SEARCH RESULTS
 
Showing 1-10 of 37 records
 
Expand article

Hansei and the CISO

The Article has images
2008-09-16 17:47:47 by Alex in RiskAnalys.is
...CISO-level taxonomy about what we have to reflect on. The need to reflect is driven by something Jack told me long ago The amount of risk we have is a function of the decisions we made and our ability to execute on them from some point in the past As an Aside: So Sarah if youre reading, this quote does much to explain why I said I disagree...
 
Tags: risk management requires, risk management, risk, hansei, risk register, program, manage risk, manage, adrians program diagram
 
 
 
 
Expand article

On trial - role of the CISO

2008-04-26 16:32:46 by Stuart King in Stuart King's Security and Risk Management Blog
 
...CISO working for an overbearing CIO. There was a serious point to the exercise though - those barristers were playing for real and the legal terminology was all correct. The sentences handed out to the CIO and CEO, who were found guilty under section 450 of the companies act of destroying documents, reflected what would have happened in real...
 
Tags: role, ciso, role focuses, role encompasses, impotent ciso, security, information security, mock trial, view
 
 
 
 
Expand article

House committee issues report and finds fault with TSA web site

The Article has images
2008-01-15 09:35:53 by Evan Francen in The Breach Blog
...CISO) granted the website a 12-month Authority to Operate in September 2006. The CISO did not detect a number of glaring security problems affecting the website when it went live on October 6, 2006 Evan] The TSA CISO is Patti Titus . I don't know how these security issues could have been missed The security vulnerabilities of the website...
 
Tags: tsa, website, website contract, traveler redress website, tsa moved quickly, security breach, information security breach, security vulnerabilities, multiple security vulnerabilities
 
 
 
 
Expand article

Is an incorrectly implemented security program better than a non-existent one ?

The Article has images
2008-09-03 16:02:00 by Random InfoSec Guy in Security Coin
...CISO to make sure their physical and logical controls are in place, network and applications are secured appropriately and their incident management and forensics capabilities are upto date. At this point the CISO clearly knows that he needs to create and implement a number of programs and hires a bunch of people to perform and manage a...
 
Tags: security, security program, program, security controls, change, leaders change, programs, security programs, roles change
 
 
 
 
Expand article

Myrcurial gets placed in the Leaders Quadrant - Gartner Days 1&2

The Article has images
2008-06-03 14:23:04 by Myrcurial in Liquidmatrix Security Digest
...CISO - Rated: Mediocre to Good Exhibition Floor - Rated: Good Food - Rated: Hotel Std. Bring Pepto Product Highlight - Alcatel-Lucent OmniAccess 3500 Nonstop Laptop Guardian Its a way to lojack your laptops - a device that stores your crypto keys, 2nd factor auth token, acts as your 3G WWAN, GPS enabled, has an on-board Linux which acts as...
 
Tags: security, gartner, security blogger, security conferences, security architecture, security summit, gartner analysts, food, commercial grade food
 
 
 
 
Expand article

Needed: Agency CSOs

2008-06-26 12:49:33 by rybolov in The Guerilla CISO
 
...CISO whose primary responsibility is information security But typically these CISOs do not have any authority over physical security or personnel security: in reality, they work for the CIO and only have scope over what the CIO manages: data centers, networks, servers, desktops, applications, and databases Except for one thing: were giving...
 
Tags: agency, todays government ciso, cio, ciso, cio manages, cisos, agency cso position, personnel security, responsibility
 
 
 
 
Expand article

Physicians and medics

2008-05-26 20:12:12 by JonesJ in RiskAnalys.is
 
...CISO. Would have saved me significant pain and suffering. On the other hand, if Id had Mikes P-CSO I might have become complacent and ended up believing thats all there was to being a CISO. Not that I think Mike is advocating complacency hes not. I also dont think he discounts risk analysis concepts. Hes simply focused on helping that...
 
Tags: physicians, medics, mike, mike rothman, deeper knowledge, deeper, simple approach, approach, physician
 
 
 
 
Expand article

Hansei-Kaizen & Risk Management Practices

The Article has images
2008-08-25 15:13:10 by Alex in RiskAnalys.is
...CISO-type job at a Fortune 20 this week and they are focused on a not dissimilar business management philosophy, I thought Id write a little about the subject Hansei-Kaizen is the process of relentless reflection (Hansei) and continuous improvement (Kaizen). It might be thought of as part of the Deming Plan, Do, Check, Act cycle. In fact,...
 
Tags: management, security management, security management position, information risk management, management theory, hansei, security, continuous improvement, continuous
 
 
 
 
Expand article

Links for 2008-09-11 [del.icio.us]

2008-09-12 00:00:00 by Editor in Anton Chuvakin Blog -
 
...CISO needs an MBA Yet more evidence: your CISO needs an MBA The Velocity 2008 Conference Experience - Part III - Web Admin Blog Logging should be actionable - concise, express symptoms. Anything logged is something fixable. It should be giving you less downtime - shorter time to resolution. Logging takes resources, so make it worth it. Filter...
 
Tags: security management platform, security management, management, web admin blog, conference experience, american express, ciso, concise, mba
 
 
 
 
Expand article

RSA 2007 Review

2007-02-22 17:06:10 by Editor in Endpoint Security: Translating Policy Into Reality
 
Whether you made it to or missed RSA 2007 earlier this month, this write-up by CISO Handbook Authors Mike Gentile & Ron Collette is a great snap-shot of the event