Items Tagged with "Risk Management"


Computer Security Incident Response - Part 3

November 16, 2010 Added by:John McGloughlin

The efficiency and effectiveness of the Security Operations Center (SOC) team depends on disciplined conduct, continuous communication, uniformed approach, low defect rates and positive attitudes. This team is the basis of a continuous effort to protect the assets of the corporation...

Comments  (0)


Computer Security Incident Response - Part 2

November 10, 2010 Added by:John McGloughlin

If you’re part of a policy making body and maybe don’t have very much real world cyber-combat experience - don’t put together a flow chart for how to deal with a reconnaissance threat and hand it to the operational team. You’ll just piss them off and the objective will be lost...

Comments  (0)


Top Five Mistakes CIOs Often Make

November 10, 2010 Added by:Danny Lieberman

As long as the earth doesn’t move, you’re safe - but once things start, you can drop into a big hole. Most security vulnerabilities reside in the cracks of systems and organizational integration and during an M&A, those fault lines can turn security potholes into the Grand Canyon...

Comments  (4)


Managing Risk and Keeping Your Network Secure

October 20, 2010 Added by:Sasha Nunke

The goal of security is to choose and implement cost effective countermeasures that mitigate the vulnerabilities that will most likely lead to loss. The management of Risk and Vulnerability Management is one of the counter‐measures easily justified by its ability to optimize risk...

Comments  (0)


Justifying IT Security

September 21, 2010

One of the most difficult issues security managers have is justifying how they spend their limited budgets. For the most part, information security budgets are determined by percentages of the overall IT budget. This implies that security is basically a “tax” on IT, as opposed to providing value back to the organization. The fact is that security can provide value to the organization, if there...

Comments  (1)


Better Security Through Sacrificing Maidens

September 15, 2010 Added by:Pete Herzog

Now we all see people who say that security is about the process and we see them fighting a losing battle. The problem is we are being taught to build defenses like consumers and it isn't working...

Comments  (25)


Using Analytics and Modeling to Predict Attacks

August 24, 2010 Added by:Fred Williams

In today's economic climate, any cost savings that a company can eke out is a win. By taking a closer look at data that already exists, companies can make more informed decisions that are optimal and realistic...

Comments  (3)


Inside Operational Risk Management

August 03, 2010 Added by:Danny Lieberman

Threat models are not a silver bullet solution to prevent a crisis like AIG on one hand or Toyota on the other. A threat model is only a tool to implement a risk strategy by the business management. Threat modeling needs to be used in the proper way, measured in dollar values and must be reviewed...

Comments  (0)


Next Generation Risk Analysis

June 15, 2010 Added by:Danny Lieberman

I believe that there is a fundamental flaw in  enterprise risk management systems –  they don’t really tell the organization something it doesn’t already know and if we don’t bring some fresh input and new risk intelligence to the board room,we are not going to be very effective at mitigating new threats.

Comments  (0)


Risk Mitigation through Collaborative Innovation

April 26, 2010 Added by:Steven Fox, CISSP, QSA

Did you innovate today? Let’s say that you did! Good job! Did you get the idea from a podcast or webinar? Maybe. Odds are that you got wind of an interesting idea when you sat with a different team during lunch. Perhaps you attended a presentation by the business analysis group after the cancellation of an audit meeting. In either case, a synergy occured between new and acquired knowledge &n...

Comments  (0)

From the Web

Heartland Payment Systems Reports Third Quarter Financial Results

November 03, 2009 from: Office of Inadequate Security

Heartland Payment Systems, Inc. announced a GAAP net loss of $13.6 million or ($0.36) per share for the three months ended September 30, 2009. Results for the quarter are after $35.6 million (pre-tax), or $0.59 per share, of various expenses, accruals and reserves, all of which are attributable to the processing system intrusion, including charges related to settlement offers made by the Company i...

Comments  (0)


Searching for Return on Security Investments

November 02, 2009 Added by:Andrew Baker

There are several major challenges to the successful implementation of good information security in many organizations today.  It is not because business owners do not think that security is important.  No, the issues exist because they do not grasp the complexities that embody the Information Security profession, and thus make decisions that fail to account for the many nuances of a pro...

Comments  (5)


Good enough security?

October 29, 2009 Added by:Christopher Hudel

We have had 802.1x -- CISCO + Active Directory Integration --  in place for over a year know and it is largely a success; windows systems automatically obtain machine certificates (machines automatically receive certificates when they join the domain), supplicants exist for our IP Phones, and those devices (i.e.: printers)  that are currently incapable of 802.1x are split off in a tightl...

Comments  (2)


IT Security - Defense in Depth Protection using a Data-centric Model

October 29, 2009 Added by:Mike Cuppett

Start aligning your security strategy to better protect your organization's most critical asset - data. While many security proponents lean toward an outside-in strategy - protect every computer in the company from the outside world first - we really need to understand that the data is the asset that must be protected first and foremost.  The outside-in strategy starts at a macro level and ov...

Comments  (5)


Lies, Damn Lies, Statistics & Risk Management

October 24, 2009 Added by:Todd Zebert

Past willful risky behavior, and then outright foolishness, we have Risk Mismanagement. We’ve all head the quote “Lies, damned lies, and statistics” (author unknown) with its intention that statistics can be used to lie persuasively or lend credence to otherwise suspect arguments. With Risk Management we’ve layered Management on top of statistics - this is where things can ...

Comments  (0)


The Threat from Within

October 06, 2009 Added by:Sandra Avery

Times are tough.  Now, more than ever, organizations need to be extra vigilant about protecting the data on their networks.  With identity theft  at an all time high, and data breaches disclosed almost daily, the stakes are incredibly high.  

Comments  (0)

Page « < 9 - 10 - 11 - 12 - 13 > »