Blog Posts Tagged with "Risk Management"

0a8cae998f9c51e3b3c0ccbaddf521aa

Melville's "Bartleby the Scrivener" and Infosec

May 26, 2012 Added by:Rafal Los

Bottom line is, you won't be able to force change no matter how much you yell, scream, or try to scare the leadership. Better security is a cultural change, it's a change that must be adopted for a purpose or organizational goal. Otherwise, you're throwing rocks against a brick wall...

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

How the DOJ Looks at Compliance Programs Part I

May 22, 2012 Added by:Thomas Fox

Although often discussed in Deferred Prosecution Agreements (DPAs) or Non-Prosecution Agreements (NPAs), most compliance practitioners are not familiar with one of the most important sources of Department of Justice (DOJ) policy regarding the prosecution of corporations...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Why Does Software Security Keep Falling off your Budget?

May 22, 2012 Added by:Rafal Los

Approximately 3 out of 4 attacks against your enterprise or organization come at your applications. Whether it's at your website, at the mobile app you've deployed, or your enterprise API - you're being attacked where the lowest defenses are - the application...

Comments  (0)

9f19bdb2d175ba86949c352b0cb85572

Who Are You Preaching to Anyway?

May 15, 2012 Added by:Neira Jones

Hard core security conferences continue to happen and continue to be successful, and long may it continue. We still need the techies to make sure we have the right tech to support the people and processes in our businesses. We also need the techies to try and keep ahead of the bad guys...

Comments  (2)

54a9b7b662bfb0f0445d1661d7ed180b

Where Will the Buck Stop in Cloud Security?

May 15, 2012 Added by:Jayson Wylie

I don’t want to see the main outcome of security and data breaches become lengthy litigation. If cloud security boils down to he who has the best law team, the direction of security will have an approach of least exposure to litigation versus Cyber threats. This does not settle with me as a valid security driver for improving security posture...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Software Security: A Chief Financial Officer’s Perspective

May 15, 2012 Added by:Fergal Glynn

Surprise, you woke up today and found that 10% of the value of your company is gone because confidential customer information was made public. The FTC is knocking on your door asking for a forensic security audit. Your largest investors are calling about the scope of the breach...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Risk Management for the Electricity Sector

May 14, 2012 Added by:Infosec Island Admin

The DOE collaborated with the NIST and NERC to release a second draft of the Electricity Sector Cybersecurity Risk Management Process guideline, designed with the idea that cybersecurity risk management should be driven by the business needs of the company...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Keeping Security Relevant: From Control to Governance in the Cloud

May 11, 2012 Added by:Rafal Los

When someone mentions public cloud, you quickly see the polarizing effects the topic has, generating a very negative reaction to the idea of putting anything corporate in the public cloud. What does that mean for the future of corporate information security and risk management?

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

Turn Compliance Beliefs Into Action: Impact Tone at the Bottom

May 11, 2012 Added by:Thomas Fox

This method is a good way for a compliance practitioner to get at ‘tone at the bottom’. By engaging employees at the level suggested you can find out not only what the employees think about the compliance program but use their collective experience to help design a more effective program...

Comments  (0)

1f2f664e68a603b3c54890fbbcd37857

The Great Compliance Conundrum

May 10, 2012 Added by:Mark Gardner

The crux of the matter is why people bemoan compliance: To comply in this case requires no external verification, and in order to meet compliance you may avoid some as they're too hard to do or do not go deep enough, but still have the ability to turn and say that "we are compliant"...

Comments  (0)

Ee445365f5f87ac6a6017afd9411a04a

SOC 2: The Customer Security Questionnaire Killer

May 07, 2012 Added by:Jon Long

User organizations figured out a long time ago that if they want confirmation of how secure their suppliers are, they have to find out for themselves because a sufficient third party attestation did not exist. This is also where the challenge to service auditors is...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Breached! Now What? Seven Steps to Avoid Failure Panic

May 07, 2012 Added by:Rafal Los

To many organizations, a security breach means a catastrophic failure in security signifying a breakdown in the mechanisms installed to keep the organization secure, and by its very nature represents failure. The problem with this situation is it really represents two failures...

Comments  (1)

3e35900ae6facc6c146a85c435c71d82

The CERT Guide to Insider Threats

May 07, 2012 Added by:Ben Rothke

While there are many books on important security topics such as firewalls, encryption, identity management and more, The CERT Guide to Insider Threats is the one of the first to formally tackle the devastating problem of trusted insiders who misappropriate data...

Comments  (0)

1de705dde1cf97450678321cd77853d9

A Tribute to Our Oldest and Dearest Friend - The Firewall Part 2

May 06, 2012 Added by:Ian Tibble

Nine times out of ten, when you ask to see firewall rules, faces will change in the room from "this is a nice time wasting meeting, but maybe I'll learn something about security" to mild-to-severe discomfort. Discomfort - because there is no hiding place any more...

Comments  (0)

B35ca22fce3b7eb394e8f5f0094f495f

Understanding Trust

May 06, 2012 Added by:Kevin W. Wall

In computer security, we should strive to make all trust relationships explicit and leave nothing to chance or misinterpretation. That's one key step in defining a trust model. At its core, information security is largely about the two goals of “ensuring trust” and “managing risk”...

Comments  (4)

F2792196079f2c16cd02be6e9ff5b3da

Why Do You Need Privileged Identity Management?

April 30, 2012 Added by:DHANANJAY ROKDE

Most access provided is typically role-based. However, many forget to consider factors like data classification and ownership. Network, system and database managers get access to what they are responsible for, but there are five questions that need to be asked...

Comments  (0)

Page « < 3 - 4 - 5 - 6 - 7 > »