Items Tagged with "Risk Management"


Is BYOD a Nightmare for IT Security or a Dream Come True?

June 19, 2012 Added by:Megan Berry

While you still may be debating whether or not to allow employees to use their own smartphones or tables for work, many organizations realize that they may not have a choice. Though it may seem that the risks of unsecured devices are a security nightmare, with the right tools, companies can work BYOD to their advantage...

Comments  (24)


Bill Gates, the Perfect Game and Your Compliance Program

June 17, 2012 Added by:Thomas Fox

Collins has been looking at corporations for over 25 years to unlock the mystery of what makes a great company tick and discusses twelve questions that leaders must grapple with if they truly want to excel. This list is a good summary of questions that you can and should be posing to your compliance team...

Comments  (0)


Tripwire Examines the State of Risk-Based Security Management

June 14, 2012 Added by:Headlines

"Though organizations profess a commitment to RBSM... this security practice is still in its infancy. To establish an effective... program, certain barriers need to be addressed. These include securing adequate resources, having employees with the necessary expertise and designating strong leaders..."

Comments  (0)


PCI DSS and Compliance: Just a Tick Box Exercise?

June 13, 2012

According to Neira Jones, Head of Payment Security at Barclaycard, compliance should be a natural byproduct of good risk management and information security practice...

Comments  (0)


The Path to NoOps is Through the Cloud

June 12, 2012 Added by:Rafal Los

So what is the single most valuable piece of technology that can push a development closer towards a NoOps methodology? I believe it's the adoption of cloud computing. While many of the security folks who read this blog are probably shaking their heads right about now, read on and let me convince you...

Comments  (0)


Disclosures: The Vulnerability of Publicly Traded Companies

June 12, 2012 Added by:Fergal Glynn

What we’ve been lacking is quantitative information that helps inform the debate around application security. We want to use this data to shape the conversation around application security so that our attention gets focused on the right things and our investments get made in the right areas...

Comments  (1)


NIST: Cloud Computing Synopsis and Recommendations

June 05, 2012

This document reprises the definition of cloud computing, describes cloud computing benefits and open issues, presents an overview of major classes of cloud technology, and provides guidelines and recommendations on how organizations should consider the opportunities and risks of cloud computing...

Comments  (0)


Melville's "Bartleby the Scrivener" and Infosec

May 26, 2012 Added by:Rafal Los

Bottom line is, you won't be able to force change no matter how much you yell, scream, or try to scare the leadership. Better security is a cultural change, it's a change that must be adopted for a purpose or organizational goal. Otherwise, you're throwing rocks against a brick wall...

Comments  (0)


How the DOJ Looks at Compliance Programs Part I

May 22, 2012 Added by:Thomas Fox

Although often discussed in Deferred Prosecution Agreements (DPAs) or Non-Prosecution Agreements (NPAs), most compliance practitioners are not familiar with one of the most important sources of Department of Justice (DOJ) policy regarding the prosecution of corporations...

Comments  (0)


Why Does Software Security Keep Falling off your Budget?

May 22, 2012 Added by:Rafal Los

Approximately 3 out of 4 attacks against your enterprise or organization come at your applications. Whether it's at your website, at the mobile app you've deployed, or your enterprise API - you're being attacked where the lowest defenses are - the application...

Comments  (0)


Who Are You Preaching to Anyway?

May 15, 2012 Added by:Neira Jones

Hard core security conferences continue to happen and continue to be successful, and long may it continue. We still need the techies to make sure we have the right tech to support the people and processes in our businesses. We also need the techies to try and keep ahead of the bad guys...

Comments  (2)


Where Will the Buck Stop in Cloud Security?

May 15, 2012 Added by:Jayson Wylie

I don’t want to see the main outcome of security and data breaches become lengthy litigation. If cloud security boils down to he who has the best law team, the direction of security will have an approach of least exposure to litigation versus Cyber threats. This does not settle with me as a valid security driver for improving security posture...

Comments  (0)


Software Security: A Chief Financial Officer’s Perspective

May 15, 2012 Added by:Fergal Glynn

Surprise, you woke up today and found that 10% of the value of your company is gone because confidential customer information was made public. The FTC is knocking on your door asking for a forensic security audit. Your largest investors are calling about the scope of the breach...

Comments  (0)


ICS-CERT: Risk Management for the Electricity Sector

May 14, 2012 Added by:Infosec Island Admin

The DOE collaborated with the NIST and NERC to release a second draft of the Electricity Sector Cybersecurity Risk Management Process guideline, designed with the idea that cybersecurity risk management should be driven by the business needs of the company...

Comments  (0)


Keeping Security Relevant: From Control to Governance in the Cloud

May 11, 2012 Added by:Rafal Los

When someone mentions public cloud, you quickly see the polarizing effects the topic has, generating a very negative reaction to the idea of putting anything corporate in the public cloud. What does that mean for the future of corporate information security and risk management?

Comments  (0)


Turn Compliance Beliefs Into Action: Impact Tone at the Bottom

May 11, 2012 Added by:Thomas Fox

This method is a good way for a compliance practitioner to get at ‘tone at the bottom’. By engaging employees at the level suggested you can find out not only what the employees think about the compliance program but use their collective experience to help design a more effective program...

Comments  (0)

Page « < 3 - 4 - 5 - 6 - 7 > »