Blog Posts Tagged with "Leadership"

59d9b46aa00c70238bb89056cfeb96c0

Five Essentials of a Chief Compliance Officer Position

December 05, 2012 Added by:Thomas Fox

The five essential features are based on the Department of Justice’s thinking on the issue in the form of the US Sentencing Guidelines, FCPA enforcement actions and evolving best practices. If your company is not following these it may well not be deemed to have a commitment to compliance...

Comments  (0)

1b061b1cec6b5898e5326992d9461610

Infosec’s Most Dangerous Game: Groupthink

November 07, 2012 Added by:Dave Shackleford

These days, I am very, very afraid for the future of CISOs. Over the past few years, and specifically the past 12 months, I have become increasingly alarmed at the level of “groupthink” and “synchronized nodding” going on with security executives. Here are some of the things I am seeing...

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

James Bond at 50 – A Compliance Conversation in English and American

October 15, 2012 Added by:Thomas Fox

Maybe it’s just the difference in the two cultures; in the UK, they are trying figure out how and why compliance failures occurred and change the compliance culture so they can obey the law. In the US, businesses want to change the law so the conduct companies engage in will no longer violate the law...

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

CISO Lessons Learned

October 11, 2012 Added by:Tripwire Inc

The lessons they learn are not just from traditional infosec forensics – they also look at other parts of the business who contributed to the issue, were impacted by the incidents, or who were involved in response – and their learnings can include virtually any aspect of the chain of event...

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

CEO Hubris and Compliance Catastrophes

October 08, 2012 Added by:Thomas Fox

Even in this age of documenting, checking, measuring, stress testing and reassessing every conceivable type of risk, what is the one which is never tested? She believes that the answer is “the chief executive gets so high on power that he or she losses the plot...”

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

Revising Your Code of Conduct: Don’t Wait

September 30, 2012 Added by:Thomas Fox

The backbone of the revision process is how your company captures, collaborates and preserves “all of the comments, notes, edits and decisions during the entire project," and you should assess “the best application to launch your Code and whether it includes a certification process..."

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

The Face of Battle: Sir John Keegan and the Individual in Compliance

September 26, 2012 Added by:Thomas Fox

Compliance violation perpetrators will often grow the fraud in magnitude, sometimes increasing the number of participants. They will rarely cease on their own accord. This fits into Sir John’s analysis of the everyman of battle: What they did and how they did it...

Comments  (0)

C787d4daae33f0e155e00c614f07b0ee

The Right Way to Handle Shrinking Budgets

September 09, 2012 Added by:Robb Reck

We add new security tools by seldom get rid of the old ones. So, it’s no surprise that when our companies require us to reduce our budgets we don’t really know how to do it. In the face of these tightening budgets we need to adapt and survive. This leaves us with three options...

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

Error Logs and Apollo 11: One Giant Step For Risk Management

September 09, 2012 Added by:Tripwire Inc

Although Neil Armstrong is the hero of the Apollo 11 story, the planning, management, complexity and technology for the mission is often overlooked. Iit were not for testing and assessing risks associated with the systems the lunar landing would not have been a success...

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

Leadership in the Compliance Department

September 05, 2012 Added by:Thomas Fox

While a leader can provide some insights based on experience, and perhaps give a different view, the employee who brought up the compliance issue will probably be more intimately involved with it. The employee may have thought through a resolution to the potential issue as well...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Enterprise Security: Being Your Own Worst Enemy

August 30, 2012 Added by:Rafal Los

Enterprise security organizations can be their own worst enemies. Security is largely disconnected from the business, largely dependent on technology, and unable to be anything more than a cost center... and it seems like the more we rant and wave our arms the deeper the hole gets...

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

How Do You Change an Unhealthy Compliance Culture?

August 29, 2012 Added by:Thomas Fox

The best way to effect culture “is to combine strong leadership with the existing internal elements of a healthy corporate culture... while it may take as long to create a good culture as it does to establish a good reputation, a strong set of values is usually harder to destroy unless the company is itself dismantled..."

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

Your Organizational Chart Tells a Security Story

August 28, 2012 Added by:Tripwire Inc

The common reason to push the security team over to the side or down the org chart is due to a belief that what they do isn’t a core value proposition for the company. By reinforcing the idea that security is low priority it creates impediments for the business and the security team to negotiate risk and work collaboratively...

Comments  (1)

6462807771e81d9c33eb99307f5f3e77

Assessing Risk Management Culture to Better Understand the Characteristics of ERM Programs

August 27, 2012 Added by:Michele Westergaard

The past 24 months have seen a number of disasters bring risk management to the forefront of executives and board directors. Whether natural disasters such as the Japanese Tsunami or man-made such as the Gulf of Mexico oil spill, fat-tail disasters have created a renewed interest in enterprise risk management...

Comments  (1)

296634767383f056e82787fcb3b94864

Lessons for CEOs from the Saudi Aramco Breach

August 27, 2012 Added by:Jeffrey Carr

Most security operations centers are monitoring for an APT-style attack and their defensive tactics are geared towards interrupting it by use of an "intrusion kill chain". The attack on Saudi Aramco didn't fit this model, and hence would have been completely missed by most of the world's largest companies...

Comments  (1)

59d9b46aa00c70238bb89056cfeb96c0

How Do You Change to a Culture of Compliance?

August 23, 2012 Added by:Thomas Fox

Unlike the insurance industry, which helps companies manage risks through financial instruments, risk management attempts to avoid or at least control risk. The next time you hear the mindless prattle of “but we’ve always done it that way”, get some ideas on how to change your company’s compliance culture...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »