Tiddlywiki For Security Managers: Build A Custom Isms
 

Using an open-source wiki engine to build a tool for ISMS
What you'll learn
Understand the principles and purpose of an Information Security Management System (ISMS)
Design and implement a customized ISMS using TiddlyWiki
See the limitations of commercial and automated security tools
Apply systems thinking to track, manage, and improve security controls
Get empowered to build elegant, maintainable systems without relying on tools you have no controls over
Requirements
Basic understanding of information or cyber security concepts
Willingness to learn something really new and unique
A mindset for building and creating, not just shopping for ready-made products
Comfort with using and customizing short html, css, JavaScript code (beginner)
Description
When managing security many people often keep searching for a "magic" bullet tool. Something that could help them survive in the daily fight with management, end-users, sysadmins, vendors and hackers. They try one product, then another and then yet another.They waste time searching and don't realize: there is no magic bullet you can buy. Speaking from close to 30 years of experience in the security seat we can say - creating your own tool is better and not even so difficult. It's definitely worth the try.Of course, you can always buy an expensive, shrink-wrapped product, but that typically has been designed by a coder, not a security manager. And it shows: you do what they thought you might want to do.A good ISMS is not just a compliance checklist - it's a living system that connects business strategy with day-to-day security operations, it is the nervous system of your cybersecurity.Information security or its subset, cybersecurity, is such an important topic for companies and individuals today that it has to be managed in a systemic way.Regardless of standards, methodologies or best practices that might or might not be mandatory for some businesses, managing security requires some form of system management. That basically means we don't rely on random rules, requirements and controls as we come across them but we try to actively plan, organize, foresee, decide and execute based on "objective" information or data.In short, to manage information security we need a real information system, not a spreadsheet or e-mail with tasks management.
Who this course is for
This course is for creators who want to build their own Information Security Management System (ISMS) from the ground up
A security analyst, IT manager, consultant, or solo founder who wants full control over how security is tracked, documented, and improved.
Local security champions in a small or mid-sized organization who need a lean, customizable ISMS without enterprise-level costs.
Those who believe that systems thinking beats checklist compliance, and want to understand the "why" behind every control they track.