Blog Posts Tagged with "Risk Management"
Deconstructing 'Defensible' - Too Many Assets, not Enough Resources
April 19, 2013 Added by:Rafal Los
In just about every organization (with little exception) there are more things to defend than there are resources to defend with. Remember playing the game of Risk, when you were a kid? Maybe you still have the game now... amazing how close to that board game your life in InfoSec is now, isn't it?
Comments (0)
Momma Said “Risk is Like a Box of Chocolates…”
April 10, 2013 Added by:Tripwire Inc
In the movie Forrest Gump, the main character comments, “life is like a box of chocolates – you never know what you’re gonna get.” I think the same can be said for risk.
Comments (1)
Managing Risk and Information Security: Protect to Enable
April 01, 2013 Added by:Ben Rothke
In Managing Risk and Information Security: Protect to Enable, author Malcolm Harkins deals with the inherent tension of information security – that between limitations and enablement.
Comments (0)
CISO Challenges: The Build vs. Buy Problem (2:2)
January 24, 2013 Added by:Rafal Los
In order to not incur additional risk to the business, the organization being outsourced to must be heavily vetted and contractually obligated to maintain secrecy and integrity. It can be done, but it's tricky, and requires work in due-diligence to ensure the result isn't a train wreck during a worst-case scenario...
Comments (0)
Developing and Implementing Strategy for Managing Risks in the Supply Chain
January 11, 2013 Added by:Michele Westergaard
The past three years have seen a number of man-made and natural disasters bring risk management demands to the forefront of executives and board directors. Fat-tail risks that have a low probability, but a very high impact to the organization, such as the Japanese tsunami, the Gulf of Mexico oil spill or the euro-zone liquidity crisis, have been front and center, creating a renewed interest in ent...
Comments (0)
Mobile Devices get means for Tamper-Evident Forensic Auditing
December 13, 2012 Added by:Michelle Drolet
In order to detect security breaches and guarantee compliance, tamper “proofing” has not been sufficient. When it comes time for a forensic audit, the ability to detect unauthorized changes to digital files becomes invaluable in an investigation...
Comments (0)
How I Learned to Love Incident Management
December 08, 2012 Added by:Tripwire Inc
Incident Management is particularly interesting in the light of the recent attacks on Vmware, Symantec and a host of other companies and internet properties. It all boils down to a fairly straight forward question…when an incident occurs, how does your security team respond?
Comments (0)
Risky Business
December 03, 2012 Added by:Randall Frietzsche
In the broad spectrum of activities which might be called Information Security, we must always first and foremost implement, execute and follow through with risk management. Risk management is the backbone or foundation of any good information security program...
Comments (0)
Social Media: Lightning Storm
December 03, 2012 Added by:Joel Harding
I worked for one company who wanted to get information out quickly to all their stakeholders. The problem was the company was mired in an unhealthy aversion to risk. Their mind-set was avoidance, whereas industry transitioned to risk mitigation. That company is doomed to fail...
Comments (1)
Fifteen Tips to Improve Your Infosec Risk Management Practice
November 29, 2012 Added by:Tripwire Inc
For years security vendors have been able to play off the general fears of malware and cyber attacks. As the scope of protecting data has become more complex, we’ve slowly learned that deploying more security controls alone is not a risk management solution...
Comments (0)
Four Turning Points in Cybersecurity History
November 18, 2012 Added by:Tripwire Inc
Enterprises adopted reputable standards for secure configurations, and implemented repeatable practices for creating secure infrastructure. This shift dramatically reduced the attack surface of enterprises, greatly increasing the difficulty of achieving a successful attack...
Comments (0)
"No known exploits in the wild..."
November 13, 2012 Added by:Rafal Los
It's human nature, and just the way we are wired... I know I can feel some of that on myself when I hear that phrase. I guess I would change it to be slightly more effective (or harder to dismiss) by adding "at this time" at the end of the sentence - although I doubt it would make too much of a different...
Comments (0)
Third Party Application Analysis: Best Practices and Lessons Learned
November 02, 2012 Added by:Fergal Glynn
Communication and execution are crucial to successful third party analyses. A huge contributing factor for these best practices is project management. Project management activities such as status meetings, enterprise follow-ups, and open discussions will facilitate the analysis process...
Comments (0)
Using ISO 27005: Where Does a Risk Taxonomy Fit?
October 23, 2012 Added by:Stephen Marchewitz
Whether you start from top-down management or are looking for bottom-up results, having a quantifiable approach to security risk management that aligns with a known standard such as ISO will put you in a better position than you are today...
Comments (0)
Have You Added Personas to your Incident Response Program?
October 23, 2012 Added by:Tripwire Inc
For any activity you do, it’s important not just to measure how well the organization did in a stress test situation, but to evaluate where your opportunities for improvement are. In my experience, personas are a great way to communicate a rich context very quickly once they are introduced...
Comments (0)
Apple Shareholders Demand Security Risk Reports From the Board
October 19, 2012 Added by:Tripwire Inc
Apple shareholders recently made a request of Apple’s Board of Directors to provide a report regarding how Apple and its board oversees security and privacy risks. The request cites many of the recent privacy and security issues that have plagued Apple, making headlines and even leading to litigation...
Comments (0)
- Five Things Your InfoSec Team Should Do in the Next 30 Days
- The Disclosure Debate Continues….. (part 1,453, 769) to be Continued
- The Danger of Mixing Cyber Espionage with Cyber Warfare
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)