Blog Posts Tagged with "Management"

9259e8d30306ac2ef4c5dd1936e67634

Calculating the Return on Security Investment (ROSI)

June 20, 2011 Added by:Dejan Kosutic

Traditionally, "making sense" for management means that the revenues that will result from the investment will be larger than the total cost of investment. So what's the problem? The problem is, even if you can calculate the total cost, there are no revenues to be made from security...

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

A Values-Based Approach to Your Compliance Program

June 17, 2011 Added by:Thomas Fox

Moving from a rules-based compliance training to an ethics-based approach, there are three general areas where a company can change its approach in a manner to encourage employees to behave ethically, they are The Code; Ethics Training; and You Make the Call...

Comments  (0)

F520f65cba281c31e29c857faa651872

CIO: Throw Your Ego Out of the Window

June 15, 2011 Added by:Rahul Neel Mani

CIOs often don’t want to come out of their IT shell. Rather than thinking business, they get immersed into IT. Although a lot of CIOs do have those skills, but they don’t move away from IT. You need a lot of guts to get to the CEO’s position, it’s a totally different ballgame...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Hey CISO, Your Budget is Killing You...

June 14, 2011 Added by:Rafal Los

You've wrestled with justifying initiatives, programs, and security-driven innovation you want to implement to keep the company safe and lower the risk profile, but what you may not know is that the budget you've been working so hard to grow may actually be secretly killing you...

Comments  (0)

F29746c6cb299c1755e4087e6126a816

Game Over: Cloud Computing and the Sony Breach

June 02, 2011 Added by:Kelly Colgan

We often use words like “robust,” “comprehensive,” and “strong” to describe security programs. Nice as that may sound, security isn’t only the strength of a system, but about the mindset of the people working it. Have they asked all the questions? Have they covered all their bases?

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

Compliance: Twenty Questions Directors Should Ask

June 01, 2011 Added by:Thomas Fox

The questions are not intended to be an exact checklist, but rather a way to provide insight and stimulate discussion on the topic of compliance. The questions provide directors with a basis for critically assessing the answers they get and digging deeper as necessary...

Comments  (0)

99edc1997453f90eb5ac1430fd9a7c61

Infosec: Is the Cynic-Signal Broken?

May 27, 2011 Added by:Javvad Malik

Why do they put brakes in cars? If you answered “to make you stop”, you’re kind of wrong. The correct answer is, they put brakes in cars so that you can go faster. In many ways, security is similar. However, security doesn’t just bolt onto a business - it's a mindset...

Comments  (0)

47d6748b0a28ace8263ed75fec1afe4c

Information Security Policies and Procedures Part 6

May 25, 2011 Added by:Alex Hamerstone

Writing to the correct audience is one of the most important elements of creating effective documentation. If the documentation is too technical, they will not understand it. If the documentation is too simple for the audience, they may skim over important points...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Could the IT Staff Hold Your Company Hostage?

May 24, 2011 Added by:Headlines

Report: "A significant number of IT staff could cause chaos for their organizations with their knowledge of and access to digital certificates and encryption keys due to lack of management controls and no separation of duties..."

Comments  (0)

9259e8d30306ac2ef4c5dd1936e67634

Management’s View of Information Security

May 23, 2011 Added by:Dejan Kosutic

One of the often misunderstood aspects of information security is that most of the problems (i.e. incidents) happen not because of technology, but because of human behavior. Most of the investments needed will be in defining new policies & procedures and in training & awareness programs...

Comments  (0)

49afa3a1bba5280af6c4bf2fb5ea7669

Enterprise Information Technology: Skip the Sexy

May 16, 2011 Added by:Mike Meikle

If new technology is attached to a framework that is half-complete or stretched beyond capacity, then a public relations nightmare may be waiting. Consider the PlayStation Network breach. Basic management and security principles were ignored or half-implemented with disastrous consequences...

Comments  (10)

47d6748b0a28ace8263ed75fec1afe4c

Information Security Policies and Procedures Part 5

May 16, 2011 Added by:Alex Hamerstone

The purpose section should include information about why the policy is necessary. You may also wish to add some information about how the issue was dealt with historically. It is also a great place to reiterate some company values. An example is “To ensure compliance with..."

Comments  (1)

59d9b46aa00c70238bb89056cfeb96c0

Testing Your FCPA Compliance Program

May 13, 2011 Added by:Thomas Fox

If there are components which need to be enhanced, you will have the opportunity to do so. If additional or supplemental training is called for; then take the opportunity to provide it. In short, do not be a afraid of the results...

Comments  (0)

47d6748b0a28ace8263ed75fec1afe4c

Information Security Policies and Procedures Part 4

May 09, 2011 Added by:Alex Hamerstone

The formatting and structure of documentation is not the most enthralling topic. It is however one of the most important elements of effective documentation. Delivering information in a clear and consistent way is essential to ensure documents are easy to use and effective...

Comments  (0)

47d6748b0a28ace8263ed75fec1afe4c

Information Security Policies and Procedures Part 3

May 04, 2011 Added by:Alex Hamerstone

Search engines place a vast body of human knowledge at your fingertips. This vast knowledge often includes the intellectual property of others. Finding policies on the internet and using control H to place your organization’s name in place of another is not only wrong, it is also ineffective...

Comments  (0)

47d6748b0a28ace8263ed75fec1afe4c

Information Security Policies and Procedures Part 2

May 03, 2011 Added by:Alex Hamerstone

As far as information security, every organization will have a unique set of foundational policies. Although there will be many that are common to all organizations, the unique qualities of each organization call for custom policies. How then, do we determine what basic policies we need?

Comments  (0)

Page « < 3 - 4 - 5 - 6 - 7 > »