Blog Posts Tagged with "Governance"
Shadow IT: The Invisible Network
November 14, 2017 Added by:Chris Jordan
Shadow IT is the term most related to the risk associated with the threat that application awareness addresses.
Comments (0)
GRC: Going Beyond the Acronym
March 10, 2017 Added by:Corey Wilburn
An effective GRC disciple requires a company-wide buy-in. The easier you make it for your colleagues, the easier you make it for yourself.
Comments (0)
Five Questions Boards of Directors Need to Ask About Cloud Governance
May 01, 2013 Added by:InfosecIsland News
ISACA has issued new guidance outlining key questions for boards of directors to ask to ensure their enterprise’s cloud initiative is in line with business objectives and the organization’s risk tolerance.
Comments (1)
The "Compliance Society"
July 23, 2012 Added by:Bob Radvanovsky
I am quickly growing weary of the fact that individuals claiming to be "cybersecurity" or "critical infrastructure" subject-matter experts (or "SMEs"), are indicating that adherence to a regulatory requirement or compliance governance means that something is "secured". Let's get one thing straight...
Comments (5)
Two-Thirds of Management Don’t Know Where Their Data Is
June 25, 2012 Added by:Headlines
“The most disturbing findings were the number of companies that report they have no way to track what data is being stored in the cloud, no process to manage access to that data (or plans to do so), and that management doesn’t know where enterprise data is stored. This should act as a wakeup call for organizations..."
Comments (1)
Companies Focus on Growth But Lag Behind Threats
June 20, 2012 Added by:Bob Radvanovsky
Industries that are regulated or that have to adhere to a standard feel that if they simply follow the requirements that they are secured. This is a misnomer, as adherence to a regulation, governance or compliance standard is a good start, but it does not necessarily mean that an organization is "secure"...
Comments (0)
Congressional Witnesses Agree: Multistakeholders Right for Internet Regulation
June 15, 2012 Added by:Electronic Frontier Foundation
The threat posed by the International Telecommunication Union (ITU) is not limited to an outright "takeover" by Russia or China. ITU's vision of Internet policy-making is more like "taking control" than the transparent and bottom-up multi-stakeholder process typically associated with Internet governance...
Comments (0)
Lies We Tell Ourselves: 5 Misconceptions Infosec Needs to Change
June 10, 2012 Added by:Rafal Los
Good security practices and principles can save your organization money in a real, measurable way, and it can contribute to making more money by getting to market faster, having more clients... so stop thinking of security as a cost center and start thinking of ways to help the business top or bottom lines...
Comments (0)
CyLab: Utilities Rank Worst in Governance and Security
May 23, 2012 Added by:Headlines
“Of the... respondents, the energy/utilities sector had the poorest governance practices. When asked whether their organizations were undertaking six best practices for cyber governance, the... sector ranked last for four of the practices and next to last for the other two..."
Comments (0)
Keeping Security Relevant: From Control to Governance in the Cloud
May 11, 2012 Added by:Rafal Los
When someone mentions public cloud, you quickly see the polarizing effects the topic has, generating a very negative reaction to the idea of putting anything corporate in the public cloud. What does that mean for the future of corporate information security and risk management?
Comments (0)
Five Conversations that will Shape Your Cloud Security Model
May 03, 2012 Added by:Rafal Los
We need to move away from the control model into a governance model and acknowledge we're not going to have control over all of our risk. Any notion that you have control is a delusion. Assuming that if you control the environment you have better security is a fallacy...
Comments (0)
Manage Risk Before it Damages You - Part One
March 20, 2012 Added by:Neira Jones
Assuming we have managed to address the infosec gap, we’re left with ensuring the security of information assets and services. Because we are all governed by material pressures, it would be unrealistic that we should embark on all encompassing programs to secure all assets..
Comments (0)
Does DoE Know the Difference Between IT and Control Systems?
March 20, 2012 Added by:Joe Weiss
In September 2011 DOE issued the first draft of the Electricity SubSector Cybersecurity Risk Management Process document for comments. The document essentially equated IT and ICS. Doesn't DOE understand the difference between IT and Control Systems?
Comments (0)
Security Depends on IT Maturity
March 18, 2012 Added by:Robb Reck
Signs of an organization’s security fitness in metrics like patch levels, web application vulnerabilities, and firewall configurations. But in order to see the real state of our security programs, we need to include measures that capture the state of IT governance overall...
Comments (3)
NIST Steering Group to Support Trusted Identities in Cyberspace
March 15, 2012 Added by:Infosec Island Admin
"The committee will guide creation of an ‘Identity Ecosystem’ in which businesses and individuals can have more confidence in the security and privacy of their online transactions. The committee will also be responsible for identifying resources that will support the effort..."
Comments (0)
CyLab Report: Corporate Boards Neglecting Cyber Security
March 13, 2012 Added by:Headlines
"Less than two-thirds of the Forbes Global 2000 companies surveyed have full-time personnel in key roles responsible for privacy and security in a manner that is consistent with internationally accepted best practices and standards..."
Comments (0)
- Every Business Can Have Visibility into Advanced and Sophisticated Attacks
- 4 Cybersecurity Tips for Staying Safe During the World Cup
- Machine Learning vs. Deep Learning in Cybersecurity – Demystifying AI’s Siblings
- Building a Strong, Intentional and Sustainable Security Culture
- The 3 Must Knows of Sandboxing
- Valve Patches 10-Year Old Flaw in Steam Client
- Infrastructure Under Attack
- How to Prevent Cloud Configuration Errors
- SOC Automation: Good or Evil?
- Can Organisations Turn Back Time after a Cyber-Attack?