Blog Posts Tagged with "Risk Assessments"

69dafe8b58066478aea48f3d0f384820

PwC’s Economic Crime Survey Focuses on Cybercrime

November 30, 2011 Added by:Headlines

"Many executives have yet to seize upon the serious nature of the cybercrime threat. Cybercrime has emerged as a formidable threat, thanks to deeply determined, highly skilled, and well-organized cybercriminals, from nation states to hacktivists, from criminal gangs to lone-wolf perpetrators..."

Comments  (0)

9fbacd2502ce5f91a25f722d8dfe2933

Five Key Aspects of a Good Infosec Risk Assessment

November 25, 2011 Added by:Albert Benedict

Because they are consistent and repeatable, current risk assessment results can be compared to previous years’ results to see if there was any growth. You can also compare the client’s status to other companies of similar size and stature to show them where they stand...

Comments  (0)

Ad5130e786d13531cc0f2cde32dacd0f

Security Scribbling: ISO 27001 vs. PCI Misunderstanding

November 17, 2011 Added by:Andrew Weidenhamer

The problem with using a risk based approach is the manner in which risk is defined and accepted. As long as there is a good Risk Assessment methodology in place and further good reasons and justifications to deal with risk, then using a risk based approach is perfectly acceptable...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

What To Do About Insider Threats

November 14, 2011 Added by:PCI Guru

Insiders must have access to information that the general public or even you business partners do not. As a result, should an employee get sloppy with controls or go “rogue,” you can expect to lose whatever information that person had access. Remember my mantra – security is not perfect...

Comments  (0)

Ebbcdce0dfc85abf519d8b44a017f687

Latest Data Breach Costs Could Exceed $5 Billion

October 31, 2011 Added by:Brian Dean

It is recommended that organizations receiving PII become intimately familiar with all of the applicable security requirements for their industry in order to understand minimum protection requirements, industry best practices, as well as the consequences of noncompliance...

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

How do You Evaluate a Risk Assessment?

September 29, 2011 Added by:Thomas Fox

The key to the Timken approach is the action steps prescribed by their analysis. This is another way of saying that the risk assessment informs the compliance program, not vice versa. This is the method set forth by the US Department of Justice in its Compliance Program best practices...

Comments  (0)

C787d4daae33f0e155e00c614f07b0ee

Information Security as the Doctor of the Enterprise

September 05, 2011 Added by:Robb Reck

Aren’t we in information security playing exactly the same role in our organizations that our doctor’s play in our healthcare? We evaluate, diagnose, and treat our patients, just like our doctors do for us. But our evaluations are called risk assessments instead of checkups...

Comments  (1)

0356a83ecb15c8e33b00560d7bebe47f

Nine Reasons Why You're Not Ready for DLP

August 31, 2011 Added by:Stephen Marchewitz

No matter what you are told, simply writing a check to a software vendor and installing some code will not prevent all data loss. Depending on the intricacies of the organization, the money that DLP solutions require may likely be better spent on other security initiates...

Comments  (0)

9259e8d30306ac2ef4c5dd1936e67634

How to Deal With Insider Threats

July 06, 2011 Added by:Dejan Kosutic

Insider threats will remain the biggest risk to the security of information - the complexity of systems and amount of data will only increase this threat in time. And the best way to deal with them is to prevent them - once they happen, you can only hope they won't go too far...

Comments  (3)

07c90faf3632560a12dd6e98069813f2

HIPAA: Rx For End-User Device Risks

July 06, 2011 Added by:Konrad Fellmann

Basically, if electronic PHI data is encrypted, purged, or physically destroyed before it is inadvertently disclosed, then it doesn’t count as a breach. If the information is protected in a way that it can’t be obtained by an unauthorized individual then you’re safe...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Why Your Vendor Doesn’t Want You to do Risk Analysis

June 23, 2011 Added by:Danny Lieberman

Small business IT integrators are behind the curve on security, compliance, disaster recovery and application security. The typical SMB integrator mindset is dominated by the Microsoft monoculture, and I would not expect them to be able to analyze data security threats...

Comments  (3)

Ebb72d4bfba370aecb29bc7519c9dac2

Algorithmic SIEM “Correlation” Is Back?

June 18, 2011 Added by:Anton Chuvakin

One of the ways out of ill-fitting default rules is in use of event scoring algorithms and other ruleless methods. While not without known limitations, can be extremely useful in environments where correlation rule tuning is not likely to happen, no matter how many times we say it should...

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

Essentials for an FCPA Compliance Program

June 10, 2011 Added by:Thomas Fox

Ongoing monitoring, auditing and assessments need to go down to the individual employee level. There should be both a ‘carrot and stick’ approach so that employees are disciplined for compliance failures, but also rewarded for doing business through appropriate compliance avenues...

Comments  (1)

9259e8d30306ac2ef4c5dd1936e67634

Cloud Computing and ISO 27001 / BS 25999

June 06, 2011 Added by:Dejan Kosutic

Although the risks related to cloud computing are high, it doesn't mean they cannot be mitigated. Therefore, use your common sense when choosing your cloud computing provider - if you don't trust your provider fully, then don't entrust them with your sensitive information...

Comments  (0)

959779642e6e758563e80b5d83150a9f

The Importance of Data Collection in Risk Assessments

June 02, 2011 Added by:Danny Lieberman

Many times we feel secure but are not, or don’t feel secure when we really are. A company may feel secure behind a well-maintained firewall but if employees are bringing smart phones and flash drives to work, this is an attack vector which may result in a high level of risk...

Comments  (0)

9259e8d30306ac2ef4c5dd1936e67634

The Importance of a Statement of Applicability for ISO 27001

April 27, 2011 Added by:Dejan Kosutic

You shouldn't consider the Statement of Applicability as just an "overhead document" that has no use in real life. Written properly, an SoA is a perfect overview of what needs to be done in information security, why it has to be done, and how it is done...

Comments  (0)

Page « < 1 - 2 - 3 - 4 > »