Risk Management | SC Media

Risk Management

Union Pacific tracks cyber risk via its own probability modeling methodology

Rick Holmes, assistant VP and CISO at Union Pacific Railroad, detailed at InfoSec World 2020 how the transportation giant incorporates cybersecurity risk into its larger enterprise risk management process in order to help senior executives estimate losses caused by potential cyber incidents and make better decisions on where to invest in defenses. “We think that…

Party City celebrates IT risk assessment program; reveals keys to success

At InfoSec World 2020 on Tuesday, a pair of risk officers from Party City offered an inside glimpse into how the $2.1 billion specialty retailer pulled off its first-ever top-down enterprise-wide IT risk assessment. Among the chief success factors they cited were: executive buy-in, the collaboration of skilled partners, assuring adequate resources, well-planned project scoping,…

Buyer beware, risk ahead

Considering a company’s cybersecurity posture should be partof M&A due diligence, but often it isn’t. Doug Olenick explainswhy that must change. Most home buyers wouldn’t think of paying top dollar for a house, no matter how beautifully designed without considering whether it sits in a crime-ridden neighborhood. Yet, venture capitalists and corporate boards, with all…


The staying power in resiliency

The concept of resiliency – whether we’re talking cybersecurity strategies, job markets or individuals – is particularly resonant these days. True, the resiliency of whole nations and their citizens has been tested in the past. During the years of World War II, our great grandparents and maybe even some of our parents saw days of…

Why Your Risk Management Practice Shouldn’t be On-Trend

The security community often gets caught up in the latest and greatest tools and technologies, using those trends as a way to garner attention for the security program. But this strategy can backfire when it comes to real risk management and how seriously security is taken.

Next post in InfoSec Insider