Items Tagged with "Risk Management"
July 18, 2012 Added by:Neira Jones
You know the feeling: You think you have it all under control, you think you've engaged with the right people, you have buy in from those who matter, the right culture is in place, you're not struggling for investment and bang! You get hacked. Overwhelming sense of failure ensues. Where did it all go wrong?
July 15, 2012 Added by:Tripwire Inc
Want to add layers, or change your defense in depth approach? Your Information Systems team is just the beginning. What business unit will you impact? How will they be impacted, and when is the optimum time to do this? Depending on scope, this could even ripple through your business continuity program...
July 12, 2012 Added by:Rafal Los
We're getting compromised left and right by devices we are delusional enough to think we can trust because we feel like we've got sufficient control... Where does it end? Here, right at the point where we become cognizant of the fact that no asset, corporate or otherwise, should ever really be trusted...
July 12, 2012 Added by:Headlines
“Evidently, active vulnerability scanning can cause huge management headaches due to its disruptive nature and information overload, so scanners tend to be used primarily for ‘spot checks’ that aren’t effective at minimizing risks. Critical vulnerabilities have to be identified, prioritized, and remediated daily..."
July 03, 2012 Added by:Rafal Los
How can we both restore service quickly and solve a long-term systemic problems when we can't always tell that two issues are even related? Optimize the analysis between changes, connected systems and components to figure out dependencies in cases such as linked and distributed failures...
June 29, 2012
The report, ‘Incentives and barriers to the cyber insurance market in Europe,’ highlights the fact that while cyber security is an important concern for policy makers, businesses and citizens, traditional coverage offered by insurance providers may not comprehensively address digital risk...
June 28, 2012 Added by:Brent Huston
Malware with comparisons to Stuxnet are all the rage these days. Much of what is in the media is either hysteria, hype, confusion or outright wrong. As an infosec practitioner, your job is to explain to folks in a rational way about the trends and topics in the news carefully, truthfully, and rationally...
June 28, 2012 Added by:Fergal Glynn
Many organizations looking at application security for the first time struggle with why they should take a programmatic approach to tackling application security. The simple fact is that if someone wants your intellectual property, they are going to use software you bought, built or outsourced to get at it...
June 25, 2012 Added by:Ian Tibble
“Run a scanner by it” still appears in so many articles – it's still very much part of the furniture. Software suites are built on the use of automated unauthenticated scanning – in some cases taking an open source scanning engine, wrapping a nice GUI around it, and slapping a 25K USD price tag on it...
June 25, 2012 Added by:Thomas Fox
New York Times reporter Adam Bryant recently profiled Angie Hicks, one of the co-founders of Angie’s List, who has some interesting observations on leadership that I found applicable to creating a functional compliance effort within an organization, from compliance professionals to ethical leadership...
June 20, 2012 Added by:Thomas Fox
As compliance programs become more mature, you can use the information generated in a risk assessment in a variety of ways to facilitate an overall risk management program. To create an effective risk management system, understand the qualitative distinctions among types of risk an organization faces...
June 20, 2012 Added by:Tripwire Inc
RBSM is defined as applying rigorous and systematic analytical techniques to evaluate the risks that impact an organization’s information assets and IT infrastructure. Tripwire and Ponemon Institute researched the state of risk management and came up with some interesting findings. Join us for this webcast...
June 20, 2012 Added by:Kevin W. Wall
I thought that most of the properties of trust were obvious, but was surprised to see someone in security quote a Microsoft software developer that “trust is not transitive”. Apparently there are still software and security engineers who misunderstand trust. I will attempt to clear up this misunderstanding...
June 19, 2012 Added by:Megan Berry
While you still may be debating whether or not to allow employees to use their own smartphones or tables for work, many organizations realize that they may not have a choice. Though it may seem that the risks of unsecured devices are a security nightmare, with the right tools, companies can work BYOD to their advantage...
June 17, 2012 Added by:Thomas Fox
Collins has been looking at corporations for over 25 years to unlock the mystery of what makes a great company tick and discusses twelve questions that leaders must grapple with if they truly want to excel. This list is a good summary of questions that you can and should be posing to your compliance team...
June 14, 2012 Added by:Headlines
"Though organizations profess a commitment to RBSM... this security practice is still in its infancy. To establish an effective... program, certain barriers need to be addressed. These include securing adequate resources, having employees with the necessary expertise and designating strong leaders..."