Special Interest Group Information Security NL
| Floris van den Broek |
Information Security NL is a free, and open initiative for information sharing on Information Security. We recommend anyone who has a security or privacy role in an organization in the Netherlands to sign up for this special interest group.
Why a special interest group?
Many organizations in the Netherlands have policies and information security teams, often based on ISO 27001. An important requirement of this standard is that security team members must be connected to other security specialists and keep their knowledge up to date . The suggested way to do this is by being a member of a specialist interest group,. This is for instance stated in the recommended control A6.1.4: “Appropriate contacts with special interest groups or other specialist security forums and professional associations shall be maintained”.
In the Netherlands, a number of existing groups are active with membership opportunity. However, membership of these groups is not free, sometimes there are limitations, and sometimes these groups are less interesting for people with a technical background. Also, some groups (like meetups) are organized very informally, making it impossible for auditors to verify that people are active members. Therefore, at ICT Institute, we have developed a new Special Interest Group based on modern principles: accessible, open and digital. Become a member via linkedin, by signing up for the LinkedIn Group ‘Information Security NL’.
The group is accessible to people who are professionally involved in information security in the Netherlands. The group is intended for example information security team members, security officers but also lead developers with focus area security, privacy officers or data protection officials. A few practical rules:
- People who develop security products or services are allowed to join, but not to promote their business.
- The group is not for absolute beginner questions: we assume that everyone has had a minimum of basic training.
- The group is aimed at the Netherlands. The language is Dutch and English. The group is also accessible to people outside the Netherlands who feel connected to the Netherlands in any way.
- Membership is managed by Sieuwert van Otterloo and Floris van den Broek of the ICT Institute. For questions about membership you can contact them.
How does the group work?
Anyone joining the group can post messages, and read posted messages. At ICT Institute we will post at least once a week and more often if there is more news. Other members may also post if they encounter relevant issues. The following practical rules apply:
- Posts must be short with a link to a follow-up article for people who want more information
- Both English and Dutch are allowed
- You can recommend events or articles of your own organization as long as it is relevant and short. In case of doubt: contact Sieuwert of Floris
- We are open and not in competition with other groups or companies: if other people organize something interesting, we pay attention to our group.
- It is allowed and encouraged to join several special interest groups and share information from one group to another. However, keep it short with reference to the source
Who is interested about this article can sign up via this link: Linkedin Group ‘Information Security NL‘. We have questions about the group, can contact the ICT Institute. For those who want to know more about information security, we recommend looking at the following resources:
- Summary ISO 270001 Dutch or ISO 27001 English. More background about starting with ISO 27001 is also available in the articles “Getting started with information security“, Plan-Do-Check-Act and Risk Management.
- For alternative standards, look at Security Verified. This our own faster and lighter standard inspired by but more efficient than ISO 27001.
- Other special interest groups are the Information Security Platform (PViB), the Dutch Society for Data Protection Officers (NGFG), the International Association for Privacy Professionals (IAPP, see also this article about IAPP).
- Information about concrete vulnerabilities is always found in the NVD database. Here information is available per product and one can check which versions of products are no longer safe.
- Anyone looking for product standards instead of organizational standards should in any case look at OWASP and PCI-DSS.
Image credit: Lock icon Aleksandr Vector. Door Picture: Samuel Zeller via Unsplash
Dr. Floris van den Broek received his PhD in Computer Science at TU Delft and his Masters of business Administration at University of California, Berkeley. He is a a co-founder and director of ICT Institute with a focus on sales and business development. Next to his work at ICT Institute, Floris is on the board of various ICT companies and has been active in private equity. He is also a certified ISO 27001 lead auditor.