Items Tagged with "Risk Management"
October 07, 2016 Added by:Steve Durbin
Organizations face a daunting array of challenges interconnected with cybersecurity: the insatiable appetite for speed and agility, the growing dependence on complex supply chains, and the rapid emergence of new technologies.
December 18, 2015 Added by:Ilia Kolochenko
If you speak with management about money – speak their language and you will definitely get what you need.
December 02, 2015 Added by:James Christiansen
CSOs need to meet the challenge of third-party risk management head on. It’s time to execute on a larger risk strategy: managing the risk posture for your organization. This job is bigger than any single department—for any single company, in fact.
March 11, 2014 Added by:Michael Fimin
In order to figure out where auditing should play a part in your security strategy, let’s start by defining what should be audited as part of a security plan. To do this, look first at how security is implemented in its most simple form and work backwards to auditing’s role in your strategy.
October 15, 2013 Added by:Robb Reck
The implementation of a risk management focused information security program not only increases the security of the organization, it increases the collaboration between security and other technical stakeholders, frees up security to do what it does best (instead of making business decisions) and improves the organization’s risk awareness.
April 19, 2013 Added by:Rafal Los
In just about every organization (with little exception) there are more things to defend than there are resources to defend with. Remember playing the game of Risk, when you were a kid? Maybe you still have the game now... amazing how close to that board game your life in InfoSec is now, isn't it?
April 01, 2013 Added by:Ben Rothke
In Managing Risk and Information Security: Protect to Enable, author Malcolm Harkins deals with the inherent tension of information security – that between limitations and enablement.
January 24, 2013 Added by:Rafal Los
In order to not incur additional risk to the business, the organization being outsourced to must be heavily vetted and contractually obligated to maintain secrecy and integrity. It can be done, but it's tricky, and requires work in due-diligence to ensure the result isn't a train wreck during a worst-case scenario...
January 11, 2013 Added by:Michele Westergaard
The past three years have seen a number of man-made and natural disasters bring risk management demands to the forefront of executives and board directors. Fat-tail risks that have a low probability, but a very high impact to the organization, such as the Japanese tsunami, the Gulf of Mexico oil spill or the euro-zone liquidity crisis, have been front and center, creating a renewed interest in ent...
December 13, 2012 Added by:Michelle Drolet
In order to detect security breaches and guarantee compliance, tamper “proofing” has not been sufficient. When it comes time for a forensic audit, the ability to detect unauthorized changes to digital files becomes invaluable in an investigation...
December 08, 2012 Added by:Tripwire Inc
Incident Management is particularly interesting in the light of the recent attacks on Vmware, Symantec and a host of other companies and internet properties. It all boils down to a fairly straight forward question…when an incident occurs, how does your security team respond?
December 03, 2012 Added by:Randall Frietzsche
In the broad spectrum of activities which might be called Information Security, we must always first and foremost implement, execute and follow through with risk management. Risk management is the backbone or foundation of any good information security program...
December 03, 2012 Added by:Joel Harding
I worked for one company who wanted to get information out quickly to all their stakeholders. The problem was the company was mired in an unhealthy aversion to risk. Their mind-set was avoidance, whereas industry transitioned to risk mitigation. That company is doomed to fail...
November 29, 2012 Added by:Tripwire Inc
For years security vendors have been able to play off the general fears of malware and cyber attacks. As the scope of protecting data has become more complex, we’ve slowly learned that deploying more security controls alone is not a risk management solution...
November 29, 2012 Added by:Tripwire Inc
Liars and Outliers is such a departure from his usual technical subject matter, that I was concerned that Mr. Schneier may have overreached. It’s not every day that a security guru talks about theories of coercion and explains how society establishes and maintains trust – that’s about society, not components...