Blog Posts Tagged with "Risk Management"


On Failing Gracefully...

July 18, 2012 Added by:Neira Jones

You know the feeling: You think you have it all under control, you think you've engaged with the right people, you have buy in from those who matter, the right culture is in place, you're not struggling for investment and bang! You get hacked. Overwhelming sense of failure ensues. Where did it all go wrong?

Comments  (0)


Security: It’s All About (Human) Networking...

July 15, 2012 Added by:Tripwire Inc

Want to add layers, or change your defense in depth approach? Your Information Systems team is just the beginning. What business unit will you impact? How will they be impacted, and when is the optimum time to do this? Depending on scope, this could even ripple through your business continuity program...

Comments  (0)


BYOD: The Reality of Allowing Foreign Bodies into Your Network

July 12, 2012 Added by:Rafal Los

We're getting compromised left and right by devices we are delusional enough to think we can trust because we feel like we've got sufficient control... Where does it end? Here, right at the point where we become cognizant of the fact that no asset, corporate or otherwise, should ever really be trusted...

Comments  (0)


Vulnerability Scans too Disruptive to Conduct Regularly

July 12, 2012 Added by:Headlines

“Evidently, active vulnerability scanning can cause huge management headaches due to its disruptive nature and information overload, so scanners tend to be used primarily for ‘spot checks’ that aren’t effective at minimizing risks. Critical vulnerabilities have to be identified, prioritized, and remediated daily..."

Comments  (4)


The Resilient Enterprise: Resolving Issues Faster

July 03, 2012 Added by:Rafal Los

How can we both restore service quickly and solve a long-term systemic problems when we can't always tell that two issues are even related? Optimize the analysis between changes, connected systems and components to figure out dependencies in cases such as linked and distributed failures...

Comments  (0)


Talking to Your Management Rationally About Malware

June 28, 2012 Added by:Brent Huston

Malware with comparisons to Stuxnet are all the rage these days. Much of what is in the media is either hysteria, hype, confusion or outright wrong. As an infosec practitioner, your job is to explain to folks in a rational way about the trends and topics in the news carefully, truthfully, and rationally...

Comments  (0)


Five Reasons Why You Need an Application Security Program

June 28, 2012 Added by:Fergal Glynn

Many organizations looking at application security for the first time struggle with why they should take a programmatic approach to tackling application security. The simple fact is that if someone wants your intellectual property, they are going to use software you bought, built or outsourced to get at it...

Comments  (0)


The Perils Of Automation In Vulnerability Assessment

June 25, 2012 Added by:Ian Tibble

“Run a scanner by it” still appears in so many articles – it's still very much part of the furniture. Software suites are built on the use of automated unauthenticated scanning – in some cases taking an open source scanning engine, wrapping a nice GUI around it, and slapping a 25K USD price tag on it...

Comments  (5)


Breaking the Enigma Code: Creating a Functioning Compliance Culture

June 25, 2012 Added by:Thomas Fox

New York Times reporter Adam Bryant recently profiled Angie Hicks, one of the co-founders of Angie’s List, who has some interesting observations on leadership that I found applicable to creating a functional compliance effort within an organization, from compliance professionals to ethical leadership...

Comments  (0)


Napoleon’s Invasion of Russia and Risk Management

June 20, 2012 Added by:Thomas Fox

As compliance programs become more mature, you can use the information generated in a risk assessment in a variety of ways to facilitate an overall risk management program. To create an effective risk management system, understand the qualitative distinctions among types of risk an organization faces...

Comments  (0)


Webcast: Risk-Based Security Management

June 20, 2012 Added by:Tripwire Inc

RBSM is defined as applying rigorous and systematic analytical techniques to evaluate the risks that impact an organization’s information assets and IT infrastructure. Tripwire and Ponemon Institute researched the state of risk management and came up with some interesting findings. Join us for this webcast...

Comments  (0)


Misunderstanding Trust

June 20, 2012 Added by:Kevin W. Wall

I thought that most of the properties of trust were obvious, but was surprised to see someone in security quote a Microsoft software developer that “trust is not transitive”. Apparently there are still software and security engineers who misunderstand trust. I will attempt to clear up this misunderstanding...

Comments  (2)


Is BYOD a Nightmare for IT Security or a Dream Come True?

June 19, 2012 Added by:Megan Berry

While you still may be debating whether or not to allow employees to use their own smartphones or tables for work, many organizations realize that they may not have a choice. Though it may seem that the risks of unsecured devices are a security nightmare, with the right tools, companies can work BYOD to their advantage...

Comments  (24)


Bill Gates, the Perfect Game and Your Compliance Program

June 17, 2012 Added by:Thomas Fox

Collins has been looking at corporations for over 25 years to unlock the mystery of what makes a great company tick and discusses twelve questions that leaders must grapple with if they truly want to excel. This list is a good summary of questions that you can and should be posing to your compliance team...

Comments  (0)


Tripwire Examines the State of Risk-Based Security Management

June 14, 2012 Added by:Headlines

"Though organizations profess a commitment to RBSM... this security practice is still in its infancy. To establish an effective... program, certain barriers need to be addressed. These include securing adequate resources, having employees with the necessary expertise and designating strong leaders..."

Comments  (0)


The Path to NoOps is Through the Cloud

June 12, 2012 Added by:Rafal Los

So what is the single most valuable piece of technology that can push a development closer towards a NoOps methodology? I believe it's the adoption of cloud computing. While many of the security folks who read this blog are probably shaking their heads right about now, read on and let me convince you...

Comments  (0)

Page « < 2 - 3 - 4 - 5 - 6 > »
Most Liked