Items Tagged with "Management"
November 03, 2011 Added by:Thomas Fox
In an article entitled “Telling Your Board What it Needs to Hear”, author Arielle Bikard discusses the views of Pfizer Inc’s Chief Compliance Officer (CCO), Douglas Lankler, on how he keeps the Pfizer Board of Directors up to date on compliance issues...
October 27, 2011 Added by:Dan Dieterle
There is a disconnect between management and IT. Sometimes management doesn’t fully understand what the IT department is doing. Veteran computer personal are being removed from companies – “due to cutbacks”, only to be replaced shortly thereafter by inexperienced or even temporary workers...
October 26, 2011 Added by:Ali-Reza Anghaie
Enterprise Security is Not Business Relevant. Now, that's quite the inflammatory statement but unless your business is security then it's true in practice today. Before the flaming begins let me start by saying I believe firmly it ~IS~ business critical but I want to make it actually relevant...
October 21, 2011 Added by:Rafal Los
When a problem that has been ignored for years suddenly causes immense pain, the result is an often a rash reaction that is grounded in fear and 'the need to do something' rather than a sane approach to securing assets, leading mostly to inconvenience and not better security....
October 20, 2011 Added by:Headlines
“My first question is always to ask executives ‘do you really know how safe your own organization is?’ Some do reply confidently. Most do not. Fraud can happen anywhere, anytime, but it is relatively straightforward to deter or discover at an early stage with the right systems..."
October 10, 2011 Added by:Dejan Kosutic
Having a business continuity plan is nice, but if you don't know when and how to start using it, the money you've invested in it was spent in vain. Even worse, you'll likely lose quite a lot of money because your business operations will be disrupted...
October 06, 2011 Added by:Gabriel Bassett
There is a core problem in risk management. Technical people tend towards the “every security risk is important enough to fix” mantra, focusing on technical details and over-rating risks. Management is used to much more tolerant definitions of likelihood and impact quantifiable in dollars...
September 16, 2011 Added by:Infosec Island Admin
There will always be elements within the company with impetus to not take your advice on security matters and maybe even give you a large amount of pushback. This is especially true of any company that has little to no security posture to start with. So who are the key client players?
September 06, 2011 Added by:Steven Fox, CISSP, QSA
Optimal utilization of security policies relies on the audience for which they are created. Policy creation and marketing must recognize and capitalize on organizational culture to promote its value proposition. People can be the strongest link in the security chain...
August 03, 2011 Added by:Brian McGinley
Intelligent businesses walk the security journey every day. Discussion prompts action, and I’ve found over my years in corporate management and data security that these four simple questions can often get the ball rolling...
August 02, 2011 Added by:Bill Gerneglia
Without central control of purchases, there is no homogeneous IT solution provider across the organization. This leads to inconsistent service, lack of collective purchasing discounts available at higher user volumes, and lack of standard IT policies, making for an IT management nightmare...
July 26, 2011 Added by:Rafal Los
The difficult part with handling information security seems to be memory, applicability, and planning. Can I recall where that tool is and how it works? Do I have enough actionable intelligence right now? Did I leave enough breadcrumbs to prepare me for this need? Is there a plan?
July 25, 2011 Added by:Thomas Fox
Even with the economy on the upswing, corporations being extremely conservative on funding, especially for departments which are viewed as more overhead than revenue generating. Project teams who embrace a brand mentality put themselves in a stronger position to achieve their goals...
July 21, 2011 Added by:Rafal Los
How long do you suppose it will be before one of these companies that's had a catastrophic, board-level security awakening forgets it ever happened and goes back to it's old practices of ignoring security? Six months? A year? Three years?
July 20, 2011 Added by:Thomas Fox
Without the support of top management, a compliance program is doomed to failure. This also means that the goals of compliance need to be incorporated into overall leadership goals. If goals are simply performance based, employees will understand that is what the company values...
June 30, 2011 Added by:Thomas Fox
Failure to escalate means issues are not reaching the right people in the company, and the issue becomes more difficult and more expensive. A company needs to have a culture in place to actively encourage elevation. This requires that both a structure and process for that structure must exist...