Blog Posts Tagged with "Management"
Enter the CISO: Torchbearer of Security and Risk Management
April 06, 2013 Added by:Anthony M. Freed
In a convergence culture, accountability for risk is accepted across the organization, and when that happens, risk management becomes a priority to the business, informing strategy and objectives. By helping identify and mitigate risk across finance, operations and IT, the CISO puts security in context of what could affect profit.
Comments (0)
What We Learned About Digital Security In 2012
February 12, 2013 Added by:Robert Siciliano
Sometimes it’s the worst things that can happen that become the eye-opening best things that effect positive change. The year 2012 saw numerous high-profile data breaches, epic hacks, full-on hacktivism and lots of major identity theft ring busts.
Comments (0)
Five Tips for CISOs Presenting to the Board
October 01, 2012 Added by:Tripwire Inc
As security is becoming more important in the overall risk posture of organizations, boards are becoming more interested hearing directly from security executives which requires a different level of communication that CISO/CSOs may not be used to presenting...
Comments (0)
The Right Way to Handle Shrinking Budgets
September 09, 2012 Added by:Robb Reck
We add new security tools by seldom get rid of the old ones. So, it’s no surprise that when our companies require us to reduce our budgets we don’t really know how to do it. In the face of these tightening budgets we need to adapt and survive. This leaves us with three options...
Comments (0)
Your Organizational Chart Tells a Security Story
August 28, 2012 Added by:Tripwire Inc
The common reason to push the security team over to the side or down the org chart is due to a belief that what they do isn’t a core value proposition for the company. By reinforcing the idea that security is low priority it creates impediments for the business and the security team to negotiate risk and work collaboratively...
Comments (1)
The Role of the CIO: What’s Really at Stake
August 08, 2012 Added by:Robert Siciliano
The CIO has become as important as the CEO. It’s a pivotal position that often can make or break the success of a corporation. As criminal hackers have launched campaigns against numerous organizations, the CIO has become much more than an information officer. They are the guardian of corporate secrets...
Comments (0)
Silly Putty and Compliance: Remember It’s Not Always About You
August 08, 2012 Added by:Thomas Fox
This is not the problem where the legal department or compliance department is viewed as the Land of No, inhabited by only Dr. No. It is, instead, the perception that legal or compliance simply institutes requirements without even talking to the people they affect the most, the business unit employees...
Comments (1)
Symantec Does Not Need Better Operations, It Needs Innovation
August 04, 2012 Added by:Richard Stiennon
The company dominates its market and any tweaks to operational efficiencies such as pairing down the product catalog, rationalizing SKUs, normalizing points given to distributors, and optimizing sales, R&D, marketing, and the executive office, will lead to greater profitability and stock performance...
Comments (1)
Black Hat and BSides Las Vegas: The Enemy Within
July 30, 2012 Added by:alan shimel
There was a time that Black Hat was where the edge met the establishment, but Black Hat has gone totally corporate and seems to have lost the edge. All of the edge seems to have gone to BSides. I love both Black Hat and BSides and think each needs a little bit of what the other has to be whole, viable and successful...
Comments (0)
Moving To The Cloud: Internal Business Considerations
July 19, 2012 Added by:Ben Kepes
Corporate IT changes dramatically with a move to the cloud – no longer do people need to spend time racking and stacking servers, patching software and other low level tasks – in the long run organizations will not have email server administrators, desktop software support personnel or systems administrators...
Comments (0)
The Compliance Professional as a Trusted Advisor
July 18, 2012 Added by:Thomas Fox
Compliance is ar form of risk you can measure, evaluate and then manage. If the risk becomes too great, that may create an unacceptable level which your company will not tolerate. One of your key roles of a compliance practitioner is to reduce the level of risk which your company cannot or will not tolerate...
Comments (0)
Security: It’s All About (Human) Networking...
July 15, 2012 Added by:Tripwire Inc
Want to add layers, or change your defense in depth approach? Your Information Systems team is just the beginning. What business unit will you impact? How will they be impacted, and when is the optimum time to do this? Depending on scope, this could even ripple through your business continuity program...
Comments (0)
Department of Homeland Security Enhances Cybersecurity Team
July 09, 2012 Added by:Headlines
"These new members of our vast cybersecurity team bring a wide array of experience and skills. Building on the successes of our strong and robust team, we are taking the DHS cybersecurity program to new levels that will ultimately enhance the security and safety of our nation..."
Comments (0)
Spring Cleaning for Your Security Toolbox
July 08, 2012 Added by:Robb Reck
Give each system and process a priority rating. The ones with the highest rating get the training, money and man-power assigned to master, maintain and run them. The ones with lower ratings get a project plan set up for decommissioning. As in most things in life, true excellence is in quality, not quantity...
Comments (0)
Talking to Your Management Rationally About Malware
June 28, 2012 Added by:Brent Huston
Malware with comparisons to Stuxnet are all the rage these days. Much of what is in the media is either hysteria, hype, confusion or outright wrong. As an infosec practitioner, your job is to explain to folks in a rational way about the trends and topics in the news carefully, truthfully, and rationally...
Comments (0)
Password Policy: Sharing Passwords
May 02, 2012 Added by:benson dana
I once worked at a place where a senior manager collected the passwords of employees. There had been resistance to giving up this policy, and the excuse was that this unit's mission was unique and that this was necessary. How often does the internal auditor hear this excuse?
Comments (0)
- Privilege Escalation Flaws Impact Wacom Update Helper
- Answering Tough Questions About Network Metadata and Zeek
- Qakbot Trojan Updates Persistence, Evasion Mechanism
- Flaws in D-Link Cloud Camera Expose Video Streams
- SOAR: Doing More with Less
- Gaining Control of Security and Privacy to Protect IoT Data
- Growing Reliance on Digital Connectivity Amplifies Existing Risks, Creates New Ones
- How Microsegmentation Helps to Keep Your Network Security Watertight
- Through the Executive Lens: Prioritizing Application Security Vulnerabilities
- Next Generation Firewalls are Old News in the Cloud