Earlier this week Richard Stiennon published an article that questions the value of risk management in IT, and I would argue that, although risk management presents challenges to IT, best practice-driven approaches leveraging aspects of risk management are essential to good security.
Steve Schlarman, eGRC solutions architect, RSA | 22 Oct | Read more
Phreaking is a term not often used these days. It was introduced to describe the technique of simulating telephone tones to fool a phone system into giving you free calls.
Skeeve Stevens | 08 Nov | Read more
Our coverage of the annual Global Information Security Survey conducted by CSO and CIO magazines in partnership with PwC has sparked some interesting discussions about <a href="http://www.csoonline.com/article/690854/are-you-an-it-security-%20leader-really-">what it takes to be a security leader</a>. Specifically, the discussion is about how organizations can move <a href="http://www.csoonline.com/article/691069/laggard-to-leader-what-it-takes-to-get-there">from being a security laggard to something better</a>. As part of those discussions, we spoke with Andy Ellis, chief security officer at Akamai Technologies. Ellis is responsible for overseeing the security architecture and compliance of the company's globally distributed network and sets the strategic direction of its security.
George V. Hulme | 02 Nov | Read more
Organizations continue to spend on <a href="http://www.csoonline.com/topic/41248/business-continuity">business continuity</a> and disaster recovery, but BC/DR is still not a budget top priority, according to newly-released data from Forrester Research.
Joan Goodchild | 02 Nov | Read more
The need to manage risk will result in organisations adopting hybrid clouds as the preferred cloud delivery model, according to Dean Kingsley, who heads the technology risk practice within the Enterprise Risk Services division at Deloitte in Sydney.
Stilgherrian | 26 Oct | Read more
A Risk Register, also referred to as a Risk Log, is a master document which is created during the early stages of your project. It is a tool that plays an important part in your Risk Management Plan, helping you to track issues and address problems as they arise.
The aim of this article is to provide companies that offer outsourced services, (dealing with the management of information), some tangible, commercial benefits to go down the ISMS implementation and certification path.
Mark Jones | 13 Sep | Read more
For years, professionals of the information security industry have been advising and using risk-based approaches to securing organisations and their information assets. This has been the received wisdom for so long that this is now encompassed in industry standards, such as ISO 27001, FIPS 200, etc.
Charles Wale | 19 Aug | Read more
For years businesses have talked about how important security is to their customers and to the success of their business. However, with <a href="http://www.csoonline.com/special/slideshows/data_breaches/index">so many breaches in so many different industries</a>, it's tough to take organizations at their word.
George V. Hulme | 23 Jul | Read more
Over the last two decades, the primary contribution of information technologies in firms has been about efficiency and enablement: to improve processes, make people more productive, reduce time to market, or enable things that couldn't be done previously.
Vasant Dhar and Arun Sundararajan | 21 May | Read more
The NSW government department tasked with the state’s data centre reform program, the Department of Services Technology and Administration, has the green light to procure a software package to support internal audit and corporate risk management.
Rodney Gedda | 04 Apr | Read more
While the race between industrial control system attackers and defenders didn't start with the Stuxnet worm, it certainly acted as a catalyst to a new arms race and more researchers taking a closer look at the quality of SCADA software.
George V. Hulme | 01 Apr | Read more
Let's say your organization doesn't have a formal enterprise risk management program. If you're at a big company, ERM might seem daunting because of silos, inertia and so on.
Derek Slater | 09 Sep | Read more
Cloud computing users face problems including loss of control over data, difficulties proving compliance, and additional legal risks as data moves from one legal jurisdiction to another, according to a assessement of cloud computing risks from the European Network and Information Security Agency (ENISA).
Mikael Ricknäs | 22 Nov | Read more
Somali pirates who brazenly attacked container ships in the Indian Ocean have garnered a lot of recent attention. But for companies that source products from Chinese manufacturing partners, there are even greater and longer-term business risks due to pirating attacks on companies' intellectual property and supply chains.<br/>
Thomas Wailgum | 17 Apr | Read more