Blog Posts Tagged with "Enterprise Risk Management"
August 29, 2012 Added by:Thomas Fox
The best way to effect culture “is to combine strong leadership with the existing internal elements of a healthy corporate culture... while it may take as long to create a good culture as it does to establish a good reputation, a strong set of values is usually harder to destroy unless the company is itself dismantled..."
August 28, 2012 Added by:Christopher Rodgers
Management sometimes assumes that when they have identified and summarized the top risks to their organization through a Strategic Risk Assessment, that they have implemented ERM. This is simply not the case. Strategic Risk Assessment is an important component of ERM and usually a starting point, but not a final destination...
August 27, 2012 Added by:Michele Westergaard
The past 24 months have seen a number of disasters bring risk management to the forefront of executives and board directors. Whether natural disasters such as the Japanese Tsunami or man-made such as the Gulf of Mexico oil spill, fat-tail disasters have created a renewed interest in enterprise risk management...
August 23, 2012 Added by:Thomas Fox
Unlike the insurance industry, which helps companies manage risks through financial instruments, risk management attempts to avoid or at least control risk. The next time you hear the mindless prattle of “but we’ve always done it that way”, get some ideas on how to change your company’s compliance culture...
August 08, 2012 Added by:Robert Siciliano
The CIO has become as important as the CEO. It’s a pivotal position that often can make or break the success of a corporation. As criminal hackers have launched campaigns against numerous organizations, the CIO has become much more than an information officer. They are the guardian of corporate secrets...
August 06, 2012 Added by:Neira Jones
With social networks transforming the rules of business engagement, many businesses think the biggest risk of social media is the brand and reputational damage that could result from negative interactions or the potential disclosure of proprietary or sensitive information...
July 03, 2012 Added by:Jared Pfost
Most IT organizations aren't equipped or supported to build a mature program. If our objective is to deliver an evidence driven investment road map aligned with the business, it's OK to plan a phased approach and demonstrate value while the culture, process, and necessary resources gain momentum...
June 27, 2012 Added by:Rafal Los
One cloud does not fit all. Your cloud should be customized to fit your business. I believe that if you're going to have a cloud strategy you need to have a pragmatic approach which has you doing your due diligence, proper risk analysis, and understanding your cloud vendor...
June 25, 2012 Added by:Rafal Los
Failing with the support of a DevOps tribe can lead to a more resilient enterprise and ultimately better enterprise security. In the following few sections we're going to take a look at combining tools, processes and the tribe mentality to solve some otherwise ugly problems - and come out the other side...
June 12, 2012 Added by:Simon Heron
Mobile devices are contributing to improved efficiency and are undoubtedly popular with employees, but they are also inherently vulnerable. To minimise the risks, organisations must develop specific mobile device management policies – and then enforce them...
May 31, 2012 Added by:Thomas Fox
The ABA Primer notes that an effective compliance program consists of documentation that an organization “exercise[s] due diligence to prevent and detect criminal conduct; and otherwise promote[s] an organizational culture that encourages ethical conduct and a commitment to compliance with the law”...
May 30, 2012 Added by:Rafal Los
Resiliency speaks to core business needs much better than security ever could. Resiliency speaks to availability, incident response, business continuity and disaster recovery and security all rolled into one. Resiliency is a measure of preparedness against failure - a component of which is security...
May 30, 2012 Added by:Robert Siciliano
Victims of business identity theft often do not find out about the crime until significant losses accumulate, or someone discovers discrepancies on the books. Because of the hidden nature of the transactions, businesses can lose vast amounts of money. Business identity theft can remain undetected for years...
April 22, 2012 Added by:Steven Fox, CISSP, QSA
Security engineers, analysts, and auditors are apt to use security policies or industry best practices as the foundation of their guidance rather than addressing business needs. While valid in its substance, these appeals to authority are perceived negatively...
March 23, 2012 Added by:Wendy Nather
It's harder to be accused of nefarious activities if you are completely above-board, show you're willing to be subject to appropriate limits, and make a point of relinquishing any powers you might have. Call it CYA, call it leading by example, whatever. It's ethically important...
March 21, 2012 Added by:Thomas Fox
A mature compliance program can be a great benefit for a company, not only in evaluating risk from the compliance perspective but also preparing the necessary steps so that if a contact is awarded, it can be executed in an efficient manner. But it must have a seat at the table...
PoS Malware Kits Rose in Underground in 2014... on 03-17-2015
New PCI Compliance Study... on 03-17-2015
PCI Security Standards Council Statement on ... on 03-17-2015