Blog Posts Tagged with "Leadership"


From Obstacle to Ally - Repositioning the Security Team

March 30, 2012 Added by:Steven Fox, CISSP, QSA

Rarely are non-security staff engaged in risk control discussions – a lack of interaction that disenfranchises those who will interact with the controls. This engenders a sense of powerlessness that leads to passive sabotage of initiatives intended to further the business...

Comments  (0)


Innovation and Compliance

March 26, 2012 Added by:Thomas Fox

Can compliance be innovative? Or can innovation inform your compliance program? Innovation in the compliance arena is key. As compliance programs mature and as companies mature in their approach to compliance, innovation will continue to lead best practices...

Comments  (0)


Eating the Security Dog Food

March 23, 2012 Added by:Wendy Nather

It's harder to be accused of nefarious activities if you are completely above-board, show you're willing to be subject to appropriate limits, and make a point of relinquishing any powers you might have. Call it CYA, call it leading by example, whatever. It's ethically important...

Comments  (0)


Changing of the Guard: A Perspective on the Changing CISO Role

March 19, 2012 Added by:Rafal Los

Security means different things to different people - but by and large we can agree on the need to defend our organizations against those bad guys who wish to do it harm whether it's from a purely destructive perspective or something more sinister...

Comments  (0)


Roundtable: Opportunities for HR in Consumerization of IT

March 15, 2012 Added by:Kyle Lagunas

Providing access to all sorts of internal systems for both employees and managers can make for a more adaptable organization regardless of size. IT has struggled with this loss of gatekeeper control, but the sound fiscal results are changing the minds of the C-suite...

Comments  (0)


CyLab Report: Corporate Boards Neglecting Cyber Security

March 13, 2012 Added by:Headlines

"Less than two-thirds of the Forbes Global 2000 companies surveyed have full-time personnel in key roles responsible for privacy and security in a manner that is consistent with internationally accepted best practices and standards..."

Comments  (0)


Is it Time to Reinvent the CISO?

March 13, 2012 Added by:Rafal Los

Is the CISO willing to take on more business-focused responsibilities, and look at information security from a less technical solution-oriented perspective - and if so is that sustainable? If you're looking for advice I have a little bit here for you...

Comments  (1)


RSA Conference 2012: Day One Highlights

February 28, 2012 Added by:Robb Reck

The biggest key to the success of any security program is achieving goal congruence with the organization. Every security objective should directly support the overall objectives of the company. Security must figure out how our projects contribute to the organization’s success...

Comments  (0)


The CISO as a Capable Catalyst

February 22, 2012 Added by:Rafal Los

"If a CISO initially receives any capability when starting the position, that was capability that was left over from their predecessor. It is now the CISO's responsibility to earn more capability and solidify what may already exist..."

Comments  (2)


Responsibility vs Capability in the CISO Role

February 17, 2012 Added by:Rafal Los

Capability is often seen as the ability to enforce - whether its corporate politics, budget, or a top-down reporting structure. If you don't have the capability to force people to follow organization-wide decisions it is difficult to have a solid organization...

Comments  (0)


Creating Sustainable Compliance Performance

February 16, 2012 Added by:Thomas Fox

Thriving employees - who are not only “satisfied and productive but also engaged in creating the future” for their organization - out produce non-thriving employees. These concepts matter within the context of promoting a culture of compliance within your organization...

Comments  (0)


Enterprise Ethics: Anticipating Ripples in the Pond

February 04, 2012 Added by:Thomas Fox

It is better to consider the ripple effects of your decision making before throwing that rock into your company’s ethics pond. If you do not do so you can easily run the risk of consequences for which you may have no response for, yet be held accountable for in your company...

Comments  (0)


On Enterprise-Wide Risk Management

January 23, 2012 Added by:Michele Westergaard

Certain tasks can be defined via policy as needed but are really the small part of the role. An overarching role is to understand the key issues facing the organization, creatively challenge business processes by asking what can go wrong, then working to plug the potential holes...

Comments  (0)


Security and the Theory of Constraints

January 16, 2012 Added by:Danny Lieberman

Security management is tricky. It’s not only about technical controls and good software development practice. It’s also about management responsibility. If you remember the Theory of Constraints, there is only one thing that limits a system's (or company's) performance...

Comments  (0)


Security: Three Tips When Speaking to the Board of Directors

December 16, 2011 Added by:Jason Clark

Many CISOs are getting questions specifically about whether they are protected from targeted attacks, malware, and data breaches. And many of these questions are coming from people who don’t really know what terms like “targeted attack” or “malware” actually mean - the Board of Directors...

Comments  (4)


Measuring Information Security Effectiveness

December 11, 2011 Added by:Bill Gerneglia

“The face of cyber threats has rapidly evolved from curious college kids taking their hand at hacking to an enormous global ecosystem of cyber-crime. Companies need a comprehensive approach to security technology, education and awareness and a very small number have truly mastered all three...”

Comments  (0)

Page « < 2 - 3 - 4 - 5 - 6 > »