Blog Posts Tagged with "Management"

59d9b46aa00c70238bb89056cfeb96c0

Compliance: To Boldly Go Where the Board Needs to Go

April 29, 2012 Added by:Thomas Fox

I was thinking about Captain Kirk and his leadership of the Enterprise in the context of issues relating the Board of Directors responsibility in a company’s compliance program. Kirk did not have to deal with a BOD, but he did lead from the front, and that is what a CCO must do...

Comments  (0)

C787d4daae33f0e155e00c614f07b0ee

Making Security Metrics That Matter

April 22, 2012 Added by:Robb Reck

The traditional role of security in the organization has been that of a cost-center to be minimized. Security’s success has historically been defined by internally developed measures. We work to create best-practice metrics that show how mature the security program is...

Comments  (2)

B09c361cbdc6cf629affdc7db30a186d

Positioning the Security Team Using Influence Part 2

April 22, 2012 Added by:Steven Fox, CISSP, QSA

Security engineers, analysts, and auditors are apt to use security policies or industry best practices as the foundation of their guidance rather than addressing business needs. While valid in its substance, these appeals to authority are perceived negatively...

Comments  (0)

6ba13f7544750cd81809eb83d296112a

Roundtable: Opportunities for HR in Consumerization of IT

March 15, 2012 Added by:Kyle Lagunas

Providing access to all sorts of internal systems for both employees and managers can make for a more adaptable organization regardless of size. IT has struggled with this loss of gatekeeper control, but the sound fiscal results are changing the minds of the C-suite...

Comments  (0)

6462807771e81d9c33eb99307f5f3e77

On Effective Risk Handling

March 08, 2012 Added by:Michele Westergaard

An effective risk management process allows for decision making by management with the best likelihood of achieving the desired results. It is not meant to create a brick wall for management to operate within, but more of recommended parameter within which to operate...

Comments  (0)

4c1c5119b03285e3f64bd83a8f9dfeec

A Checklist for a Move to the Cloud

February 26, 2012 Added by:Ben Kepes

There’s s flip side to technology democratization in that the high level of accessibility also means that it’s very easy for organizations to set themselves up as vendors – sometimes without the necessary level of professionalism that would be optimal...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Encryption Key Management Primer – Requirement 3.6

February 23, 2012 Added by:PCI Guru

Requirement 3.6.4 always seems to be a sticking point because people get caught up in the key expiration concept. The thing to remember is that whether or not a key expires is typically related to the encryption algorithm such as for those using public key infrastructure...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

The CISO as a Capable Catalyst

February 22, 2012 Added by:Rafal Los

"If a CISO initially receives any capability when starting the position, that was capability that was left over from their predecessor. It is now the CISO's responsibility to earn more capability and solidify what may already exist..."

Comments  (2)

0a8cae998f9c51e3b3c0ccbaddf521aa

Responsibility vs Capability in the CISO Role

February 17, 2012 Added by:Rafal Los

Capability is often seen as the ability to enforce - whether its corporate politics, budget, or a top-down reporting structure. If you don't have the capability to force people to follow organization-wide decisions it is difficult to have a solid organization...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Enterprise Security and the Battle Over Productivity

February 11, 2012 Added by:Rafal Los

The trick is, when security can't clearly and absolutely get definition on what employees should and shouldn't be allowed to do, they have to implement the law of least privilege overly aggressively and then things get slow, tedious, and everyone complains about security...

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

Compliance Due Diligence Checks: Reference Interviews

February 10, 2012 Added by:Thomas Fox

Compliance evaluation is becoming a more common component of the employee selection and hiring process. Many companies now specifically include due diligence in compliance parlance when hiring senior managers or others who will hold high levels of authority...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Penny Wise, Pound Foolish: Avoiding Security Spend Pitfalls

February 07, 2012 Added by:Fergal Glynn

Knowing how much money you’re going to spend upfront is a challenge until you have the application inventory, until you know what your risk tolerances are, and until you have a fair idea of what the problems are. You’ll have to start slow and realize the number may grow...

Comments  (0)

2b5780ad1e088bd39b051f39f5058ff4

Time for a Change in our Attitude Around Risk

February 05, 2012 Added by:Norman Marks

When is the last time you saw an audit report that said management had too many controls or was not taking sufficient risk? When did you last hear a risk officer urging planners to move into a new market more quickly? The same thing applies to information security personnel...

Comments  (2)

59d9b46aa00c70238bb89056cfeb96c0

Enterprise Ethics: Anticipating Ripples in the Pond

February 04, 2012 Added by:Thomas Fox

It is better to consider the ripple effects of your decision making before throwing that rock into your company’s ethics pond. If you do not do so you can easily run the risk of consequences for which you may have no response for, yet be held accountable for in your company...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Enterprise Disaster Recovery Planning

February 02, 2012 Added by:Danny Lieberman

DR planning is not about writing a procedure, getting people to sign up and then filing it away somewhere. The disaster recovery plan is designed to assist companies in responding quickly and effectively to a disaster in a local office and restore business as quickly as possible...

Comments  (0)

595640009b9ff10ec4d781330e3a9a40

Why Infosec Forced Me to Get an MBA

January 31, 2012 Added by:Don Turnblade

How much did restoring, repairing, reimaging, improved firewall rules, down time, legal fines, or direct fraud cost per event? Asking what it is may be too close to that great low pressure system, and you do not need to be struck by lightning. I won't ask and you won't tell...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »