Blog Posts Tagged with "Governance"

3013a8d01542d3101f0a905ab013f00a

Shadow IT: The Invisible Network

November 14, 2017 Added by:Chris Jordan

Shadow IT is the term most related to the risk associated with the threat that application awareness addresses.

Comments  (0)

D39e8a0d81c2a146f879631550fb065b

GRC: Going Beyond the Acronym

March 10, 2017 Added by:Corey Wilburn

An effective GRC disciple requires a company-wide buy-in. The easier you make it for your colleagues, the easier you make it for yourself.

Comments  (0)

Ffc4103a877b409fd8d6da8f854f617e

Five Questions Boards of Directors Need to Ask About Cloud Governance

May 01, 2013 Added by:InfosecIsland News

ISACA has issued new guidance outlining key questions for boards of directors to ask to ensure their enterprise’s cloud initiative is in line with business objectives and the organization’s risk tolerance.

Comments  (1)

5cbe1364caf51f95cac6484a832d66d0

The "Compliance Society"

July 23, 2012 Added by:Bob Radvanovsky

I am quickly growing weary of the fact that individuals claiming to be "cybersecurity" or "critical infrastructure" subject-matter experts (or "SMEs"), are indicating that adherence to a regulatory requirement or compliance governance means that something is "secured". Let's get one thing straight...

Comments  (5)

69dafe8b58066478aea48f3d0f384820

Two-Thirds of Management Don’t Know Where Their Data Is

June 25, 2012 Added by:Headlines

“The most disturbing findings were the number of companies that report they have no way to track what data is being stored in the cloud, no process to manage access to that data (or plans to do so), and that management doesn’t know where enterprise data is stored. This should act as a wakeup call for organizations..."

Comments  (1)

5cbe1364caf51f95cac6484a832d66d0

Companies Focus on Growth But Lag Behind Threats

June 20, 2012 Added by:Bob Radvanovsky

Industries that are regulated or that have to adhere to a standard feel that if they simply follow the requirements that they are secured. This is a misnomer, as adherence to a regulation, governance or compliance standard is a good start, but it does not necessarily mean that an organization is "secure"...

Comments  (0)

7ddc1f3000a13e4dfec28074e9e7b658

Congressional Witnesses Agree: Multistakeholders Right for Internet Regulation

June 15, 2012 Added by:Electronic Frontier Foundation

The threat posed by the International Telecommunication Union (ITU) is not limited to an outright "takeover" by Russia or China. ITU's vision of Internet policy-making is more like "taking control" than the transparent and bottom-up multi-stakeholder process typically associated with Internet governance...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Lies We Tell Ourselves: 5 Misconceptions Infosec Needs to Change

June 10, 2012 Added by:Rafal Los

Good security practices and principles can save your organization money in a real, measurable way, and it can contribute to making more money by getting to market faster, having more clients... so stop thinking of security as a cost center and start thinking of ways to help the business top or bottom lines...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

CyLab: Utilities Rank Worst in Governance and Security

May 23, 2012 Added by:Headlines

“Of the... respondents, the energy/utilities sector had the poorest governance practices. When asked whether their organizations were undertaking six best practices for cyber governance, the... sector ranked last for four of the practices and next to last for the other two..."

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Keeping Security Relevant: From Control to Governance in the Cloud

May 11, 2012 Added by:Rafal Los

When someone mentions public cloud, you quickly see the polarizing effects the topic has, generating a very negative reaction to the idea of putting anything corporate in the public cloud. What does that mean for the future of corporate information security and risk management?

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Five Conversations that will Shape Your Cloud Security Model

May 03, 2012 Added by:Rafal Los

We need to move away from the control model into a governance model and acknowledge we're not going to have control over all of our risk. Any notion that you have control is a delusion. Assuming that if you control the environment you have better security is a fallacy...

Comments  (0)

9f19bdb2d175ba86949c352b0cb85572

Manage Risk Before it Damages You - Part One

March 20, 2012 Added by:Neira Jones

Assuming we have managed to address the infosec gap, we’re left with ensuring the security of information assets and services. Because we are all governed by material pressures, it would be unrealistic that we should embark on all encompassing programs to secure all assets..

Comments  (0)

201d6e4b7cd0350a1a9ef6e856e28341

Does DoE Know the Difference Between IT and Control Systems?

March 20, 2012 Added by:Joe Weiss

In September 2011 DOE issued the first draft of the Electricity SubSector Cybersecurity Risk Management Process document for comments. The document essentially equated IT and ICS. Doesn't DOE understand the difference between IT and Control Systems?

Comments  (0)

C787d4daae33f0e155e00c614f07b0ee

Security Depends on IT Maturity

March 18, 2012 Added by:Robb Reck

Signs of an organization’s security fitness in metrics like patch levels, web application vulnerabilities, and firewall configurations. But in order to see the real state of our security programs, we need to include measures that capture the state of IT governance overall...

Comments  (3)

7fef78c47060974e0b8392e305f0daf0

NIST Steering Group to Support Trusted Identities in Cyberspace

March 15, 2012 Added by:Infosec Island Admin

"The committee will guide creation of an ‘Identity Ecosystem’ in which businesses and individuals can have more confidence in the security and privacy of their online transactions. The committee will also be responsible for identifying resources that will support the effort..."

Comments  (0)

69dafe8b58066478aea48f3d0f384820

CyLab Report: Corporate Boards Neglecting Cyber Security

March 13, 2012 Added by:Headlines

"Less than two-thirds of the Forbes Global 2000 companies surveyed have full-time personnel in key roles responsible for privacy and security in a manner that is consistent with internationally accepted best practices and standards..."

Comments  (0)

Page « < 1 - 2 - 3 > »