Blog Posts Tagged with "Risk Assessments"


Passing the New Guidelines on PCI Risk Assessments

March 07, 2013 Added by:Stephen Marchewitz

While PCI DSS compliance has been a requirement for several years now, it’s been fairly subjective as to what a compliant program looks like and how an organization actually goes about it. While that can still look to be the case, here are a few things to consider.

Comments  (0)


Why Data Security and Enterprise Risk Management are Important

August 28, 2012 Added by:Christopher Rodgers

Management sometimes assumes that when they have identified and summarized the top risks to their organization through a Strategic Risk Assessment, that they have implemented ERM. This is simply not the case. Strategic Risk Assessment is an important component of ERM and usually a starting point, but not a final destination...

Comments  (0)


Security Mistakes You Will Make on Your Next Cloud Project

July 18, 2012 Added by:Danny Lieberman

The Cloud Security Control model looks great, but it doesn’t mitigate core vulnerabilities in your software. Once you choose the right service model and vendor, put aside the security reference models and focus on hardening your application software. It’s your code that will be running in someone else's cloud...

Comments  (0)


IT Risk Management: Roadmap for a Roadmap

July 03, 2012 Added by:Jared Pfost

Most IT organizations aren't equipped or supported to build a mature program. If our objective is to deliver an evidence driven investment road map aligned with the business, it's OK to plan a phased approach and demonstrate value while the culture, process, and necessary resources gain momentum...

Comments  (0)


Napoleon’s Invasion of Russia and Risk Management

June 20, 2012 Added by:Thomas Fox

As compliance programs become more mature, you can use the information generated in a risk assessment in a variety of ways to facilitate an overall risk management program. To create an effective risk management system, understand the qualitative distinctions among types of risk an organization faces...

Comments  (0)


Making an Intelligent, Defensible Trust Valuation

April 23, 2012 Added by:Rafal Los

Is trust a binary decision? Can you trust something to varying levels? These are important questions for any security professional to have good answers to. Applying this logic to computing - can we ever really trust any computer environment, system, or application?

Comments  (0)


Incident Response and Risk Management Go Hand in Hand

February 12, 2012 Added by:Neira Jones

Residual risk is inevitable, so incident response becomes a crucial part of managing it. As the risk assessment identifies the assets critical to a business - threats, vulnerabilities and controls - so should the incident response plan concentrate on critical assets...

Comments  (2)


Enterprise Disaster Recovery Planning

February 02, 2012 Added by:Danny Lieberman

DR planning is not about writing a procedure, getting people to sign up and then filing it away somewhere. The disaster recovery plan is designed to assist companies in responding quickly and effectively to a disaster in a local office and restore business as quickly as possible...

Comments  (0)


Why Infosec Forced Me to Get an MBA

January 31, 2012 Added by:Don Turnblade

How much did restoring, repairing, reimaging, improved firewall rules, down time, legal fines, or direct fraud cost per event? Asking what it is may be too close to that great low pressure system, and you do not need to be struck by lightning. I won't ask and you won't tell...

Comments  (0)


A Failed Attempt at Optimizing an Infosec Risk Assessment

January 28, 2012 Added by:Bozidar Spirovski

Having a standardized method for risk assessment in infosec based on hard numbers would be great. But since the factors included in any incident are complex and varying, and consistent incident reporting is impossible, we will be sticking to the current qualitative methods...

Comments  (3)


On Enterprise-Wide Risk Management

January 23, 2012 Added by:Michele Westergaard

Certain tasks can be defined via policy as needed but are really the small part of the role. An overarching role is to understand the key issues facing the organization, creatively challenge business processes by asking what can go wrong, then working to plug the potential holes...

Comments  (0)


On Vulnerability Assessments and Penetration Tests

January 10, 2012 Added by:Drayton Graham

Simply put, a Vulnerability Assessment is a piece of code that will identify and report on known vulnerabilities, but a scanner will likely run into false positives. A Penetration Test goes a step further in that a human exploits vulnerabilities, but false positives do not exist...

Comments  (0)


Risk Management – More Than Just Risk Assessment

December 22, 2011 Added by:Thomas Fox

Risk management must be linked to the organization’s purpose and goals. Your company must to be disciplined. It cannot simply develop a risk assessment and then not use it to look at risk generally. As important as systems are, they must be practical, and linked to what your company does...

Comments  (0)


Case Study: A Cloud Security Assessment

December 13, 2011 Added by:Danny Lieberman

A client asked us to find a way to reduce risk exposure at the lowest cost. Using the Business Threat Modeling methodology and Practical Threat Analysis software, we were able to mitigate 80% of the total risk exposure in dollars at half the security budget proposed by the vendor....

Comments  (1)


Data Loss Prevention - Step 1: Know What's Important

December 12, 2011 Added by:Rafal Los

It's important to understand what your company does and then figure out what the critical bits are. Sometimes it's your customer lists, or a secret ultra-high efficiency engine design, or the next big thing in stealth bombers. The point is that you simply need to know your business...

Comments  (0)


PCI DSS Risk SIG Announced: Results Will Be Interesting

December 12, 2011 Added by:Andrew Weidenhamer

The one that I am most interested in seeing is the results of is the Risk Assessment SIG. Although IT Risk Assessments has been a term that has been used for decades now, they are still rarely performed and almost always poorly when they are in regard to effectively considering threats...

Comments  (0)

Page « < 1 - 2 - 3 - 4 > »