SEARCH RESULTS
 
Showing 1-10 of 15 records
 
Expand article

One Mans Frustrations With Risk Management

2008-09-23 18:05:20 by Alex in RiskAnalys.is
 
...Risk Management And in short, its everything. It pretty much sums up why I had to grow to re-evaluate how our industry does risk, risk management, approaches controls & vulnerability and find a new way. A couple of things jump out at me in reading Chris article 1.) Just because that Deming cycle sucks and is full of unknowns doesnt mean risk...
 
Tags: risk management, risk management methodologies, risk management approaches, risk, risk management methodology, risk management models, risk professionals focus, risk analysis, specific
 
 
 
 
Expand article

Potpurri: Ponemon, Payment Professionals, Perimeters, & Pete Lindstrom

2009-02-04 18:24:15 by Alex in RiskAnalys.is
 
...risk managers need visibility into (Loss Magnitude, Threat, Controls, & Assets) - professional associations can really add value in that there are informative similarities that can be shared when professionals are able to really establish trust relationships. Let me encourage those of you with PCI concerns to look into The Society of Payment...
 
Tags: professionals, payment security professionals, professional associations, todays blog post, post, strategic, pete lindstrom, strategic metrics sources, trust
 
 
 
 
Expand article

And the results are in... The Forrester Enterprise GRC Platform Wave 2009

The Article has images
2009-07-02 18:20:59 by Chris McClean in The Forrester Blog For Security & Risk Professionals
...Risk, And Compliance Platforms, Q3 2009 The evaluation speaks for itself. Forrester goes through great pains to assure a fair, detailed process that looks into the strengths and weaknesses customers care about most and this Wave is no exception. But considering the amount of time and effort we spent putting this report together, I wanted to...
 
Tags: wave, research, wave research, grc, wave criteria, wave model, wave graphics, grc landscape, users
 
 
 
 
Expand article

A BRIEF ARGUMENT FOR PCI DSS (OR ALEXS 5SS FOR LEAN INFORMATION SECURITY MANAGEMENT)

2009-01-27 13:56:44 by Alex in RiskAnalys.is
 
...Risk to Organizational Risk Tolerance Create operational efficiencies Regular readers will note that #1 there used to be Reduce Risk but theres such a thing as too much risk reduction, so Jacks updating it. I like the update, it sounds more like aligning security to business objectives-y Now when most people think about PCI, they think about...
 
Tags: pci, pci dss, security, information security, 5ss, alexs 5ss, risk, organizational risk tolerance, align risk
 
 
 
 
Expand article

Granted, the regulatory environment is changing. How will this affect us?

The Article has images
2009-06-26 08:31:40 by Chris McClean in The Forrester Blog For Security & Risk Professionals
...risk and compliance professionals are waiting with nervous anticipation New legislation continues to pass at a fast clip in the US under the new administration, however we have only seen pieces of what we can expect will be significant changes to the regulatory controls mandated for many aspects of corporate operations Some of the most...
 
Tags: risk, risk information, risk management practices, risk models, risk committee, department, public companies, financial regulations, regulations
 
 
 
 
Expand article

Appropriate funding

2008-05-13 12:24:49 by JonesJ in RiskAnalys.is
 
...risk, but Ill return to part two of that series next week One of the arguments Ive heard folks use to dismiss the notion of a risk-based approach to security is that its been tried and failed. The argument goes on to claim that it isnt possible to get appropriate funding for security because management just doesnt get it. And, while I agree...
 
Tags: risk, risk information, risk tolerance, risk-domains management, management, business considerations management, business, business objectives, business issues
 
 
 
 
Expand article

The 100th post: Philosophy feeding action

2009-03-30 19:02:00 by Russ McRee in HolisticInfoSec.org
 
...risk. These are entirely viable perspectives, but the practice of threat modeling your infrastructure must precede these considerations To that end, the IT Infrastructure Threat Modeling Guide is designed to help IT professionals accomplish the following Identify threats that could affect their organizations IT infrastructures Discover and...
 
Tags: threat, infrastructure threat, infrastructure, infrastructure components, significant, practical threat analysis, significant threats, guide takes, guide
 
 
 
 
Expand article

What can CISOs learn from the Societe Generale debacle

2008-02-19 09:17:17 by Khalid Kark in Security & Risk Management
 
...risk by informing users of their responsibilities to follow policies and to report suspicious activity. Sadly, this is one area that many organizations ignore. I would be very surprised if there werent tell-tale signs of suspicious activity during this episode that a properly trained employee would have been able to spot Consistent monitoring...
 
Tags: security, formal security strategy, societe generale, security technology, external security challenges, implement security, access, security products, access users
 
 
 
 
Expand article

Is security really a business enabler?

2008-05-01 08:00:00 by Stuart King in Stuart King's Security and Risk Management Blog
 
...risk. That is not the same thing: it's cost, expense, and time and we only do it because we have to. What was interesting was the vociferous counter-argument, especially from those present from the financial services industry who made the point that many of their services would not be publicly acceptable nor acceptable to their regulators...
 
Tags: security, business, security professionals, metrics, meaningful security metrics, solid built-in security, financial services industry, business buy-in, services