Blog Posts Tagged with "Leadership"
Changing Security Behaviors Via a Top Down Approach
August 02, 2018 Added by:Perry Carpenter
When it comes to changing behaviors and building better security hygiene, the role of the leader is not only critical, but it is the impetus to change.
Comments (0)
Five Essentials of a Chief Compliance Officer Position
December 05, 2012 Added by:Thomas Fox
The five essential features are based on the Department of Justice’s thinking on the issue in the form of the US Sentencing Guidelines, FCPA enforcement actions and evolving best practices. If your company is not following these it may well not be deemed to have a commitment to compliance...
Comments (0)
Infosec’s Most Dangerous Game: Groupthink
November 07, 2012 Added by:Dave Shackleford
These days, I am very, very afraid for the future of CISOs. Over the past few years, and specifically the past 12 months, I have become increasingly alarmed at the level of “groupthink” and “synchronized nodding” going on with security executives. Here are some of the things I am seeing...
Comments (0)
James Bond at 50 – A Compliance Conversation in English and American
October 15, 2012 Added by:Thomas Fox
Maybe it’s just the difference in the two cultures; in the UK, they are trying figure out how and why compliance failures occurred and change the compliance culture so they can obey the law. In the US, businesses want to change the law so the conduct companies engage in will no longer violate the law...
Comments (0)
CISO Lessons Learned
October 11, 2012 Added by:Tripwire Inc
The lessons they learn are not just from traditional infosec forensics – they also look at other parts of the business who contributed to the issue, were impacted by the incidents, or who were involved in response – and their learnings can include virtually any aspect of the chain of event...
Comments (0)
CEO Hubris and Compliance Catastrophes
October 08, 2012 Added by:Thomas Fox
Even in this age of documenting, checking, measuring, stress testing and reassessing every conceivable type of risk, what is the one which is never tested? She believes that the answer is “the chief executive gets so high on power that he or she losses the plot...”
Comments (0)
Revising Your Code of Conduct: Don’t Wait
September 30, 2012 Added by:Thomas Fox
The backbone of the revision process is how your company captures, collaborates and preserves “all of the comments, notes, edits and decisions during the entire project," and you should assess “the best application to launch your Code and whether it includes a certification process..."
Comments (0)
The Face of Battle: Sir John Keegan and the Individual in Compliance
September 26, 2012 Added by:Thomas Fox
Compliance violation perpetrators will often grow the fraud in magnitude, sometimes increasing the number of participants. They will rarely cease on their own accord. This fits into Sir John’s analysis of the everyman of battle: What they did and how they did it...
Comments (0)
The Right Way to Handle Shrinking Budgets
September 09, 2012 Added by:Robb Reck
We add new security tools by seldom get rid of the old ones. So, it’s no surprise that when our companies require us to reduce our budgets we don’t really know how to do it. In the face of these tightening budgets we need to adapt and survive. This leaves us with three options...
Comments (0)
Error Logs and Apollo 11: One Giant Step For Risk Management
September 09, 2012 Added by:Tripwire Inc
Although Neil Armstrong is the hero of the Apollo 11 story, the planning, management, complexity and technology for the mission is often overlooked. Iit were not for testing and assessing risks associated with the systems the lunar landing would not have been a success...
Comments (0)
Leadership in the Compliance Department
September 05, 2012 Added by:Thomas Fox
While a leader can provide some insights based on experience, and perhaps give a different view, the employee who brought up the compliance issue will probably be more intimately involved with it. The employee may have thought through a resolution to the potential issue as well...
Comments (0)
Enterprise Security: Being Your Own Worst Enemy
August 30, 2012 Added by:Rafal Los
Enterprise security organizations can be their own worst enemies. Security is largely disconnected from the business, largely dependent on technology, and unable to be anything more than a cost center... and it seems like the more we rant and wave our arms the deeper the hole gets...
Comments (0)
How Do You Change an Unhealthy Compliance Culture?
August 29, 2012 Added by:Thomas Fox
The best way to effect culture “is to combine strong leadership with the existing internal elements of a healthy corporate culture... while it may take as long to create a good culture as it does to establish a good reputation, a strong set of values is usually harder to destroy unless the company is itself dismantled..."
Comments (0)
Your Organizational Chart Tells a Security Story
August 28, 2012 Added by:Tripwire Inc
The common reason to push the security team over to the side or down the org chart is due to a belief that what they do isn’t a core value proposition for the company. By reinforcing the idea that security is low priority it creates impediments for the business and the security team to negotiate risk and work collaboratively...
Comments (1)
Assessing Risk Management Culture to Better Understand the Characteristics of ERM Programs
August 27, 2012 Added by:Michele Westergaard
The past 24 months have seen a number of disasters bring risk management to the forefront of executives and board directors. Whether natural disasters such as the Japanese Tsunami or man-made such as the Gulf of Mexico oil spill, fat-tail disasters have created a renewed interest in enterprise risk management...
Comments (1)
Lessons for CEOs from the Saudi Aramco Breach
August 27, 2012 Added by:Jeffrey Carr
Most security operations centers are monitoring for an APT-style attack and their defensive tactics are geared towards interrupting it by use of an "intrusion kill chain". The attack on Saudi Aramco didn't fit this model, and hence would have been completely missed by most of the world's largest companies...
Comments (1)
- How Ethical Hackers Find Weaknesses and Secure Businesses
- New Passive RFID Tech Poses Threat to Enterprise IoT
- Android RAT Exclusively Targets Brazil
- Three Strategies to Avoid Becoming the Next Capital One
- Why a Business-Focused Approach to Security Assurance Should Be an Ongoing Investment
- If You Don’t Have Visibility, You Don’t Have Security
- Ransomware: Why Hackers Have Taken Aim at City Governments
- 5 Limitations of Network-Centric Security in the Cloud
- 1 Million South Korean Credit Card Records Found Online
- Top Three Cross-Site Scripting Attacks You Need to Know Now