Items Tagged with "Management"


Compliance: Telling the Board What it Needs to Know

November 03, 2011 Added by:Thomas Fox

In an article entitled “Telling Your Board What it Needs to Hear”, author Arielle Bikard discusses the views of Pfizer Inc’s Chief Compliance Officer (CCO), Douglas Lankler, on how he keeps the Pfizer Board of Directors up to date on compliance issues...

Comments  (1)


The Other Top Issues Facing Computer Security

October 27, 2011 Added by:Dan Dieterle

There is a disconnect between management and IT. Sometimes management doesn’t fully understand what the IT department is doing. Veteran computer personal are being removed from companies – “due to cutbacks”, only to be replaced shortly thereafter by inexperienced or even temporary workers...

Comments  (0)


#EntSec -- Not Business Relevant

October 26, 2011 Added by:Ali-Reza Anghaie

Enterprise Security is Not Business Relevant. Now, that's quite the inflammatory statement but unless your business is security then it's true in practice today. Before the flaming begins let me start by saying I believe firmly it ~IS~ business critical but I want to make it actually relevant...

Comments  (0)


Confusing Inconvenience for Enterprise Security

October 21, 2011 Added by:Rafal Los

When a problem that has been ignored for years suddenly causes immense pain, the result is an often a rash reaction that is grounded in fear and 'the need to do something' rather than a sane approach to securing assets, leading mostly to inconvenience and not better security....

Comments  (0)


Ten Early Warning Signs of Fraud in the Enterprise

October 20, 2011 Added by:Headlines

“My first question is always to ask executives ‘do you really know how safe your own organization is?’ Some do reply confidently. Most do not. Fraud can happen anywhere, anytime, but it is relatively straightforward to deter or discover at an early stage with the right systems..."

Comments  (0)


Activation Procedures for Business Continuity Plans

October 10, 2011 Added by:Dejan Kosutic

Having a business continuity plan is nice, but if you don't know when and how to start using it, the money you've invested in it was spent in vain. Even worse, you'll likely lose quite a lot of money because your business operations will be disrupted...

Comments  (0)


Risk Management: Context is the Key

October 06, 2011 Added by:Gabriel Bassett

There is a core problem in risk management. Technical people tend towards the “every security risk is important enough to fix” mantra, focusing on technical details and over-rating risks. Management is used to much more tolerant definitions of likelihood and impact quantifiable in dollars...

Comments  (0)


Strutting and Fretting Upon the Security Stage: The Players

September 16, 2011 Added by:Infosec Island Admin

There will always be elements within the company with impetus to not take your advice on security matters and maybe even give you a large amount of pushback. This is especially true of any company that has little to no security posture to start with. So who are the key client players?

Comments  (1)


Promoting Security Policies Using Organizational Culture

September 06, 2011 Added by:Steven Fox, CISSP, QSA

Optimal utilization of security policies relies on the audience for which they are created. Policy creation and marketing must recognize and capitalize on organizational culture to promote its value proposition. People can be the strongest link in the security chain...

Comments  (0)


Four Questions to Start the Security Discussion

August 03, 2011 Added by:Brian McGinley

Intelligent businesses walk the security journey every day. Discussion prompts action, and I’ve found over my years in corporate management and data security that these four simple questions can often get the ball rolling...

Comments  (0)


Informal Cloud Buyers - A Growing IT Problem

August 02, 2011 Added by:Bill Gerneglia

Without central control of purchases, there is no homogeneous IT solution provider across the organization. This leads to inconsistent service, lack of collective purchasing discounts available at higher user volumes, and lack of standard IT policies, making for an IT management nightmare...

Comments  (0)


Too Many Tools, Not Enough Glue?

July 26, 2011 Added by:Rafal Los

The difficult part with handling information security seems to be memory, applicability, and planning. Can I recall where that tool is and how it works? Do I have enough actionable intelligence right now? Did I leave enough breadcrumbs to prepare me for this need? Is there a plan?

Comments  (0)


On Branding Your Enterprise Compliance Project

July 25, 2011 Added by:Thomas Fox

Even with the economy on the upswing, corporations being extremely conservative on funding, especially for departments which are viewed as more overhead than revenue generating. Project teams who embrace a brand mentality put themselves in a stronger position to achieve their goals...

Comments  (0)


The Long-Term Impact of Short-Term Problems

July 21, 2011 Added by:Rafal Los

How long do you suppose it will be before one of these companies that's had a catastrophic, board-level security awakening forgets it ever happened and goes back to it's old practices of ignoring security? Six months? A year? Three years?

Comments  (0)


Fostering Compliance Across Your Company

July 20, 2011 Added by:Thomas Fox

Without the support of top management, a compliance program is doomed to failure. This also means that the goals of compliance need to be incorporated into overall leadership goals. If goals are simply performance based, employees will understand that is what the company values...

Comments  (0)


Compliance and the Failure to Escalate

June 30, 2011 Added by:Thomas Fox

Failure to escalate means issues are not reaching the right people in the company, and the issue becomes more difficult and more expensive. A company needs to have a culture in place to actively encourage elevation. This requires that both a structure and process for that structure must exist...

Comments  (0)

Page « < 2 - 3 - 4 - 5 - 6 > »