Risk Management

A seat earned at the Round Table

A seat earned at the Round Table

By

The role of the CISO is rapidly garnering a strategic voice at many organizations.

PCI DSS 3.0 is a start, but more changes are needed

PCI DSS 3.0 is a start, but more changes are needed

The latest version of the payment security industry's data safeguarding standard should also include mandates and guidance around risk management, penetration testing and mobile.

Out of site: Risk preparedness

Out of site: Risk preparedness

By

Services abound for business continuity and disaster recovery in the cloud, but what's the right choice for your firm? Alan Earls investigates.

New risks must be valued

New risks must be valued

IT trends - cloud, social networking and BYOD - are making the practice of security management complex, and are forcing organizations to shift to a risk-management perspective.

Game on: Case study with Electronic Arts and Allgress

Game on: Case study with Electronic Arts and Allgress

By

Video game players are used to fending off alien invaders, but the IT staff at Electronic Arts (EA) was challenged to reduce cyber risk within its own environment.

Risk management and analysis: The need for countermeasure awareness

Risk management and analysis: The need for countermeasure awareness

What is still missing in IT security is an understanding of how presently installed solutions might already be addressing risks.

Technology to strategy: Today's CISO

Technology to strategy: Today's CISO

By

With breaches grabbing headlines and cash funneling toward infosec budgets, the role of the security executive is shifting from tech and compliance wonk to savvy businessperson.

Staying out of the headlines

Staying out of the headlines

By

Yahoo presumably took no measures to ensure sensitive stuff like customer account credentials were kept safe and sound.

Measuring success: Performance metrics

Measuring success: Performance metrics

By

Security metrics remain elusive for many organizations, but key performance indicators, or KPIs, are achievable measurements that can help guide business planning and strategy.

Adding second-tier analysis to harness Big Data

Adding second-tier analysis to harness Big Data

The challenge that Big Data presents is trying to align disparate analytical islands. The answer comes in pulling all the pieces together.

Alliance of IT security groups issues cyber principles for government

By

An international confederation of security groups is calling for more cooperation, openness and transparency in government implementations of cyber security.

Managing policy and risk requires sophisticated tools

Managing policy and risk requires sophisticated tools

By

Risk is a multilayered function derived from threat, vulnerability and impact.

Targeted attacks cost companies an average of $200k

By

A recent survey indicates that successful targeted attacks end up costing companies more than $200,000.

Report says cyber security still takes a backseat for major companies

By

A recent study finds that major enterprises have yet to catch on to the importance of cyber security.

The new e-discovery playing field

The new e-discovery playing field

Risks exist in the e-discovery process, as sensitive information frequently moves and is stored outside a company's firewall.

Attention executives: Make sense of security (finally)

Attention executives: Make sense of security (finally)

Boardrooms are finally buzzing with serious discussion around cyber security as countless high-profile breaches have produced massive loss.

Tightening the fed's belt: Government Roundtable

Tightening the fed's belt: Government Roundtable

By

At a recent SC Magazine Roundtable, gov't security pros bemoaned the difficulty in obtaining resources. But instead of crying over spilled milk, they traded ideas for mitigating risk in a down economy.

GAO calls on feds to better address supply chain risk

GAO calls on feds to better address supply chain risk

By

The GAO, which performs audits, evaluations and investigations on behalf of Congress, examined four agencies whose duties involve national security: the Energy, Homeland Security, Justice and Defense departments.

Making risk management more manageable

Making risk management more manageable

Most businesses don't understand how to manage risk, yet, we live in a world full of risks, says Guidance Software's Anthony Di Bello.

Sponsored Video: John Vigoroux of M86 on security industry issues

John Vigoroux, CEO of security at M86, discusses the challenges facing the IT industry today at this year's RSA Conference 2012.

RSA Conference 2012: Risk management in the enterprise faces challenges

By

A panel discussion on risk management hovered around issues of balancing the scientific element of data gathering with the art of interpreting the information.

Security risk management: Engage, monitor and mitigate

Security risk management: Engage, monitor and mitigate

By

As targeted attacks scale up and become more sophisticated, expertise in risk management has become one of the most in-demand skill sets a security manager can have, reports Jim Romeo.

Health care must respond to shortfalls

Health care must respond to shortfalls

By

Security experts believe that robust risk management programs should be a pillar of business planning, says SC Magazine Editor-in-Chief Illena Armstrong.

NIST releases continuous monitoring guidance

By

The National Institute of Standards and Technology late last week published new guidance to help organizations develop and implement an information security continuous monitoring (ISCM) program. This initiative can help companies better provide ongoing awareness of threats and vulnerabilities, assess the effectiveness of deployed security controls and support risk management decisions, according to the 80-page guidance document. A mature ISCM program, which requires the use of both automated and manual processes, will enable companies to move from compliance-driven to data-driven risk management.

Cloud: A risk/reward proposition

Cloud: A risk/reward proposition

Assessing what level of risk is acceptable to one's business is key to any move to the cloud, says Siobhan Byron, president of Forsythe Technology Canada.

Sponsored video: Steve Livingston of Deloitte on risk

By

In a conversation with SC Magazine Executive Editor Dan Kaplan, Steve Livingston, principal of Deloitte Enterprise Risk Services, chronicles how people, processes and technology can combine to create a robust risk framework that achieves buy-in from senior management.

The case for articulating security risk in a down economy

The case for articulating security risk in a down economy

Despite an astonishing sequence of breaches this year, expect business executives to remain tight with their purse strings, unless security professionals can accurately convey risk.

DHS unveils new programs for software security

By

Software buyers may soon have access to more secure offerings, thanks to a new scoring system that will allow end-users to demand more assurance.

A new era for risk management

A new era for risk management

The ability to ascertain the risk tolerance of the business gives us a benchmark to hit as opposed to just "guessing" and then getting political pushback

Managing becomes more complex

Managing becomes more complex

By

The risk environment is becoming more complicated as time goes on and criminals become more and more sophisticated.

Sign up to our newsletters

POLL