Wednesday, October 28, 2009 at 09:23AM Where are policies most effective? In organizations that deliver them to their users by the pound or where the policies are simple and straightforward.
Wednesday, February 11, 2009 at 08:08AM In the following article from BBC news, Microsoft points to the economic downturn as a driver for an increase in internal threats to an organization's information.
Thursday, July 17, 2008 at 09:25AM Wired Magazine ran a great article in their blog section today on a recent case where a network administrator had set himself up as the top level administrator on their network and locked everyone else out.
Wired Magazine - San Francisco Held Cyber-Hostage
This article illustrates two key points that have been a common topic lately:
The combination of these two things makes things challenging for security management teams. It makes overcoming the 'That will never happen to us' perception difficult and makes driving internal security more important.
The key is to focus on point 1. Impact. From a risk manager's viewpoint, the trade off on reducing millions of dollars of risk in comparison to adding one or two IT salaries is a good decision. As IT and security managers, we need to continue to improve on our ability to profile risk in terms of impact and business dollars.
Tuesday, July 15, 2008 at 02:26PM A question was asked in my ISACA Internal Threats was are there any standards out there for an Information Security program. In this post I'll highlight a few of the common standards and how they apply.
Wednesday, June 25, 2008 at 08:28AM Verizon's Business Risk Team has released their 2008 Data Breach Investigations Report.In this post I will provide an overview of some of the things I found interesting and my analysis of what this information means for today's business. It is a lengthy paper, I've tried to pull out the most interesting points.