Items Tagged with "Risk Management"


6429389c5e8a4c9555be876f8484331a

Managing Risk and Keeping Your Network Secure

October 20, 2010 Added by:Sasha Nunke

The goal of security is to choose and implement cost effective countermeasures that mitigate the vulnerabilities that will most likely lead to loss. The management of Risk and Vulnerability Management is one of the counter‐measures easily justified by its ability to optimize risk...

Comments  (0)

6429389c5e8a4c9555be876f8484331a

Justifying IT Security

September 21, 2010

One of the most difficult issues security managers have is justifying how they spend their limited budgets. For the most part, information security budgets are determined by percentages of the overall IT budget. This implies that security is basically a “tax” on IT, as opposed to providing value back to the organization. The fact is that security can provide value to the organization, if there...

Comments  (1)

1789975b05c7c71e14278df690cabf26

Better Security Through Sacrificing Maidens

September 15, 2010 Added by:Pete Herzog

Now we all see people who say that security is about the process and we see them fighting a losing battle. The problem is we are being taught to build defenses like consumers and it isn't working...

Comments  (25)

D5e39323dd0a7b8534af8a5043a05da2

Using Analytics and Modeling to Predict Attacks

August 24, 2010 Added by:Fred Williams

In today's economic climate, any cost savings that a company can eke out is a win. By taking a closer look at data that already exists, companies can make more informed decisions that are optimal and realistic...

Comments  (3)

959779642e6e758563e80b5d83150a9f

Inside Operational Risk Management

August 03, 2010 Added by:Danny Lieberman

Threat models are not a silver bullet solution to prevent a crisis like AIG on one hand or Toyota on the other. A threat model is only a tool to implement a risk strategy by the business management. Threat modeling needs to be used in the proper way, measured in dollar values and must be reviewed...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Next Generation Risk Analysis

June 15, 2010 Added by:Danny Lieberman

I believe that there is a fundamental flaw in  enterprise risk management systems –  they don’t really tell the organization something it doesn’t already know and if we don’t bring some fresh input and new risk intelligence to the board room,we are not going to be very effective at mitigating new threats.

Comments  (0)

B09c361cbdc6cf629affdc7db30a186d

Risk Mitigation through Collaborative Innovation

April 26, 2010 Added by:Steven Fox, CISSP, QSA

Did you innovate today? Let’s say that you did! Good job! Did you get the idea from a podcast or webinar? Maybe. Odds are that you got wind of an interesting idea when you sat with a different team during lunch. Perhaps you attended a presentation by the business analysis group after the cancellation of an audit meeting. In either case, a synergy occured between new and acquired knowledge &n...

Comments  (0)


From the Web

Heartland Payment Systems Reports Third Quarter Financial Results

November 03, 2009 from: Office of Inadequate Security

Heartland Payment Systems, Inc. announced a GAAP net loss of $13.6 million or ($0.36) per share for the three months ended September 30, 2009. Results for the quarter are after $35.6 million (pre-tax), or $0.59 per share, of various expenses, accruals and reserves, all of which are attributable to the processing system intrusion, including charges related to settlement offers made by the Company i...

Comments  (0)

70e177868d7bc383ce3ea10b6f976ada

Searching for Return on Security Investments

November 02, 2009 Added by:Andrew Baker

There are several major challenges to the successful implementation of good information security in many organizations today.  It is not because business owners do not think that security is important.  No, the issues exist because they do not grasp the complexities that embody the Information Security profession, and thus make decisions that fail to account for the many nuances of a pro...

Comments  (5)

B32b392ce3a707f05f4838c48c67d9cf

Good enough security?

October 29, 2009 Added by:Christopher Hudel

We have had 802.1x -- CISCO + Active Directory Integration --  in place for over a year know and it is largely a success; windows systems automatically obtain machine certificates (machines automatically receive certificates when they join the domain), supplicants exist for our IP Phones, and those devices (i.e.: printers)  that are currently incapable of 802.1x are split off in a tightl...

Comments  (2)

B038fefd7a19c26505d1f0671609d8ce

IT Security - Defense in Depth Protection using a Data-centric Model

October 29, 2009 Added by:Mike Cuppett

Start aligning your security strategy to better protect your organization's most critical asset - data. While many security proponents lean toward an outside-in strategy - protect every computer in the company from the outside world first - we really need to understand that the data is the asset that must be protected first and foremost.  The outside-in strategy starts at a macro level and ov...

Comments  (5)

8d04c13e080ecc73656118e7650fbb4c

Lies, Damn Lies, Statistics & Risk Management

October 24, 2009 Added by:Todd Zebert

Past willful risky behavior, and then outright foolishness, we have Risk Mismanagement. We’ve all head the quote “Lies, damned lies, and statistics” (author unknown) with its intention that statistics can be used to lie persuasively or lend credence to otherwise suspect arguments. With Risk Management we’ve layered Management on top of statistics - this is where things can ...

Comments  (0)

6f611188ad4a81ffc2edab83b0705d76

The Threat from Within

October 06, 2009 Added by:Sandra Avery

Times are tough.  Now, more than ever, organizations need to be extra vigilant about protecting the data on their networks.  With identity theft  at an all time high, and data breaches disclosed almost daily, the stakes are incredibly high.  

Comments  (0)

Page « < 9 - 10 - 11 - 12 - 13 > »