Risk Management News, Articles and Updates
Communicating with the C-suite depends in part of creating a language they understand and identifying company assets that are most important, panelists told an SC Congress Toronto audience.
Security and risk are often mentioned in the same breath, and while they can complement each other, taking a risk-based approach is essential to building a realistic and manageable IT security program.
CISOs say the best IT security programs build risk management into everything, reports Steve Zurier.
The role of the CISO is rapidly garnering a strategic voice at many organizations.
The latest version of the payment security industry's data safeguarding standard should also include mandates and guidance around risk management, penetration testing and mobile.
Services abound for business continuity and disaster recovery in the cloud, but what's the right choice for your firm? Alan Earls investigates.
IT trends - cloud, social networking and BYOD - are making the practice of security management complex, and are forcing organizations to shift to a risk-management perspective.
Video game players are used to fending off alien invaders, but the IT staff at Electronic Arts (EA) was challenged to reduce cyber risk within its own environment.
What is still missing in IT security is an understanding of how presently installed solutions might already be addressing risks.
With breaches grabbing headlines and cash funneling toward infosec budgets, the role of the security executive is shifting from tech and compliance wonk to savvy businessperson.
Yahoo presumably took no measures to ensure sensitive stuff like customer account credentials were kept safe and sound.
Security metrics remain elusive for many organizations, but key performance indicators, or KPIs, are achievable measurements that can help guide business planning and strategy.
An international confederation of security groups is calling for more cooperation, openness and transparency in government implementations of cyber security.
Risk is a multilayered function derived from threat, vulnerability and impact.
Risks exist in the e-discovery process, as sensitive information frequently moves and is stored outside a company's firewall.
Boardrooms are finally buzzing with serious discussion around cyber security as countless high-profile breaches have produced massive loss.
At a recent SC Magazine Roundtable, gov't security pros bemoaned the difficulty in obtaining resources. But instead of crying over spilled milk, they traded ideas for mitigating risk in a down economy.
Most businesses don't understand how to manage risk, yet, we live in a world full of risks, says Guidance Software's Anthony Di Bello.
John Vigoroux, CEO of security at M86, discusses the challenges facing the IT industry today at this year's RSA Conference 2012.
A panel discussion on risk management hovered around issues of balancing the scientific element of data gathering with the art of interpreting the information.
As targeted attacks scale up and become more sophisticated, expertise in risk management has become one of the most in-demand skill sets a security manager can have, reports Jim Romeo.
Security experts believe that robust risk management programs should be a pillar of business planning, says SC Magazine Editor-in-Chief Illena Armstrong.
The National Institute of Standards and Technology late last week published new guidance to help organizations develop and implement an information security continuous monitoring (ISCM) program. This initiative can help companies better provide ongoing awareness of threats and vulnerabilities, assess the effectiveness of deployed security controls and support risk management decisions, according to the 80-page guidance document. A mature ISCM program, which requires the use of both automated and manual processes, will enable companies to move from compliance-driven to data-driven risk management.
Assessing what level of risk is acceptable to one's business is key to any move to the cloud, says Siobhan Byron, president of Forsythe Technology Canada.
In a conversation with SC Magazine Executive Editor Dan Kaplan, Steve Livingston, principal of Deloitte Enterprise Risk Services, chronicles how people, processes and technology can combine to create a robust risk framework that achieves buy-in from senior management.
Despite an astonishing sequence of breaches this year, expect business executives to remain tight with their purse strings, unless security professionals can accurately convey risk.
Software buyers may soon have access to more secure offerings, thanks to a new scoring system that will allow end-users to demand more assurance.
The ability to ascertain the risk tolerance of the business gives us a benchmark to hit as opposed to just "guessing" and then getting political pushback
The risk environment is becoming more complicated as time goes on and criminals become more and more sophisticated.
SC Magazine Articles
- USAA members hit with multiple phishing attacks
- Industry pros react to Cisco, Fortinet advisories after possible Snowden NSA leak
- Trust exercise: Symantec's new website security expert is reaching out to hacker community
- Three zero-days found in iOS, Apple suggests users update their iPhone
- Two-thirds of IT security pros surveyed expect a breach to hit their company, report
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- Wendy's POS breach 'considerably' bigger than first thought
- No hacking required: Israeli researchers show how to steal data through PC components
- Don't connect your charging cell to a computer or you may get hacked!