid>https://padlet.com/ruthsutton3aaa/hwx20l4tpj6c05g9/wish/2002522183</guid>
      </item>
      <item>
         <title>Dawn Cornforth - A risk compliance manager ensures that the organization conducts its business processes in compliance with laws and regulations, professional standards, international standards, and accepted business practices.  These professionals perform audits at regular intervals and execute design control systems, advising the management on possible risks that might occur, and organization policies.The major task of a compliance manager is to uphold the ethical integrity of the organization and also ensure that business activities are conducted using a regulatory framework. These professionals carry out the risk management process by thorough planning of business and implementing the policies within the organization. https://www.invensislearning.com/blog/risk-compliance-manager-roles-responsibilities/#:~:text=Risk%20compliance%20managers%20are%20considered%20to%20be%20a,adhering%20to%20the%20objectives%20set%20by%20the%20organization.</title>
         <author></author>
         <link>https://padlet.com/ruthsutton3aaa/hwx20l4tpj6c05g9/wish/2002522627</link>
         <description><![CDATA[]]></description>
         <enclosure url="https://www.invensislearning.com/blog/risk-compliance-manager-roles-responsibilities/#:~:text=Risk%20compliance%20managers%20are%20considered%20to%20be%20a,adhering%20to%20the%20objectives%20set%20by%20the%20organization." />
         <pubDate>2022-01-20 10:25:09 UTC</pubDate>
         <guid>https://padlet.com/ruthsutton3aaa/hwx20l4tpj6c05g9/wish/2002522627</guid>
      </item>
   </channel>
</rss>
