Blog Posts Tagged with "Leadership"


Melville's "Bartleby the Scrivener" and Infosec

May 26, 2012 Added by:Rafal Los

Bottom line is, you won't be able to force change no matter how much you yell, scream, or try to scare the leadership. Better security is a cultural change, it's a change that must be adopted for a purpose or organizational goal. Otherwise, you're throwing rocks against a brick wall...

Comments  (0)


CISO 2.0: Enterprise Umpire or Wide Receiver?

May 21, 2012 Added by:Robb Reck

In security, our challenge to demonstrate to the business that the money they invest in us goes further than just keeping us out of the newspaper. Security can deliver tangible benefits out to the business. An effective security program can reduce the costs of creating products...

Comments  (2)


Achieving Compliance in the Post-Acquisition Context

May 17, 2012 Added by:Thomas Fox

Trust cascades down each level of a company from the Board of Directors to employees and then to customers. Trust is equally important in the M&A context. These ideas are useful for the compliance practitioner when integrating a new acquisition into an existing compliance culture...

Comments  (0)


Software Security: A Chief Financial Officer’s Perspective

May 15, 2012 Added by:Fergal Glynn

Surprise, you woke up today and found that 10% of the value of your company is gone because confidential customer information was made public. The FTC is knocking on your door asking for a forensic security audit. Your largest investors are calling about the scope of the breach...

Comments  (0)


Turn Compliance Beliefs Into Action: Impact Tone at the Bottom

May 11, 2012 Added by:Thomas Fox

This method is a good way for a compliance practitioner to get at ‘tone at the bottom’. By engaging employees at the level suggested you can find out not only what the employees think about the compliance program but use their collective experience to help design a more effective program...

Comments  (0)


Breached! Now What? Seven Steps to Avoid Failure Panic

May 07, 2012 Added by:Rafal Los

To many organizations, a security breach means a catastrophic failure in security signifying a breakdown in the mechanisms installed to keep the organization secure, and by its very nature represents failure. The problem with this situation is it really represents two failures...

Comments  (1)


Compliance: To Boldly Go Where the Board Needs to Go

April 29, 2012 Added by:Thomas Fox

I was thinking about Captain Kirk and his leadership of the Enterprise in the context of issues relating the Board of Directors responsibility in a company’s compliance program. Kirk did not have to deal with a BOD, but he did lead from the front, and that is what a CCO must do...

Comments  (0)


Mike Locatis Named Assistant Secretary for Cybersecurity

April 25, 2012 Added by:Headlines

DHS announced the appointment of Michael W. Locatis III as the new Assistant Secretary for Cybersecurity and Communications (CS&C) at the National Protection and Programs Directorate. Locatis brings a wealth of experience in information management, cybersecurity and public safety...

Comments  (0)


Positioning the Security Team Using Influence Part 2

April 22, 2012 Added by:Steven Fox, CISSP, QSA

Security engineers, analysts, and auditors are apt to use security policies or industry best practices as the foundation of their guidance rather than addressing business needs. While valid in its substance, these appeals to authority are perceived negatively...

Comments  (0)


An Enterprise Compliance Dialogue

April 17, 2012 Added by:Thomas Fox

Management must “walk the talk” through both discipline and a system of rewards. The discipline must be clear and delivered decisively. The rewards must be not only direct financial remuneration but also the internal promotion of persons who do business in an ethical manner...

Comments  (0)


Helpdesk to the Boardroom

April 16, 2012 Added by:Daniel Blander

As security professionals, we eagerly hone our skills and immerse ourselves in the latest research. Yet too many of us feel that we are marginalized, and become frustrated at our lack of professional advancement. What could be the problem and how can we overcome it?

Comments  (0)


What the Titanic Teaches Techies

April 15, 2012 Added by:Allan Pratt, MBA

No one wants to think that disaster will strike, but it’s better to have policies in place and not need them – because you never know when you may encounter an iceberg - especially for those of us who live and breathe in the information security arena...

Comments  (0)


Security Leaders Give Up

April 12, 2012 Added by:T.H. Enders

Breaking News: In uncanny synchronicity, CISOs, CSOs, auditors, and security consultants up and walked off their jobs today. It's hard to say what the repercussions will be. Pundits, analysts, and DHS are still trying to get a clear picture of the breadth of the problem...

Comments  (7)


Positioning the Security Team Through Influence Part 1

April 06, 2012 Added by:Steven Fox, CISSP, QSA

The essential approach to enhancing the role of security professionals is to enhance their organizational influence. This article kicks off a series exploring basic influence styles, the associated pitfalls, and guidance for their proper application...

Comments  (0)


Barbara Tuchman and Compliance Programs

April 04, 2012 Added by:Thomas Fox

Compliance professionals are continually try to get the message out at corporations. Here is some wisdom that Tuchman advocated and how it might help the compliance professional convey the essence of doing business in compliance across a corporation...

Comments  (0)


Manage Risk Before it Damages You - Part Two

April 01, 2012 Added by:Neira Jones

For a CISO to be successful, they need not only to be prepared to eliminate redundant services and controls (ouch!), but also to promote the elimination of redundant assets which they will invariably not own. Enter the political CISO...

Comments  (2)

Page « < 1 - 2 - 3 - 4 - 5 > »