Blog Posts Tagged with "Risk Assessments"


Effective FCPA Risk Assessments

April 01, 2011 Added by:Thomas Fox

Insufficient strategies include: an FCPA compliance policy that is disseminated broadly but has shallow preventative measures; monitoring efforts which review samples from artificially inflated universes; expanding the FCPA audience, yet diluting the compliance solution...

Comments  (0)


Five Security Secrets Network Administrators Keep Quiet

March 22, 2011 Added by:Headlines

Network administrators may be conducting their own personal risk assessments in the course of their daily duties. They may be weighing factors such as performance pay incentives, the thoroughness of security audits, and time constraints when deciding what is or is not a priority...

Comments  (0)


Seven Steps for Implementing Policies and Procedures

March 17, 2011 Added by:Dejan Kosutic

Have you ever been given the task to write a security policy or a procedure, but you don't want your document to end up gathering dust in some forgotten drawer? Here are some thoughts that might help you...

Comments  (2)


Software Security Assurance Psychology - The Legacy Code

March 04, 2011 Added by:Rafal Los

An application has been relied upon successfully for months or years (decades?), and now that the organization finally gave you access to it because they touched/modified one small component you've found a systemic bug which requires a large-scale effort to remediate. Herein lies the rub...

Comments  (0)


ISO 27001 Risk Assessment Methodology and Process

March 03, 2011 Added by:Dejan Kosutic

Risk assessment is the first major step in implementation of ISO 27001, right after the ISMS Scope document and ISMS Policy; after the risk assessment is completed, risk treatment defines which controls are to be implemented and then the implementation of information security can start...

Comments  (1)


FCPA Risk Assessments and Current Best Practices

February 26, 2011 Added by:Thomas Fox

The key point is that a Risk Assessment is absolutely mandatory and must be used as a basis for the design of an effective compliance policy. If a Risk Assessment is not used, it might be well nigh impossible to argue that your compliance program meets even the basic standards...

Comments  (0)


Insider Threats: The Stationary Cupboard Test

February 26, 2011 Added by:Javvad Malik

A cashier would just love to dip into the till and grab a wad of used tenner’s every day. But they know that numerous controls in place. However, your typical stationary cupboard generally lacks such sophisticated controls. Which is why you never ever see anyone take just one pen...

Comments  (0)


Giving ISO 27001 Business Context

January 25, 2011 Added by:Danny Lieberman

ISO 27001 is arguably the most comprehensive information security framework available today. Moreover, it is a vendor neutral standard. This article discusses the benefits of performing an ISO 27001 based risk assessment exercise using techniques of threat modeling...

Comments  (0)


Assessing Risk II: Attack Modeling to Collect Data

December 21, 2010 Added by:Danny Lieberman

Attack modeling is based on the notion that any system has assets of value worth protecting. These assets have certain vulnerabilities. It is a given that internal and external attacks exist, that may exploit these vulnerabilities in order to cause damage to the assets...

Comments  (0)


How to Assess Risk Part I: Asking the Right Questions

December 14, 2010 Added by:Danny Lieberman

It seems to me that self-assessment of risk is a difficult process to understand and execute, primarily because the employees who are asked to assess the risk in their business process don’t really understand the notion of risk, and don’t really care...

Comments  (2)


Business Continuity Implementation Webinar

November 01, 2010 Added by:Dejan Kosutic

This free one-hour training is designed for organizations that plan to implement BS 25999-2. This session will explain all the steps in business continuity implementation according to BS 25999-2 standard, and provide tips on how to proceed with this complex task...

Comments  (0)


Seminar to Feature ISECOM's OSSTMM v3

October 13, 2010 Added by:Anthony M. Freed

The OSSTMM is a peer-reviewed methodology for performing security tests and metrics divided into five channels: information and data controls, fraud and social engineering, computer and telecommunications networks, wireless devices, physical security access controls, and security processes...

Comments  (1)


Implementing OSSTMM Strategies Creates Value

September 28, 2010 Added by:Infosec Island Admin

OSSTMM has been enhanced over time dramatically. Current and upcoming releases are strongly related to practical issues. I can definitely confirm that many of our clients who have to change their supplier for security policy reasons expect their future suppliers to apply the OSSTMM...

Comments  (0)


Better Security Through Sacrificing Maidens

September 15, 2010 Added by:Pete Herzog

Now we all see people who say that security is about the process and we see them fighting a losing battle. The problem is we are being taught to build defenses like consumers and it isn't working...

Comments  (25)


Healthcare Risk Assessment Essentials

August 25, 2010 Added by:Jack Daniel

A risk assessment needs to go beyond regulatory expectations to ensure an organization is protecting its sensitive assets. Utilizing a best of breed or best practices framework will enable the organization to identify security gaps and control weaknesses rather than regulatory gaps...

Comments  (0)


Still Using Excel for Risk Assessments?

July 27, 2010 Added by:Danny Lieberman

Risk assessment data and analysis with Excel is a collection of brittle, unwieldy, two dimensional worksheets is a really bad way of doing multi-dimensional modeling...

Comments  (0)

Page « < 1 - 2 - 3 - 4 > »