Items Tagged with "Management"


Why Infosec Forced Me to Get an MBA

January 31, 2012 Added by:Don Turnblade

How much did restoring, repairing, reimaging, improved firewall rules, down time, legal fines, or direct fraud cost per event? Asking what it is may be too close to that great low pressure system, and you do not need to be struck by lightning. I won't ask and you won't tell...

Comments  (0)


Spending Your 2012 IT Security Budget - Beware of Cheap

January 28, 2012 Added by:Rafal Los

If you can't be good, be cheap - the battle cry of the second-rate vendor. After spending 4 years as part of a world-class sales organization, I can tell you that with no uncertainty that I've seen some of my competitors do some absolutely insane things to compete...

Comments  (3)


On Enterprise-Wide Risk Management

January 23, 2012 Added by:Michele Westergaard

Certain tasks can be defined via policy as needed but are really the small part of the role. An overarching role is to understand the key issues facing the organization, creatively challenge business processes by asking what can go wrong, then working to plug the potential holes...

Comments  (0)


Don’t Shoot the Messenger, Fire the Chief Compliance Officer

January 19, 2012 Added by:Thomas Fox

In the post Sarbanes-Oxley world, the CCO is a linchpin in organizational efforts to comply with applicable law. When a company fires or asks them to resign, it is of significance for all involved in corporate governance and should not be done at the CEO alone...

Comments  (0)


Security and the Theory of Constraints

January 16, 2012 Added by:Danny Lieberman

Security management is tricky. It’s not only about technical controls and good software development practice. It’s also about management responsibility. If you remember the Theory of Constraints, there is only one thing that limits a system's (or company's) performance...

Comments  (0)


Boards of Directors and Compliance: Four Areas of Inquiry

January 02, 2012 Added by:Thomas Fox

Any best practices compliance program has several moving parts, a CCO to lead the compliance program, a Compliance Department to execute the strategy and an engaged Board of Directors who oversee and participate. We applaud Hutchens approach and commend it for use by a company’s BoD...

Comments  (0)


Risk Management – More Than Just Risk Assessment

December 22, 2011 Added by:Thomas Fox

Risk management must be linked to the organization’s purpose and goals. Your company must to be disciplined. It cannot simply develop a risk assessment and then not use it to look at risk generally. As important as systems are, they must be practical, and linked to what your company does...

Comments  (0)


Security: Three Tips When Speaking to the Board of Directors

December 16, 2011 Added by:Jason Clark

Many CISOs are getting questions specifically about whether they are protected from targeted attacks, malware, and data breaches. And many of these questions are coming from people who don’t really know what terms like “targeted attack” or “malware” actually mean - the Board of Directors...

Comments  (4)


Compliance: Is Water Wet or is Jack Webb Still the Man?

December 13, 2011 Added by:Thomas Fox

One of the constant refrains for any compliance officer is responding to employees’ inquiries. Questions come in all shapes and sizes and from all over the world. The compliance professional must try to ascertain the facts to give an intelligent, coherent and, hopefully correct response...

Comments  (0)


The Visible Hand: A New Compliance Model

December 09, 2011 Added by:Thomas Fox

A company should look for small ways to expand employee autonomy in the compliance area. This does not mean a complete abdication of the role of the Compliance Department, but it does mean a notch-by-notch transfer of authority to persons in the field...

Comments  (0)


Data Loss Prevention - Without the New Blinky Boxes

December 08, 2011 Added by:Rafal Los

The glut of blinking lights and devices that require time and effort to manage has gotten out of control... or so I'm being told. I've not manged a security team in 4 years now, but even back then the glut of boxes, products and solutions was becoming too much to bear. I can only imagine it now...

Comments  (1)


Infosec: Homer Simpson or George Washington?

November 28, 2011 Added by:Ali-Reza Anghaie

Consider three fields when pondering infosec strategies: Defense, Economics, and Healthcare. All three have grasped nonlinear preventative and swarm tactics in a way we would be wise to consider. And like infosec, all three also have snake oil salesmen and demons to satiate...

Comments  (1)


Ineffective CISOs Foster Shady Vendor Practices

November 23, 2011 Added by:Boris Sverdlik

The question remains how much faith is too much to put in the hands of your vendors? Without a thorough analysis of the inner workings of your organization, it is impossible for any external entity to make recommendations on where your reactionary dollars are best spent...

Comments  (0)


Decrypting QSA Qualifications in a Diluted Market Place

November 21, 2011 Added by:Andrew Weidenhamer

One of the biggest challenges is how to determine which 3rd party QSA company to use. With 120+ QSA companies certified to perform On-Site Assessments in the USA, there is not an easy answer, unless of course price is the only consideration. Unfortunately, sometimes this is the case...

Comments  (0)


Three Words to Describe Enterprise Security

November 16, 2011 Added by:Rafal Los

We're cynical. Many security professionals and information security management alike are getting fed up with vendors who don't take the time to understand the issues they're facing - and simply to to sell, sell, sell...

Comments  (0)


#EntSec pt. II -- Accepting Exceptional Mediocrity

November 04, 2011 Added by:Ali-Reza Anghaie

Respect of a brand can carry through decades. It's my belief that if you influence through Enterprise Security, you will attract a better breed of customer and customer loyalty. This is a worthy selling point and worth marketing. And you still don't have to shave or put on shoes to do it...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »