Blog Posts Tagged with "Governance"

C787d4daae33f0e155e00c614f07b0ee

RSA Conference 2012 Wrap-Up

March 04, 2012 Added by:Robb Reck

RSA 2012 is in the books. The crypto-geniuses have gone home and are again working on solving our most challenging technical problems. The rest of us have returned home with some new insights and an improved plan for implementing security in our own little corners of the world...

Comments  (0)

7477d0986a135e5e948d70e9995a609c

ISO 27001 and HITRUST for Healthcare Organizations

January 23, 2012 Added by:John Verry

HITRUST provides a prescriptive set of controls that are mapped and referenced to standards and regulations relevant to healthcare. The idea is to simplify the process of becoming largely compliant with relevant laws and regulations and mitigating most risks...

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

Don’t Shoot the Messenger, Fire the Chief Compliance Officer

January 19, 2012 Added by:Thomas Fox

In the post Sarbanes-Oxley world, the CCO is a linchpin in organizational efforts to comply with applicable law. When a company fires or asks them to resign, it is of significance for all involved in corporate governance and should not be done at the CEO alone...

Comments  (0)

959779642e6e758563e80b5d83150a9f

On the Israeli Credit Card Breach

January 08, 2012 Added by:Danny Lieberman

The biggest vulnerability of PCI DSS is that it’s about 10 years behind the curve. When people in the PCI DSS Security Council in Europe confess to never having heard of DLP and when the standard places an obsessive emphasis on anti-virus, you know you're still in Kansas...

Comments  (0)

959779642e6e758563e80b5d83150a9f

The Tao of GRC

December 23, 2011 Added by:Danny Lieberman

Effective GRC management requires neither better mathematical models nor complex software. It does require us to explore new threat models and go outside the organization to look for risks we’ve never thought about and discover new links and interdependencies that may threaten our business...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

SOX Compliance and Evolution to GRC Conference

October 20, 2011 Added by:Infosec Island Admin

The SOX Compliance series is targeted at a focused group of senior level executives to maintain an intimate atmosphere for the delegates and speakers. Since it is not a vendor driven conference, the higher level focus allows the delegates to network with their industry peers and speakers...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Get Your SOX Compliance On

October 12, 2011 Added by:Infosec Island Admin

SOX Compliance & Evolution to GRC Conference is a unique opportunity to review the required blend of compliance and risk-based strategies and methodologies necessary to meet federal mandates while delivering greater efficiency across their GRC footprint...

Comments  (0)

91648658a3e987ddb81913b06dbdc57a

New Certification on the Block - EC Council's C|CISO

September 23, 2011 Added by:Ron Baklarz

I am anxious to follow the evolution of the EC Council's new C|CISO certification, as it looks as though it will fill some gaps missing from other "gold-standard" certifications, and that are necessary for one aspiring to be or currently practicing security at the C-level...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

SOX Compliance and Evolution to GRC - Chicago

September 23, 2011 Added by:Infosec Island Admin

The SOX Compliance series is targeted at a focused group of senior level executives to maintain an intimate atmosphere for the delegates and speakers. Since it is not a vendor driven conference, the higher level focus allows the delegates to network with their industry peers and speakers...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Taming the Cloud - Provisioning and Security

September 08, 2011 Added by:Rafal Los

Whether deploying IaaS, PaaS, or SaaS, provisioning is the key to having a safe, secure, and stable environment. With the fragility and complexity of today's cloud deployments, you can't afford a single error which could unwind everything. I seem to recall this happening to a Cloud vendor recently...

Comments  (0)

6429389c5e8a4c9555be876f8484331a

Guide: How to Pass an IT Audit

September 01, 2011 Added by:Sasha Nunke

The purpose of this document is to pass along tips we learned that may be useful as you consider adopting QualysGuard PC. This guide covers the steps and procedures to passing an IT GRC audit — as told by an enterprise end-user who deployed QualysGuard Policy Compliance...

Comments  (0)

44fa7dab2a22dc03b6a1de4a35b7834a

Federal OMB Directs Agencies to Expand CIO Powers

August 29, 2011 Added by:Bill Gerneglia

This expansion of the role of the CIO at the federal level is seen as essential by outgoing Federal CIO Kundra in order to drive desired cost savings and ROI through specific programs like the data center consolidation program as well as the migration of applications to the cloud...

Comments  (0)

6429389c5e8a4c9555be876f8484331a

Avoiding 7 Common Mistakes of IT Security Compliance

August 16, 2011 Added by:Sasha Nunke

Ambiguity abounds due to lack of a universal philosophy of compliance. A big challenge for security professionals is navigating this ambiguity, especially when financial auditing terms such as GRC are loosely applied to IT security solutions. Let the buyer beware...

Comments  (2)

959779642e6e758563e80b5d83150a9f

Practical Security Management for Startups

July 22, 2011 Added by:Danny Lieberman

Startup management needs to know how much their information security measures will cost and how it helps them run the business. Business Threat Modeling (TM) is a practical way for a manager to assess the operational risk for the startup in dollars and cents...

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

Using ERM Maps to Enhance Your Compliance Program

June 22, 2011 Added by:Thomas Fox

ERM Maps are designed to assist the compliance practitioner in designing or reviewing a company’s GRC by providing a visual representation of the best practices in compliance business processes. It allows a company to develop a gap analysis or classify gaps in its GRC program...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Application Software in the Cloud – Power to the People

June 08, 2011 Added by:Danny Lieberman

We all use the term ”IT Governance” as if security of data was dependent on policy. Since we have lots of IT governance and lots of data breaches, we may safely assume that writing procedures while the hackers attack software and steal data is not an effective security countermeasure...

Comments  (0)

Page « < 1 - 2 - 3 > »