Blog Posts Tagged with "Risk Management"
March 16, 2012 Added by:Infosec Island Admin
ENISA has launched a stock taking exercise using a questionnaire to establish an Inventory of publicly available sources on Information Security. Therefore, collection and aggregation of existing data and sources is an effective tool to raise information security...
March 14, 2012 Added by:Rafal Los
Since everything I've been reading from the press, my colleagues, and analysts I know has been telling me security is ranked high in the top five concerns for cloud computing adoption - an article on ARN by Spandas Lui was like a bucket of ice water to the face...
March 13, 2012 Added by:Headlines
"Less than two-thirds of the Forbes Global 2000 companies surveyed have full-time personnel in key roles responsible for privacy and security in a manner that is consistent with internationally accepted best practices and standards..."
March 11, 2012 Added by:Neira Jones
The cloud provides an opportunity to re-architect older applications and infrastructure to meet or exceed modern security requirements. At other times, the risk of moving sensitive data and applications to an emerging infrastructure might exceed tolerance levels...
March 07, 2012 Added by:Rafal Los
The problem that exists with all these risk reduction measurements is that they're impossible to quantify. There is simply no way to say that by doing X you've reduced risk by Y% - at least not when you don't know the total number of issues that exist. And therein lies the problem...
March 05, 2012 Added by:Thomas Fox
One of the areas moving towards being incorporated into compliance programs is the supply chain. While many companies have focused significant compliance efforts towards the sales chain, the supply chain is now viewed as an area which requires compliance scrutiny...
February 28, 2012 Added by:Rafal Los
The way patching works right now on all different levels I'm surprised anything works because we have operating system patches going in with application patches - and we're all just a heartbeat away from catastrophe. Maybe more continuous patching can be our savior...
February 23, 2012 Added by:Javvad Malik
The ISC2 promote it as the premier security certification in the world and have you believe that with a CISSP comes great knowledge, power, mastery of the Force and an abundance of wealth. To everyone else it’s a bunch of letters security people put after their name...
February 23, 2012 Added by:Rafal Los
Cloud computing isn't a paradigm every organization will follow whole-hog, nor should it be. Public cloud, hybrid cloud, private cloud, these are all terms need to be understood first and have some sort of rational approaches to security and risk management around them...
February 16, 2012 Added by:Peter Weger
Unfortunate consequences occur when companies lose control over confidential assets and experience intentional or unintentional disclosure of the information. In some cases, even the possibility of information leakage can damage reputations and stock prices...
February 16, 2012 Added by:Thomas Fox
Thriving employees - who are not only “satisfied and productive but also engaged in creating the future” for their organization - out produce non-thriving employees. These concepts matter within the context of promoting a culture of compliance within your organization...
February 15, 2012 Added by:John Verry
No matter the industry or service offering, organizations processing data on behalf of clients are experiencing the pain of proving they are secure and compliant with client standards and the myriad of regulations which their clients are obligated. ISO-27001 spells relief...
February 14, 2012 Added by:Danny Lieberman
In the current environment of rapidly evolving types of attacks - hacktivisim, nation-state attacks, credit card attacks mounted by organized crime, script kiddies, competitors and malicious insiders and more - it is essential that IT and security communicate effectively...
February 13, 2012 Added by:Brent Huston
Many of the organizations we have talked to simply have not begun the process of adjusting their risk assessments, disaster plans and the like for these types of operational requirements, even as smart grid devices begin to proliferate across the US and global infrastructures...
February 12, 2012 Added by:Neira Jones
Residual risk is inevitable, so incident response becomes a crucial part of managing it. As the risk assessment identifies the assets critical to a business - threats, vulnerabilities and controls - so should the incident response plan concentrate on critical assets...
February 11, 2012 Added by:Danny Lieberman
The government knee-jerk reaction in the face of a data breach is to create more compliance regulation. Security by compliance does not improve security, since attackers can reverse-engineer the minimum requirements in a standard to look for holes in a company’s defenses...
The State of Obama Cybercare... Eden Connie on 01-26-2015
OSI Model’s Relevance to Web App Security... Arduan Arduan on 01-26-2015
Visa Puts Heartland on Probation Over Breach... Arduan Arduan on 01-26-2015