Blog Posts Tagged with "Management"

0a8cae998f9c51e3b3c0ccbaddf521aa

Spending Your 2012 IT Security Budget - Beware of Cheap

January 28, 2012 Added by:Rafal Los

If you can't be good, be cheap - the battle cry of the second-rate vendor. After spending 4 years as part of a world-class sales organization, I can tell you that with no uncertainty that I've seen some of my competitors do some absolutely insane things to compete...

Comments  (3)

6462807771e81d9c33eb99307f5f3e77

On Enterprise-Wide Risk Management

January 23, 2012 Added by:Michele Westergaard

Certain tasks can be defined via policy as needed but are really the small part of the role. An overarching role is to understand the key issues facing the organization, creatively challenge business processes by asking what can go wrong, then working to plug the potential holes...

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

Don’t Shoot the Messenger, Fire the Chief Compliance Officer

January 19, 2012 Added by:Thomas Fox

In the post Sarbanes-Oxley world, the CCO is a linchpin in organizational efforts to comply with applicable law. When a company fires or asks them to resign, it is of significance for all involved in corporate governance and should not be done at the CEO alone...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Security and the Theory of Constraints

January 16, 2012 Added by:Danny Lieberman

Security management is tricky. It’s not only about technical controls and good software development practice. It’s also about management responsibility. If you remember the Theory of Constraints, there is only one thing that limits a system's (or company's) performance...

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

Boards of Directors and Compliance: Four Areas of Inquiry

January 02, 2012 Added by:Thomas Fox

Any best practices compliance program has several moving parts, a CCO to lead the compliance program, a Compliance Department to execute the strategy and an engaged Board of Directors who oversee and participate. We applaud Hutchens approach and commend it for use by a company’s BoD...

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

Risk Management – More Than Just Risk Assessment

December 22, 2011 Added by:Thomas Fox

Risk management must be linked to the organization’s purpose and goals. Your company must to be disciplined. It cannot simply develop a risk assessment and then not use it to look at risk generally. As important as systems are, they must be practical, and linked to what your company does...

Comments  (0)

54b393d8c5ad38d03c46d060fa365773

Security: Three Tips When Speaking to the Board of Directors

December 16, 2011 Added by:Jason Clark

Many CISOs are getting questions specifically about whether they are protected from targeted attacks, malware, and data breaches. And many of these questions are coming from people who don’t really know what terms like “targeted attack” or “malware” actually mean - the Board of Directors...

Comments  (4)

59d9b46aa00c70238bb89056cfeb96c0

Compliance: Is Water Wet or is Jack Webb Still the Man?

December 13, 2011 Added by:Thomas Fox

One of the constant refrains for any compliance officer is responding to employees’ inquiries. Questions come in all shapes and sizes and from all over the world. The compliance professional must try to ascertain the facts to give an intelligent, coherent and, hopefully correct response...

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

The Visible Hand: A New Compliance Model

December 09, 2011 Added by:Thomas Fox

A company should look for small ways to expand employee autonomy in the compliance area. This does not mean a complete abdication of the role of the Compliance Department, but it does mean a notch-by-notch transfer of authority to persons in the field...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Data Loss Prevention - Without the New Blinky Boxes

December 08, 2011 Added by:Rafal Los

The glut of blinking lights and devices that require time and effort to manage has gotten out of control... or so I'm being told. I've not manged a security team in 4 years now, but even back then the glut of boxes, products and solutions was becoming too much to bear. I can only imagine it now...

Comments  (1)

Bd623fa766512fdf6b57db66f522b741

Infosec: Homer Simpson or George Washington?

November 28, 2011 Added by:Ali-Reza Anghaie

Consider three fields when pondering infosec strategies: Defense, Economics, and Healthcare. All three have grasped nonlinear preventative and swarm tactics in a way we would be wise to consider. And like infosec, all three also have snake oil salesmen and demons to satiate...

Comments  (1)

7c5c876d1933023ac375eead04302e1a

Ineffective CISOs Foster Shady Vendor Practices

November 23, 2011 Added by:Boris Sverdlik

The question remains how much faith is too much to put in the hands of your vendors? Without a thorough analysis of the inner workings of your organization, it is impossible for any external entity to make recommendations on where your reactionary dollars are best spent...

Comments  (0)

Ad5130e786d13531cc0f2cde32dacd0f

Decrypting QSA Qualifications in a Diluted Market Place

November 21, 2011 Added by:Andrew Weidenhamer

One of the biggest challenges is how to determine which 3rd party QSA company to use. With 120+ QSA companies certified to perform On-Site Assessments in the USA, there is not an easy answer, unless of course price is the only consideration. Unfortunately, sometimes this is the case...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Three Words to Describe Enterprise Security

November 16, 2011 Added by:Rafal Los

We're cynical. Many security professionals and information security management alike are getting fed up with vendors who don't take the time to understand the issues they're facing - and simply to to sell, sell, sell...

Comments  (0)

Bd623fa766512fdf6b57db66f522b741

#EntSec pt. II -- Accepting Exceptional Mediocrity

November 04, 2011 Added by:Ali-Reza Anghaie

Respect of a brand can carry through decades. It's my belief that if you influence through Enterprise Security, you will attract a better breed of customer and customer loyalty. This is a worthy selling point and worth marketing. And you still don't have to shave or put on shoes to do it...

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

Compliance: Telling the Board What it Needs to Know

November 03, 2011 Added by:Thomas Fox

In an article entitled “Telling Your Board What it Needs to Hear”, author Arielle Bikard discusses the views of Pfizer Inc’s Chief Compliance Officer (CCO), Douglas Lankler, on how he keeps the Pfizer Board of Directors up to date on compliance issues...

Comments  (1)

Page « < 1 - 2 - 3 - 4 - 5 > »