Items Tagged with "Management"
Why Infosec Forced Me to Get an MBA
January 31, 2012 Added by:Don Turnblade
How much did restoring, repairing, reimaging, improved firewall rules, down time, legal fines, or direct fraud cost per event? Asking what it is may be too close to that great low pressure system, and you do not need to be struck by lightning. I won't ask and you won't tell...
Comments (0)
Spending Your 2012 IT Security Budget - Beware of Cheap
January 28, 2012 Added by:Rafal Los
If you can't be good, be cheap - the battle cry of the second-rate vendor. After spending 4 years as part of a world-class sales organization, I can tell you that with no uncertainty that I've seen some of my competitors do some absolutely insane things to compete...
Comments (3)
On Enterprise-Wide Risk Management
January 23, 2012 Added by:Michele Westergaard
Certain tasks can be defined via policy as needed but are really the small part of the role. An overarching role is to understand the key issues facing the organization, creatively challenge business processes by asking what can go wrong, then working to plug the potential holes...
Comments (0)
Don’t Shoot the Messenger, Fire the Chief Compliance Officer
January 19, 2012 Added by:Thomas Fox
In the post Sarbanes-Oxley world, the CCO is a linchpin in organizational efforts to comply with applicable law. When a company fires or asks them to resign, it is of significance for all involved in corporate governance and should not be done at the CEO alone...
Comments (0)
Security and the Theory of Constraints
January 16, 2012 Added by:Danny Lieberman
Security management is tricky. It’s not only about technical controls and good software development practice. It’s also about management responsibility. If you remember the Theory of Constraints, there is only one thing that limits a system's (or company's) performance...
Comments (0)
Boards of Directors and Compliance: Four Areas of Inquiry
January 02, 2012 Added by:Thomas Fox
Any best practices compliance program has several moving parts, a CCO to lead the compliance program, a Compliance Department to execute the strategy and an engaged Board of Directors who oversee and participate. We applaud Hutchens approach and commend it for use by a company’s BoD...
Comments (0)
Risk Management – More Than Just Risk Assessment
December 22, 2011 Added by:Thomas Fox
Risk management must be linked to the organization’s purpose and goals. Your company must to be disciplined. It cannot simply develop a risk assessment and then not use it to look at risk generally. As important as systems are, they must be practical, and linked to what your company does...
Comments (0)
Security: Three Tips When Speaking to the Board of Directors
December 16, 2011 Added by:Jason Clark
Many CISOs are getting questions specifically about whether they are protected from targeted attacks, malware, and data breaches. And many of these questions are coming from people who don’t really know what terms like “targeted attack” or “malware” actually mean - the Board of Directors...
Comments (4)
Compliance: Is Water Wet or is Jack Webb Still the Man?
December 13, 2011 Added by:Thomas Fox
One of the constant refrains for any compliance officer is responding to employees’ inquiries. Questions come in all shapes and sizes and from all over the world. The compliance professional must try to ascertain the facts to give an intelligent, coherent and, hopefully correct response...
Comments (0)
The Visible Hand: A New Compliance Model
December 09, 2011 Added by:Thomas Fox
A company should look for small ways to expand employee autonomy in the compliance area. This does not mean a complete abdication of the role of the Compliance Department, but it does mean a notch-by-notch transfer of authority to persons in the field...
Comments (0)
Data Loss Prevention - Without the New Blinky Boxes
December 08, 2011 Added by:Rafal Los
The glut of blinking lights and devices that require time and effort to manage has gotten out of control... or so I'm being told. I've not manged a security team in 4 years now, but even back then the glut of boxes, products and solutions was becoming too much to bear. I can only imagine it now...
Comments (1)
Infosec: Homer Simpson or George Washington?
November 28, 2011 Added by:Ali-Reza Anghaie
Consider three fields when pondering infosec strategies: Defense, Economics, and Healthcare. All three have grasped nonlinear preventative and swarm tactics in a way we would be wise to consider. And like infosec, all three also have snake oil salesmen and demons to satiate...
Comments (1)
Ineffective CISOs Foster Shady Vendor Practices
November 23, 2011 Added by:Boris Sverdlik
The question remains how much faith is too much to put in the hands of your vendors? Without a thorough analysis of the inner workings of your organization, it is impossible for any external entity to make recommendations on where your reactionary dollars are best spent...
Comments (0)
Decrypting QSA Qualifications in a Diluted Market Place
November 21, 2011 Added by:Andrew Weidenhamer
One of the biggest challenges is how to determine which 3rd party QSA company to use. With 120+ QSA companies certified to perform On-Site Assessments in the USA, there is not an easy answer, unless of course price is the only consideration. Unfortunately, sometimes this is the case...
Comments (0)
Three Words to Describe Enterprise Security
November 16, 2011 Added by:Rafal Los
We're cynical. Many security professionals and information security management alike are getting fed up with vendors who don't take the time to understand the issues they're facing - and simply to to sell, sell, sell...
Comments (0)
#EntSec pt. II -- Accepting Exceptional Mediocrity
November 04, 2011 Added by:Ali-Reza Anghaie
Respect of a brand can carry through decades. It's my belief that if you influence through Enterprise Security, you will attract a better breed of customer and customer loyalty. This is a worthy selling point and worth marketing. And you still don't have to shave or put on shoes to do it...