Items Tagged with "Risk Management"
October 20, 2010 Added by:Sasha Nunke
The goal of security is to choose and implement cost effective countermeasures that mitigate the vulnerabilities that will most likely lead to loss. The management of Risk and Vulnerability Management is one of the counter‐measures easily justified by its ability to optimize risk...
September 21, 2010
One of the most difficult issues security managers have is justifying how they spend their limited budgets. For the most part, information security budgets are determined by percentages of the overall IT budget. This implies that security is basically a “tax” on IT, as opposed to providing value back to the organization. The fact is that security can provide value to the organization, if there...
August 24, 2010 Added by:Fred Williams
In today's economic climate, any cost savings that a company can eke out is a win. By taking a closer look at data that already exists, companies can make more informed decisions that are optimal and realistic...
August 03, 2010 Added by:Danny Lieberman
Threat models are not a silver bullet solution to prevent a crisis like AIG on one hand or Toyota on the other. A threat model is only a tool to implement a risk strategy by the business management. Threat modeling needs to be used in the proper way, measured in dollar values and must be reviewed...
June 15, 2010 Added by:Danny Lieberman
I believe that there is a fundamental flaw in enterprise risk management systems – they don’t really tell the organization something it doesn’t already know and if we don’t bring some fresh input and new risk intelligence to the board room,we are not going to be very effective at mitigating new threats.
April 26, 2010 Added by:Steven Fox, CISSP, QSA
Did you innovate today? Let’s say that you did! Good job! Did you get the idea from a podcast or webinar? Maybe. Odds are that you got wind of an interesting idea when you sat with a different team during lunch. Perhaps you attended a presentation by the business analysis group after the cancellation of an audit meeting. In either case, a synergy occured between new and acquired knowledge &n...
From the Web
November 03, 2009 from: Office of Inadequate Security
Heartland Payment Systems, Inc. announced a GAAP net loss of $13.6 million or ($0.36) per share for the three months ended September 30, 2009. Results for the quarter are after $35.6 million (pre-tax), or $0.59 per share, of various expenses, accruals and reserves, all of which are attributable to the processing system intrusion, including charges related to settlement offers made by the Company i...
November 02, 2009 Added by:Andrew Baker
There are several major challenges to the successful implementation of good information security in many organizations today. It is not because business owners do not think that security is important. No, the issues exist because they do not grasp the complexities that embody the Information Security profession, and thus make decisions that fail to account for the many nuances of a pro...
October 29, 2009 Added by:Christopher Hudel
We have had 802.1x -- CISCO + Active Directory Integration -- in place for over a year know and it is largely a success; windows systems automatically obtain machine certificates (machines automatically receive certificates when they join the domain), supplicants exist for our IP Phones, and those devices (i.e.: printers) that are currently incapable of 802.1x are split off in a tightl...
October 29, 2009 Added by:Mike Cuppett
Start aligning your security strategy to better protect your organization's most critical asset - data. While many security proponents lean toward an outside-in strategy - protect every computer in the company from the outside world first - we really need to understand that the data is the asset that must be protected first and foremost. The outside-in strategy starts at a macro level and ov...
October 24, 2009 Added by:Todd Zebert
Past willful risky behavior, and then outright foolishness, we have Risk Mismanagement. We’ve all head the quote “Lies, damned lies, and statistics” (author unknown) with its intention that statistics can be used to lie persuasively or lend credence to otherwise suspect arguments. With Risk Management we’ve layered Management on top of statistics - this is where things can ...
October 06, 2009 Added by:Sandra Avery
Times are tough. Now, more than ever, organizations need to be extra vigilant about protecting the data on their networks. With identity theft at an all time high, and data breaches disclosed almost daily, the stakes are incredibly high.