Blog Posts Tagged with "Governance"
Five Questions Boards of Directors Need to Ask About Cloud Governance
May 01, 2013 Added by:InfosecIsland News
ISACA has issued new guidance outlining key questions for boards of directors to ask to ensure their enterprise’s cloud initiative is in line with business objectives and the organization’s risk tolerance.
Comments (1)
The "Compliance Society"
July 23, 2012 Added by:Bob Radvanovsky
I am quickly growing weary of the fact that individuals claiming to be "cybersecurity" or "critical infrastructure" subject-matter experts (or "SMEs"), are indicating that adherence to a regulatory requirement or compliance governance means that something is "secured". Let's get one thing straight...
Comments (2)
Two-Thirds of Management Don’t Know Where Their Data Is
June 25, 2012 Added by:Headlines
“The most disturbing findings were the number of companies that report they have no way to track what data is being stored in the cloud, no process to manage access to that data (or plans to do so), and that management doesn’t know where enterprise data is stored. This should act as a wakeup call for organizations..."
Comments (1)
Companies Focus on Growth But Lag Behind Threats
June 20, 2012 Added by:Bob Radvanovsky
Industries that are regulated or that have to adhere to a standard feel that if they simply follow the requirements that they are secured. This is a misnomer, as adherence to a regulation, governance or compliance standard is a good start, but it does not necessarily mean that an organization is "secure"...
Comments (0)
Congressional Witnesses Agree: Multistakeholders Right for Internet Regulation
June 15, 2012 Added by:Electronic Frontier Foundation
The threat posed by the International Telecommunication Union (ITU) is not limited to an outright "takeover" by Russia or China. ITU's vision of Internet policy-making is more like "taking control" than the transparent and bottom-up multi-stakeholder process typically associated with Internet governance...
Comments (0)
Lies We Tell Ourselves: 5 Misconceptions Infosec Needs to Change
June 10, 2012 Added by:Rafal Los
Good security practices and principles can save your organization money in a real, measurable way, and it can contribute to making more money by getting to market faster, having more clients... so stop thinking of security as a cost center and start thinking of ways to help the business top or bottom lines...
Comments (0)
CyLab: Utilities Rank Worst in Governance and Security
May 23, 2012 Added by:Headlines
“Of the... respondents, the energy/utilities sector had the poorest governance practices. When asked whether their organizations were undertaking six best practices for cyber governance, the... sector ranked last for four of the practices and next to last for the other two..."
Comments (0)
Keeping Security Relevant: From Control to Governance in the Cloud
May 11, 2012 Added by:Rafal Los
When someone mentions public cloud, you quickly see the polarizing effects the topic has, generating a very negative reaction to the idea of putting anything corporate in the public cloud. What does that mean for the future of corporate information security and risk management?
Comments (0)
Five Conversations that will Shape Your Cloud Security Model
May 03, 2012 Added by:Rafal Los
We need to move away from the control model into a governance model and acknowledge we're not going to have control over all of our risk. Any notion that you have control is a delusion. Assuming that if you control the environment you have better security is a fallacy...
Comments (0)
Manage Risk Before it Damages You - Part One
March 20, 2012 Added by:Neira Jones
Assuming we have managed to address the infosec gap, we’re left with ensuring the security of information assets and services. Because we are all governed by material pressures, it would be unrealistic that we should embark on all encompassing programs to secure all assets..
Comments (0)
Does DoE Know the Difference Between IT and Control Systems?
March 20, 2012 Added by:Joe Weiss
In September 2011 DOE issued the first draft of the Electricity SubSector Cybersecurity Risk Management Process document for comments. The document essentially equated IT and ICS. Doesn't DOE understand the difference between IT and Control Systems?
Comments (0)
Security Depends on IT Maturity
March 18, 2012 Added by:Robb Reck
Signs of an organization’s security fitness in metrics like patch levels, web application vulnerabilities, and firewall configurations. But in order to see the real state of our security programs, we need to include measures that capture the state of IT governance overall...
Comments (3)
NIST Steering Group to Support Trusted Identities in Cyberspace
March 15, 2012 Added by:Infosec Island Admin
"The committee will guide creation of an ‘Identity Ecosystem’ in which businesses and individuals can have more confidence in the security and privacy of their online transactions. The committee will also be responsible for identifying resources that will support the effort..."
Comments (0)
CyLab Report: Corporate Boards Neglecting Cyber Security
March 13, 2012 Added by:Headlines
"Less than two-thirds of the Forbes Global 2000 companies surveyed have full-time personnel in key roles responsible for privacy and security in a manner that is consistent with internationally accepted best practices and standards..."
Comments (0)
RSA Conference 2012 Wrap-Up
March 04, 2012 Added by:Robb Reck
RSA 2012 is in the books. The crypto-geniuses have gone home and are again working on solving our most challenging technical problems. The rest of us have returned home with some new insights and an improved plan for implementing security in our own little corners of the world...
Comments (0)
ISO 27001 and HITRUST for Healthcare Organizations
January 23, 2012 Added by:John Verry
HITRUST provides a prescriptive set of controls that are mapped and referenced to standards and regulations relevant to healthcare. The idea is to simplify the process of becoming largely compliant with relevant laws and regulations and mitigating most risks...
Comments (0)
- Five Things Your InfoSec Team Should Do in the Next 30 Days
- The Disclosure Debate Continues….. (part 1,453, 769) to be Continued
- The Danger of Mixing Cyber Espionage with Cyber Warfare
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)