Blog Posts Tagged with "Enterprise Risk Management"


Manage Risk Before it Damages You - Part One

March 20, 2012 Added by:Neira Jones

Assuming we have managed to address the infosec gap, we’re left with ensuring the security of information assets and services. Because we are all governed by material pressures, it would be unrealistic that we should embark on all encompassing programs to secure all assets..

Comments  (0)


On Effective Risk Handling

March 08, 2012 Added by:Michele Westergaard

An effective risk management process allows for decision making by management with the best likelihood of achieving the desired results. It is not meant to create a brick wall for management to operate within, but more of recommended parameter within which to operate...

Comments  (0)


Cyber Insurance: Efficient Way to Manage Risk in the Cloud?

February 27, 2012 Added by:David Navetta

While customers may enjoy some short term cost-benefits by going into the Cloud, they may be retaining more risk then they want - especially where Cloud providers refuse to accept that risk contractually). Cyber insurance may be a solution to help solve the problem...

Comments  (0)


A Checklist for a Move to the Cloud

February 26, 2012 Added by:Ben Kepes

There’s s flip side to technology democratization in that the high level of accessibility also means that it’s very easy for organizations to set themselves up as vendors – sometimes without the necessary level of professionalism that would be optimal...

Comments  (0)


Time for a Change in our Attitude Around Risk

February 05, 2012 Added by:Norman Marks

When is the last time you saw an audit report that said management had too many controls or was not taking sufficient risk? When did you last hear a risk officer urging planners to move into a new market more quickly? The same thing applies to information security personnel...

Comments  (2)


On Enterprise-Wide Risk Management

January 23, 2012 Added by:Michele Westergaard

Certain tasks can be defined via policy as needed but are really the small part of the role. An overarching role is to understand the key issues facing the organization, creatively challenge business processes by asking what can go wrong, then working to plug the potential holes...

Comments  (0)


Ten Steps to Protect Your Organization's Data

January 13, 2012 Added by:Danny Lieberman

Despite claims that protecting data assets is strategic to an enterprise, and IT governance talk about business alignment and adding value – my experience is that most organizations will not do anything until they’ve had a fraud or data security event...

Comments  (0)


How to Assess the Effectiveness of Internal Control

January 11, 2012 Added by:Norman Marks

“When a principle is deemed not to be present or functioning, an internal control deficiency exists. Management applies judgment in evaluating whether a deficiency prevents the entity from concluding that a component of internal control is present and functioning..."

Comments  (1)


Risk Management – More Than Just Risk Assessment

December 22, 2011 Added by:Thomas Fox

Risk management must be linked to the organization’s purpose and goals. Your company must to be disciplined. It cannot simply develop a risk assessment and then not use it to look at risk generally. As important as systems are, they must be practical, and linked to what your company does...

Comments  (0)


Transparency in Cloud Services from the Security Perspective

December 16, 2011 Added by:Rafal Los

There is an operational perspective in terms of provider transparency. We are now starting to see cases where a SaaS service offering is built on top of a PaaS service, built using multiple IaaS services and that is enough to make anyone's head spin...

Comments  (0)


Webinar: How to Minimize the Risks of a Data Breach

October 21, 2011 Added by:Kanguru Solutions

Kanguru Solutions has teamed up with Cyber Data Risk Managers LLC to host a FREE webinar on cyber security and infosec entitled “How to Minimize the Risks of a Data Breach/Cyber Attack.” This free webinar will discuss data security, privacy and measures to take in the event of a data breach...

Comments  (0)


Security Trends: Which to Avoid and Which to Embrace

September 30, 2011 Added by:Ken Stasiak

With Enterprise Risk Management (ERM) comes a comprehensive risk assessment equation and process. Defining one process that can be used and incorporated into the entire organization will allow for conformity, efficiency, and effective alignment between departments...

Comments  (0)


Compliance Champions: People Solving Problems

September 20, 2011 Added by:Thomas Fox

One of the goals of such a Compliance Champion program is to train employees to be your first line of compliance people on the ground, both to respond to routine queries and to alert the Legal/Compliance Department if a problem needs to be escalated...

Comments  (0)


CIOs Should Earn More Money and Respect

July 22, 2011 Added by:Bill Gerneglia

A few years ago when a CIOs responsibilities consisted of running the IT shop efficiently, it was difficult to make the case that they belonged in the top managerial tier or deserved a seat at the executive conference table. That was then. Today CIOs’ responsibilities have grown significantly...

Comments  (0)


Fostering Compliance Across Your Company

July 20, 2011 Added by:Thomas Fox

Without the support of top management, a compliance program is doomed to failure. This also means that the goals of compliance need to be incorporated into overall leadership goals. If goals are simply performance based, employees will understand that is what the company values...

Comments  (0)


The New CompTIA CASP Certification

July 01, 2011 Added by:Michael Gregg

The CompTIA Advanced Security Practitioner (CASP) is an advanced enterprise level cert for those with 10+ years IT experience and at least five years in security. While there are many entry-level certifications, CASP will be the enterprise-level advanced security certification...

Comments  (0)

Page « < 1 - 2 - 3 > »