Items Tagged with "Management"


Compliance and the Failure to Escalate

June 30, 2011 Added by:Thomas Fox

Failure to escalate means issues are not reaching the right people in the company, and the issue becomes more difficult and more expensive. A company needs to have a culture in place to actively encourage elevation. This requires that both a structure and process for that structure must exist...

Comments  (0)


The Permanent Security Issue of Top Management

June 21, 2011 Added by:Bozidar Spirovski

No top manager wants to be bothered with the problems and challenges that security and IT guys are facing. Usually that means that the security request aspects of the solution have not been researched or even familiarized. All this results in a half-baked workaround solution...

Comments  (0)


Calculating the Return on Security Investment (ROSI)

June 20, 2011 Added by:Dejan Kosutic

Traditionally, "making sense" for management means that the revenues that will result from the investment will be larger than the total cost of investment. So what's the problem? The problem is, even if you can calculate the total cost, there are no revenues to be made from security...

Comments  (0)


A Values-Based Approach to Your Compliance Program

June 17, 2011 Added by:Thomas Fox

Moving from a rules-based compliance training to an ethics-based approach, there are three general areas where a company can change its approach in a manner to encourage employees to behave ethically, they are The Code; Ethics Training; and You Make the Call...

Comments  (0)


CIO: Throw Your Ego Out of the Window

June 15, 2011 Added by:Rahul Neel Mani

CIOs often don’t want to come out of their IT shell. Rather than thinking business, they get immersed into IT. Although a lot of CIOs do have those skills, but they don’t move away from IT. You need a lot of guts to get to the CEO’s position, it’s a totally different ballgame...

Comments  (0)


Hey CISO, Your Budget is Killing You...

June 14, 2011 Added by:Rafal Los

You've wrestled with justifying initiatives, programs, and security-driven innovation you want to implement to keep the company safe and lower the risk profile, but what you may not know is that the budget you've been working so hard to grow may actually be secretly killing you...

Comments  (0)


Game Over: Cloud Computing and the Sony Breach

June 02, 2011 Added by:Kelly Colgan

We often use words like “robust,” “comprehensive,” and “strong” to describe security programs. Nice as that may sound, security isn’t only the strength of a system, but about the mindset of the people working it. Have they asked all the questions? Have they covered all their bases?

Comments  (0)


Compliance: Twenty Questions Directors Should Ask

June 01, 2011 Added by:Thomas Fox

The questions are not intended to be an exact checklist, but rather a way to provide insight and stimulate discussion on the topic of compliance. The questions provide directors with a basis for critically assessing the answers they get and digging deeper as necessary...

Comments  (0)


Infosec: Is the Cynic-Signal Broken?

May 27, 2011 Added by:Javvad Malik

Why do they put brakes in cars? If you answered “to make you stop”, you’re kind of wrong. The correct answer is, they put brakes in cars so that you can go faster. In many ways, security is similar. However, security doesn’t just bolt onto a business - it's a mindset...

Comments  (0)


Information Security Policies and Procedures Part 6

May 25, 2011 Added by:Alex Hamerstone

Writing to the correct audience is one of the most important elements of creating effective documentation. If the documentation is too technical, they will not understand it. If the documentation is too simple for the audience, they may skim over important points...

Comments  (0)


Could the IT Staff Hold Your Company Hostage?

May 24, 2011 Added by:Headlines

Report: "A significant number of IT staff could cause chaos for their organizations with their knowledge of and access to digital certificates and encryption keys due to lack of management controls and no separation of duties..."

Comments  (0)


Management’s View of Information Security

May 23, 2011 Added by:Dejan Kosutic

One of the often misunderstood aspects of information security is that most of the problems (i.e. incidents) happen not because of technology, but because of human behavior. Most of the investments needed will be in defining new policies & procedures and in training & awareness programs...

Comments  (0)


Enterprise Information Technology: Skip the Sexy

May 16, 2011 Added by:Mike Meikle

If new technology is attached to a framework that is half-complete or stretched beyond capacity, then a public relations nightmare may be waiting. Consider the PlayStation Network breach. Basic management and security principles were ignored or half-implemented with disastrous consequences...

Comments  (10)


Information Security Policies and Procedures Part 5

May 16, 2011 Added by:Alex Hamerstone

The purpose section should include information about why the policy is necessary. You may also wish to add some information about how the issue was dealt with historically. It is also a great place to reiterate some company values. An example is “To ensure compliance with..."

Comments  (1)


Testing Your FCPA Compliance Program

May 13, 2011 Added by:Thomas Fox

If there are components which need to be enhanced, you will have the opportunity to do so. If additional or supplemental training is called for; then take the opportunity to provide it. In short, do not be a afraid of the results...

Comments  (0)


Information Security Policies and Procedures Part 4

May 09, 2011 Added by:Alex Hamerstone

The formatting and structure of documentation is not the most enthralling topic. It is however one of the most important elements of effective documentation. Delivering information in a clear and consistent way is essential to ensure documents are easy to use and effective...

Comments  (0)

Page « < 3 - 4 - 5 - 6 - 7 > »