SEARCH RESULTS
 
Showing 1-10 of 605 records
 
Expand article

Moving Towards A Mature Security Organization Using A Measured Approach to Risk Management

2008-12-22 18:09:29 by Alex in RiskAnalys.is
 
...organizations representative contributed to the discussion with much the same condescension as their CISO. So imagine my surprise when it became knowledge that this wonderful metrics program apparently was built on the foundation of vulnerability scanner results, and not even a useful interpretation or translation of those results, just the...
 
Tags: mature, management, mature irm programs, irm, irm theory, irm program quality, irm managers, information risk management, risk
 
 
 
 
Expand article

Poll: Who looks at logs in your organization?

2007-12-19 12:51:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
Here is my next poll about logs : Who looks at logs at your organization Vote here Also, my past polls and analysis are here About me: http://www.chuvakin.org
 
Tags: logs, poll, past polls, organization, org, vote, analysis, chuvakin
 
 
 
 
Expand article

The wrong kind of empowerment reduces security and puts the organization at risk

2008-01-28 01:35:20 by Scott in Scott Wright's Security Views
 
Two really good examples of why you should not ingnore insider threats popped up this week in Florida (click HERE) and in France (click HERE). When an employee feels threatened by the organization or their management, you have to expect that they will at least consider using whatever leverage they have at their disposal. So, its
 
Tags: ingnore insider threats, click, employee feels, organization, week, france, florida, disposal, leverage
 
 
 
 
Expand article

Another Old Presentation: What Every Organization Must Log and Monitor

2008-05-15 15:11:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
Finally, I decide to "liberate" this presentation as well: "What Every Organization Must Log and Monitor" circa 2004 This is still very useful and relevant; also, many people will appreciate my attempt to do the impossible i.e. give a simple answer to a very complex question (BTW, it rarely works So View | Upload your own About me:...
 
Tags: monitor, log, organization, presentation, simple answer, complex question, circa, rarely, relevant
 
 
 
 
Expand article

Oldham Primary Care Trust NHS loses two data sticks

The Article has images
2008-01-11 17:15:40 by Evan Francen in The Breach Blog
...Organization Oldham Primary Care Trust NHS (PCT Contractor/Consultant/Branch None Victims PCT "clients Number Affected 148 Types of Data The information lost related to copies of assessments about future healthcare needs held in a secure central file. It included peoples names, addresses and dates of birth I'm not sure if this means that...
 
Tags: information, information lost, personal information, financial information, medical information, information security, data, freephone information line, data sticks
 
 
 
 
Expand article

Is Risk Management a People Problem?

2008-03-10 15:45:47 by Alex in RiskAnalys.is
 
...organizations can become more effective. Weve been thinking very hard about metrics and measurement and governance and compliance and assurance and so on and so forth. And one thing hit me funny today within that context, its the mention of the axiom Security is a People Problem In his article, What can CISOs learn from the Societe Generale...
 
Tags: risk management, risk, people, risk management issue, impacts people, security, security technology, risk tolerance, people lessons
 
 
 
 
Expand article

The opt-out from hell

2008-09-16 19:22:03 by Steve Riley in Steve Riley on Security
 
...Organization-PRD: pp.techtargetmail.com Received-SPF: Pass (SVC-EXGWY-E801.partners.extranet.microsoft.com: domain of Avaya@pp.techtargetmail.com designates 65.211.80.227 as permitted sender receiver=SVC-EXGWY-E801.partners.extranet.microsoft.com client-ip=65.211.80.227; helo=mail139-wa4-R.bigfish.com X-MS-Exchange-Organization-PCL: 2...
 
Tags: smtp server, server, smtp, x-spam-tcs-scl, spam, future avaya spam, email, microsoft smtp server, avaya
 
 
 
 
Expand article

Who should do your security audits? Or, how do you organize the security department?

2008-02-07 22:25:32 by Steve Riley in Steve Riley on Security
 
...organization's security architecture, creates policies and procedures, and ultimately takes responsibility for stewarding the integrity of the organization's information assets. The security alignment group spends time understanding the needs and drivers of the various business units, and advocates the business units' positions in meetings...
 
Tags: information, information assets, information security, alignment folk, security alignment folk, information security department, alignment, security department, security
 
 
 
 
Expand article

What can CISOs learn from the Societe Generale debacle

2008-02-19 09:17:17 by Khalid Kark in Security & Risk Management
 
...organization to ensure that it is implemented and gives the organization a false sense of security Everyone is not after the money. One perpetuating myth about hackers is that they are all after financial gain. This may or may not be true. In Societe Generales case French prosecutors announced that they'll pursue four charges, including...
 
Tags: security, formal security strategy, societe generale, security technology, external security challenges, implement security, access, security products, access users