Blog Posts Tagged with "Risk Assessments"


PwC’s Economic Crime Survey Focuses on Cybercrime

November 30, 2011 Added by:Headlines

"Many executives have yet to seize upon the serious nature of the cybercrime threat. Cybercrime has emerged as a formidable threat, thanks to deeply determined, highly skilled, and well-organized cybercriminals, from nation states to hacktivists, from criminal gangs to lone-wolf perpetrators..."

Comments  (0)


Five Key Aspects of a Good Infosec Risk Assessment

November 25, 2011 Added by:Albert Benedict

Because they are consistent and repeatable, current risk assessment results can be compared to previous years’ results to see if there was any growth. You can also compare the client’s status to other companies of similar size and stature to show them where they stand...

Comments  (0)


Security Scribbling: ISO 27001 vs. PCI Misunderstanding

November 17, 2011 Added by:Andrew Weidenhamer

The problem with using a risk based approach is the manner in which risk is defined and accepted. As long as there is a good Risk Assessment methodology in place and further good reasons and justifications to deal with risk, then using a risk based approach is perfectly acceptable...

Comments  (0)


What To Do About Insider Threats

November 14, 2011 Added by:PCI Guru

Insiders must have access to information that the general public or even you business partners do not. As a result, should an employee get sloppy with controls or go “rogue,” you can expect to lose whatever information that person had access. Remember my mantra – security is not perfect...

Comments  (0)


Latest Data Breach Costs Could Exceed $5 Billion

October 31, 2011 Added by:Brian Dean

It is recommended that organizations receiving PII become intimately familiar with all of the applicable security requirements for their industry in order to understand minimum protection requirements, industry best practices, as well as the consequences of noncompliance...

Comments  (0)


How do You Evaluate a Risk Assessment?

September 29, 2011 Added by:Thomas Fox

The key to the Timken approach is the action steps prescribed by their analysis. This is another way of saying that the risk assessment informs the compliance program, not vice versa. This is the method set forth by the US Department of Justice in its Compliance Program best practices...

Comments  (0)


Information Security as the Doctor of the Enterprise

September 05, 2011 Added by:Robb Reck

Aren’t we in information security playing exactly the same role in our organizations that our doctor’s play in our healthcare? We evaluate, diagnose, and treat our patients, just like our doctors do for us. But our evaluations are called risk assessments instead of checkups...

Comments  (1)


Nine Reasons Why You're Not Ready for DLP

August 31, 2011 Added by:Stephen Marchewitz

No matter what you are told, simply writing a check to a software vendor and installing some code will not prevent all data loss. Depending on the intricacies of the organization, the money that DLP solutions require may likely be better spent on other security initiates...

Comments  (0)


How to Deal With Insider Threats

July 06, 2011 Added by:Dejan Kosutic

Insider threats will remain the biggest risk to the security of information - the complexity of systems and amount of data will only increase this threat in time. And the best way to deal with them is to prevent them - once they happen, you can only hope they won't go too far...

Comments  (3)


HIPAA: Rx For End-User Device Risks

July 06, 2011 Added by:Konrad Fellmann

Basically, if electronic PHI data is encrypted, purged, or physically destroyed before it is inadvertently disclosed, then it doesn’t count as a breach. If the information is protected in a way that it can’t be obtained by an unauthorized individual then you’re safe...

Comments  (0)


Why Your Vendor Doesn’t Want You to do Risk Analysis

June 23, 2011 Added by:Danny Lieberman

Small business IT integrators are behind the curve on security, compliance, disaster recovery and application security. The typical SMB integrator mindset is dominated by the Microsoft monoculture, and I would not expect them to be able to analyze data security threats...

Comments  (3)


Algorithmic SIEM “Correlation” Is Back?

June 18, 2011 Added by:Anton Chuvakin

One of the ways out of ill-fitting default rules is in use of event scoring algorithms and other ruleless methods. While not without known limitations, can be extremely useful in environments where correlation rule tuning is not likely to happen, no matter how many times we say it should...

Comments  (0)


Essentials for an FCPA Compliance Program

June 10, 2011 Added by:Thomas Fox

Ongoing monitoring, auditing and assessments need to go down to the individual employee level. There should be both a ‘carrot and stick’ approach so that employees are disciplined for compliance failures, but also rewarded for doing business through appropriate compliance avenues...

Comments  (1)


Cloud Computing and ISO 27001 / BS 25999

June 06, 2011 Added by:Dejan Kosutic

Although the risks related to cloud computing are high, it doesn't mean they cannot be mitigated. Therefore, use your common sense when choosing your cloud computing provider - if you don't trust your provider fully, then don't entrust them with your sensitive information...

Comments  (0)


The Importance of Data Collection in Risk Assessments

June 02, 2011 Added by:Danny Lieberman

Many times we feel secure but are not, or don’t feel secure when we really are. A company may feel secure behind a well-maintained firewall but if employees are bringing smart phones and flash drives to work, this is an attack vector which may result in a high level of risk...

Comments  (0)


The Importance of a Statement of Applicability for ISO 27001

April 27, 2011 Added by:Dejan Kosutic

You shouldn't consider the Statement of Applicability as just an "overhead document" that has no use in real life. Written properly, an SoA is a perfect overview of what needs to be done in information security, why it has to be done, and how it is done...

Comments  (0)

Page « < 1 - 2 - 3 - 4 > »