Blog Posts Tagged with "Risk Management"

7fef78c47060974e0b8392e305f0daf0

ENISA: Inventory of Public Sources on Information Security

March 16, 2012 Added by:Infosec Island Admin

ENISA has launched a stock taking exercise using a questionnaire to establish an Inventory of publicly available sources on Information Security. Therefore, collection and aggregation of existing data and sources is an effective tool to raise information security...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

The Patchwork Cloud - What's the Deal with Cloud Security?

March 14, 2012 Added by:Rafal Los

Since everything I've been reading from the press, my colleagues, and analysts I know has been telling me security is ranked high in the top five concerns for cloud computing adoption - an article on ARN by Spandas Lui was like a bucket of ice water to the face...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

CyLab Report: Corporate Boards Neglecting Cyber Security

March 13, 2012 Added by:Headlines

"Less than two-thirds of the Forbes Global 2000 companies surveyed have full-time personnel in key roles responsible for privacy and security in a manner that is consistent with internationally accepted best practices and standards..."

Comments  (0)

9f19bdb2d175ba86949c352b0cb85572

Understanding Cloud Security Part One

March 11, 2012 Added by:Neira Jones

The cloud provides an opportunity to re-architect older applications and infrastructure to meet or exceed modern security requirements. At other times, the risk of moving sensitive data and applications to an emerging infrastructure might exceed tolerance levels...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Quantifying Risk Reduction with an Unknown Denominator

March 07, 2012 Added by:Rafal Los

The problem that exists with all these risk reduction measurements is that they're impossible to quantify. There is simply no way to say that by doing X you've reduced risk by Y% - at least not when you don't know the total number of issues that exist. And therein lies the problem...

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

Improving Compliance Performance in Your Supply Chain

March 05, 2012 Added by:Thomas Fox

One of the areas moving towards being incorporated into compliance programs is the supply chain. While many companies have focused significant compliance efforts towards the sales chain, the supply chain is now viewed as an area which requires compliance scrutiny...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Continuous Patching: Is it Viable in the Enterprise?

February 28, 2012 Added by:Rafal Los

The way patching works right now on all different levels I'm surprised anything works because we have operating system patches going in with application patches - and we're all just a heartbeat away from catastrophe. Maybe more continuous patching can be our savior...

Comments  (2)

99edc1997453f90eb5ac1430fd9a7c61

CISSP Certification, Information Security and Risk Management

February 23, 2012 Added by:Javvad Malik

The ISC2 promote it as the premier security certification in the world and have you believe that with a CISSP comes great knowledge, power, mastery of the Force and an abundance of wealth. To everyone else it’s a bunch of letters security people put after their name...

Comments  (4)

0a8cae998f9c51e3b3c0ccbaddf521aa

The Patchwork Cloud Part 1: An Overview

February 23, 2012 Added by:Rafal Los

Cloud computing isn't a paradigm every organization will follow whole-hog, nor should it be. Public cloud, hybrid cloud, private cloud, these are all terms need to be understood first and have some sort of rational approaches to security and risk management around them...

Comments  (0)

4e30710fdd82d696f9a69b8a561c0c3e

Best Practices to Prevent Document Leaks

February 16, 2012 Added by:Peter Weger

Unfortunate consequences occur when companies lose control over confidential assets and experience intentional or unintentional disclosure of the information. In some cases, even the possibility of information leakage can damage reputations and stock prices...

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

Creating Sustainable Compliance Performance

February 16, 2012 Added by:Thomas Fox

Thriving employees - who are not only “satisfied and productive but also engaged in creating the future” for their organization - out produce non-thriving employees. These concepts matter within the context of promoting a culture of compliance within your organization...

Comments  (0)

7477d0986a135e5e948d70e9995a609c

Information Security Relief is Spelled ISO-27001

February 15, 2012 Added by:John Verry

No matter the industry or service offering, organizations processing data on behalf of clients are experiencing the pain of proving they are secure and compliant with client standards and the myriad of regulations which their clients are obligated. ISO-27001 spells relief...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Build Your Security Portfolio Around Attack Scenarios

February 14, 2012 Added by:Danny Lieberman

In the current environment of rapidly evolving types of attacks - hacktivisim, nation-state attacks, credit card attacks mounted by organized crime, script kiddies, competitors and malicious insiders and more - it is essential that IT and security communicate effectively...

Comments  (1)

E313765e3bec84b2852c1c758f7244b6

Smart Grid Raises the Bar for Disaster Recovery

February 13, 2012 Added by:Brent Huston

Many of the organizations we have talked to simply have not begun the process of adjusting their risk assessments, disaster plans and the like for these types of operational requirements, even as smart grid devices begin to proliferate across the US and global infrastructures...

Comments  (0)

9f19bdb2d175ba86949c352b0cb85572

Incident Response and Risk Management Go Hand in Hand

February 12, 2012 Added by:Neira Jones

Residual risk is inevitable, so incident response becomes a crucial part of managing it. As the risk assessment identifies the assets critical to a business - threats, vulnerabilities and controls - so should the incident response plan concentrate on critical assets...

Comments  (2)

959779642e6e758563e80b5d83150a9f

Why Data Security Regulation is Bad

February 11, 2012 Added by:Danny Lieberman

The government knee-jerk reaction in the face of a data breach is to create more compliance regulation. Security by compliance does not improve security, since attackers can reverse-engineer the minimum requirements in a standard to look for holes in a company’s defenses...

Comments  (0)

Page « < 5 - 6 - 7 - 8 - 9 > »