Items Tagged with "Management"
June 21, 2011 Added by:Bozidar Spirovski
No top manager wants to be bothered with the problems and challenges that security and IT guys are facing. Usually that means that the security request aspects of the solution have not been researched or even familiarized. All this results in a half-baked workaround solution...
June 20, 2011 Added by:Dejan Kosutic
Traditionally, "making sense" for management means that the revenues that will result from the investment will be larger than the total cost of investment. So what's the problem? The problem is, even if you can calculate the total cost, there are no revenues to be made from security...
June 17, 2011 Added by:Thomas Fox
Moving from a rules-based compliance training to an ethics-based approach, there are three general areas where a company can change its approach in a manner to encourage employees to behave ethically, they are The Code; Ethics Training; and You Make the Call...
June 15, 2011 Added by:Rahul Neel Mani
CIOs often don’t want to come out of their IT shell. Rather than thinking business, they get immersed into IT. Although a lot of CIOs do have those skills, but they don’t move away from IT. You need a lot of guts to get to the CEO’s position, it’s a totally different ballgame...
June 14, 2011 Added by:Rafal Los
You've wrestled with justifying initiatives, programs, and security-driven innovation you want to implement to keep the company safe and lower the risk profile, but what you may not know is that the budget you've been working so hard to grow may actually be secretly killing you...
June 02, 2011 Added by:Kelly Colgan
We often use words like “robust,” “comprehensive,” and “strong” to describe security programs. Nice as that may sound, security isn’t only the strength of a system, but about the mindset of the people working it. Have they asked all the questions? Have they covered all their bases?
June 01, 2011 Added by:Thomas Fox
The questions are not intended to be an exact checklist, but rather a way to provide insight and stimulate discussion on the topic of compliance. The questions provide directors with a basis for critically assessing the answers they get and digging deeper as necessary...
May 27, 2011 Added by:Javvad Malik
Why do they put brakes in cars? If you answered “to make you stop”, you’re kind of wrong. The correct answer is, they put brakes in cars so that you can go faster. In many ways, security is similar. However, security doesn’t just bolt onto a business - it's a mindset...
May 25, 2011 Added by:Alex Hamerstone
Writing to the correct audience is one of the most important elements of creating effective documentation. If the documentation is too technical, they will not understand it. If the documentation is too simple for the audience, they may skim over important points...
May 24, 2011 Added by:Headlines
Report: "A significant number of IT staff could cause chaos for their organizations with their knowledge of and access to digital certificates and encryption keys due to lack of management controls and no separation of duties..."
May 23, 2011 Added by:Dejan Kosutic
One of the often misunderstood aspects of information security is that most of the problems (i.e. incidents) happen not because of technology, but because of human behavior. Most of the investments needed will be in defining new policies & procedures and in training & awareness programs...
May 16, 2011 Added by:Mike Meikle
If new technology is attached to a framework that is half-complete or stretched beyond capacity, then a public relations nightmare may be waiting. Consider the PlayStation Network breach. Basic management and security principles were ignored or half-implemented with disastrous consequences...
May 16, 2011 Added by:Alex Hamerstone
The purpose section should include information about why the policy is necessary. You may also wish to add some information about how the issue was dealt with historically. It is also a great place to reiterate some company values. An example is “To ensure compliance with..."
May 13, 2011 Added by:Thomas Fox
If there are components which need to be enhanced, you will have the opportunity to do so. If additional or supplemental training is called for; then take the opportunity to provide it. In short, do not be a afraid of the results...
May 09, 2011 Added by:Alex Hamerstone
The formatting and structure of documentation is not the most enthralling topic. It is however one of the most important elements of effective documentation. Delivering information in a clear and consistent way is essential to ensure documents are easy to use and effective...
May 04, 2011 Added by:Alex Hamerstone
Search engines place a vast body of human knowledge at your fingertips. This vast knowledge often includes the intellectual property of others. Finding policies on the internet and using control H to place your organization’s name in place of another is not only wrong, it is also ineffective...