Items Tagged with "Risk Management"
September 19, 2012 Added by:Stephen Marchewitz
Every time I read something regarding the core terminology in security and risk management, I start to question whether they really know what they’re talking about. Even worse, some speak with so many words and such arrogance, I start question whether I know what I’m talking about...
September 11, 2012 Added by:Thomas Fox
Big banks are not doing too well these days in the compliance arena. From money-laundering operations for drug cartels to trading losses, big banks seem to be more in the news these days for compliance failures rather than successes...
September 10, 2012 Added by:Rafal Los
Air-gapped networks are difficult to maintain, and what happens when you have to transfer data from that air-gapped network to somewhere else. What if you have to install printer drivers or update your anti-virus signatures? Doesn't sound so easy to do now, does it?
September 09, 2012 Added by:Tripwire Inc
Although Neil Armstrong is the hero of the Apollo 11 story, the planning, management, complexity and technology for the mission is often overlooked. Iit were not for testing and assessing risks associated with the systems the lunar landing would not have been a success...
September 09, 2012 Added by:Ben Kepes
“With the cloud, you don’t own anything. You already signed it away through the legalistic terms of service with a cloud provider that computer users must agree to... the more we transfer everything onto the web, onto the cloud, the less we’re going to have control over it...”
September 05, 2012 Added by:Thomas Fox
While a leader can provide some insights based on experience, and perhaps give a different view, the employee who brought up the compliance issue will probably be more intimately involved with it. The employee may have thought through a resolution to the potential issue as well...
August 28, 2012 Added by:Tripwire Inc
The common reason to push the security team over to the side or down the org chart is due to a belief that what they do isn’t a core value proposition for the company. By reinforcing the idea that security is low priority it creates impediments for the business and the security team to negotiate risk and work collaboratively...
August 22, 2012 Added by:Tripwire Inc
This typical reaction I get in the US is many organizations see compliance as a “tax” and try to get away with doing the bare minimum. How do you and your organizations view compliance? Do you see it as a four-letter word, a nuisance, or as a step along the path to more effective security?
August 21, 2012 Added by:Barrie Hadfield
Consumer-based cloud platforms focus exclusively on usability and do little, if anything, to prevent the improper distribution of sensitive files and information across the firewall. the opportunity for corporate documents to fall into the wrong hands has become essentially limitless...
August 20, 2012 Added by:Rafal Los
In far too many organizations leaders and practitioners tell me that the role of Information Security is to protect the organization. Accepting this thinking got us into the predicament where are today, where security isn't everyone's job and only Infosec is thinking about security. This couldn't be more wrong...
August 05, 2012 Added by:Stacey Holleran
If your organization were to experience a serious disruption in network connectivity due to a weather event, a fire or a cyber attack, how quickly could it resume business operations? Which people, processes and technologies would be involved in the recovery? How can you be sure nothing has been overlooked?
July 29, 2012 Added by:Boris Sverdlik
It's not a question of technology, it really isn't. The one problem that we keep running into is that user's don't want us installing things on their personal devices. It's the whole entitlement mentality that our users have somehow attained through all of our babying. That's the cost of using their resources...
July 29, 2012 Added by:Christopher Laing
Risks are just circumstances that if they occurred, would have some impact on the business. Naturally risks can potentially disrupt the business, but if identified, planned for, and effectively managed, risks can have a beneficial impact on the business. The key word here is managed...
July 25, 2012 Added by:Tripwire Inc
Take a look at the things you measure. In particular, take a look at the things that become part of your bonus calculations or your performance reviews. If you are being measured against things that feel more like Tracking Indicators (like a weather forecast), then it’s time to renegotiate your Metrics...
July 22, 2012 Added by:Tripwire Inc
Today, we don’t have the concept of “knowledge security,” but should we begin considering that moving forward? Given that we are moving, quite quickly, into a knowledge-based orientation, what are the implications for “information security?” Are there any? Does this perspective even matter?
July 18, 2012 Added by:Thomas Fox
Compliance is ar form of risk you can measure, evaluate and then manage. If the risk becomes too great, that may create an unacceptable level which your company will not tolerate. One of your key roles of a compliance practitioner is to reduce the level of risk which your company cannot or will not tolerate...