Blog Posts Tagged with "Governance"


Shadow IT: The Invisible Network

November 14, 2017 Added by:Chris Jordan

Shadow IT is the term most related to the risk associated with the threat that application awareness addresses.

Comments  (0)


GRC: Going Beyond the Acronym

March 10, 2017 Added by:Corey Wilburn

An effective GRC disciple requires a company-wide buy-in. The easier you make it for your colleagues, the easier you make it for yourself.

Comments  (0)


Five Questions Boards of Directors Need to Ask About Cloud Governance

May 01, 2013 Added by:InfosecIsland News

ISACA has issued new guidance outlining key questions for boards of directors to ask to ensure their enterprise’s cloud initiative is in line with business objectives and the organization’s risk tolerance.

Comments  (1)


The "Compliance Society"

July 23, 2012 Added by:Bob Radvanovsky

I am quickly growing weary of the fact that individuals claiming to be "cybersecurity" or "critical infrastructure" subject-matter experts (or "SMEs"), are indicating that adherence to a regulatory requirement or compliance governance means that something is "secured". Let's get one thing straight...

Comments  (5)


Two-Thirds of Management Don’t Know Where Their Data Is

June 25, 2012 Added by:Headlines

“The most disturbing findings were the number of companies that report they have no way to track what data is being stored in the cloud, no process to manage access to that data (or plans to do so), and that management doesn’t know where enterprise data is stored. This should act as a wakeup call for organizations..."

Comments  (1)


Companies Focus on Growth But Lag Behind Threats

June 20, 2012 Added by:Bob Radvanovsky

Industries that are regulated or that have to adhere to a standard feel that if they simply follow the requirements that they are secured. This is a misnomer, as adherence to a regulation, governance or compliance standard is a good start, but it does not necessarily mean that an organization is "secure"...

Comments  (0)


Congressional Witnesses Agree: Multistakeholders Right for Internet Regulation

June 15, 2012 Added by:Electronic Frontier Foundation

The threat posed by the International Telecommunication Union (ITU) is not limited to an outright "takeover" by Russia or China. ITU's vision of Internet policy-making is more like "taking control" than the transparent and bottom-up multi-stakeholder process typically associated with Internet governance...

Comments  (0)


Lies We Tell Ourselves: 5 Misconceptions Infosec Needs to Change

June 10, 2012 Added by:Rafal Los

Good security practices and principles can save your organization money in a real, measurable way, and it can contribute to making more money by getting to market faster, having more clients... so stop thinking of security as a cost center and start thinking of ways to help the business top or bottom lines...

Comments  (0)


CyLab: Utilities Rank Worst in Governance and Security

May 23, 2012 Added by:Headlines

“Of the... respondents, the energy/utilities sector had the poorest governance practices. When asked whether their organizations were undertaking six best practices for cyber governance, the... sector ranked last for four of the practices and next to last for the other two..."

Comments  (0)


Keeping Security Relevant: From Control to Governance in the Cloud

May 11, 2012 Added by:Rafal Los

When someone mentions public cloud, you quickly see the polarizing effects the topic has, generating a very negative reaction to the idea of putting anything corporate in the public cloud. What does that mean for the future of corporate information security and risk management?

Comments  (0)


Five Conversations that will Shape Your Cloud Security Model

May 03, 2012 Added by:Rafal Los

We need to move away from the control model into a governance model and acknowledge we're not going to have control over all of our risk. Any notion that you have control is a delusion. Assuming that if you control the environment you have better security is a fallacy...

Comments  (0)


Manage Risk Before it Damages You - Part One

March 20, 2012 Added by:Neira Jones

Assuming we have managed to address the infosec gap, we’re left with ensuring the security of information assets and services. Because we are all governed by material pressures, it would be unrealistic that we should embark on all encompassing programs to secure all assets..

Comments  (0)


Does DoE Know the Difference Between IT and Control Systems?

March 20, 2012 Added by:Joe Weiss

In September 2011 DOE issued the first draft of the Electricity SubSector Cybersecurity Risk Management Process document for comments. The document essentially equated IT and ICS. Doesn't DOE understand the difference between IT and Control Systems?

Comments  (0)


Security Depends on IT Maturity

March 18, 2012 Added by:Robb Reck

Signs of an organization’s security fitness in metrics like patch levels, web application vulnerabilities, and firewall configurations. But in order to see the real state of our security programs, we need to include measures that capture the state of IT governance overall...

Comments  (3)


NIST Steering Group to Support Trusted Identities in Cyberspace

March 15, 2012 Added by:Infosec Island Admin

"The committee will guide creation of an ‘Identity Ecosystem’ in which businesses and individuals can have more confidence in the security and privacy of their online transactions. The committee will also be responsible for identifying resources that will support the effort..."

Comments  (0)


CyLab Report: Corporate Boards Neglecting Cyber Security

March 13, 2012 Added by:Headlines

"Less than two-thirds of the Forbes Global 2000 companies surveyed have full-time personnel in key roles responsible for privacy and security in a manner that is consistent with internationally accepted best practices and standards..."

Comments  (0)

Page « < 1 - 2 - 3 > »