Login
Search
About Us

Practical Compliance provides solutions for IT governance, risk management and compliance.

Subscribe

Compliance, Audit, Governance, Information Security and Technology Management Discussions

Wednesday
28Oct2009

Policies not effective? Maybe less is more.

Where are policies most effective? In organizations that deliver them to their users by the pound or where the policies are simple and straightforward.

Click to read more ...

Wednesday
11Feb2009

Microsoft Predicts Increasing 'Malicious Insider Attacks'

In the following article from BBC news, Microsoft points to the economic downturn as a driver for an increase in internal threats to an organization's information.

Click to read more ...

Thursday
17Jul2008

More Insider Threat Info - San Francisco Held Cyber-Hostage

Wired Magazine ran a great article in their blog section today on a recent case where a network administrator had set himself up as the top level administrator on their network and locked everyone else out.

Wired Magazine - San Francisco Held Cyber-Hostage

This article illustrates two key points that have been a common topic lately:

  • The first is that the impact of an insider threat can be extremely high
  • The second is that insider events are less frequent

The combination of these two things makes things challenging for security management teams. It makes overcoming the 'That will never happen to us' perception difficult and makes driving internal security more important.

The key is to focus on point 1. Impact. From a risk manager's viewpoint, the trade off on reducing millions of dollars of risk in comparison to adding one or two IT salaries is a good decision. As IT and security managers, we need to continue to improve on our ability to profile risk in terms of impact and business dollars.

Tuesday
15Jul2008

Information Security Standards in Brief

A question was asked in my ISACA Internal Threats was are there any standards out there for an Information Security program. In this post I'll highlight a few of the common standards and how they apply.

Click to read more ...

Wednesday
25Jun2008

Are We Over Estimating Internal Threats - Analysis of Verizon Data Breach Report

Verizon's Business Risk Team has released their 2008 Data Breach Investigations Report.In this post I will provide an overview of some of the things I found interesting and my analysis of what this information means for today's business. It is a lengthy paper, I've tried to pull out the most interesting points.

Click to read more ...