Author: Dan Lohrmann, CISO, State of Michigan

Are more and more of your workers becoming mobile and accessing the Internet via portable devices? Well security help has arrived. The National Institute of Standards (NIST) has released an excellent new publication entitled: “Guidelines on Cell Phone and PDA Security (Draft).” Read the rest of this entry »

Author: Dan Lohrmann, CISO, State of Michigan

World events are suddenly attracting more employees to telework. The headlines say it all. “Oil prices surge…” and “Gas over $4.00 a gallon…” These unprecedented gas prices now have telecommuting back on top of business agendas. Don’t panic (yet) security leaders, but you’d better dust off those mobile worker security plans. Read the rest of this entry »

Author: Thomas Peltier, President, Thomas R. Peltier Associates, LLC

Gap analysis consists of defining the present state, the desired or ‘target’ state and hence the gap between them. In the later stages of problem solving the aim is to look at ways to bridge the gap defined and this may often be accomplished by backward-chaining logical sequences of actions or intermediate states from the desired state to the present state. Read the rest of this entry »

Author: David A. Meunier, CISSP, HISP - President & CISO, Hauberk Consulting, LLC

This is the first part of a two part article outlining the benefits of a well constructed security/risk dashboard program to assist the security leader in communicating to executive management. In part one I will outline the concepts and structure in addition to providing advice, tips and lessons learned. Part two will provide detail on constructing an initial security/risk dashboard, as well as a few other communication tools. Together, both articles will explore a strategy for developing an effective security dashboard program. Read the rest of this entry »

Author: Michael J. Corby, CCP, PMP, CISSP

We learned (or maybe just heard about) Security being comprised of three main Components, Confidentiality, Integrity and Availability. Some argue that there is a fourth, Compliance, but we’ll leave that for another time. Yeah, the press latches on to the violations in confidentiality and we hear endless stories of credit card, driver’s license, social security, health and criminal records being lost or stolen. The buzz around the confidentiality violations is constant and chronic. Read the rest of this entry »

Author: J. Andrew Brinkhorst, CISM

In the best businesses, operations flow smoothly from area to area, function to function, with little or no wasted effort. Ideally, each function in the business works hand-in-hand with others, providing the smooth flow that predicates success. Today, information technology and processing is acknowledged as one of those key processes. Read the rest of this entry »

Author: David A. Meunier, CISSP, HISP, VP Information Risk Management & CISO, MasterLink Corporation

“Information Risk Management is the Holistic process of institutionalizing the identification, analysis, evaluation, mitigation, monitoring and communication of risk to achieve compliance with corporate policy, regulatory requirements and processes in accordance with the CIA Triad of Confidentiality, Availability and Integrity of information.”

That statement accurately outlines the tremendous amount of effort required to achieve risk reduction and regulatory compliance. A key success factor relies on the security leader’s ability to reduce the potential information risk his or her business faces on a daily basis. Read the rest of this entry »

Author: Dan Lohrmann, CISO, State of Michigan

The conventional wisdom is that government security culture at all levels suffers from a lack of training. But leaving the quality, timeliness and relevance of specific courses aside for a minute, is it possible that the real problem is too much training? Some say yes, but I doubt it. Read the rest of this entry »

The Security Executive Council (SEC), an international membership organization for public- and private-sector security executives, and ASIS International, the preeminent society for security management professionals, have formed a partnership to provide leadership tools and solutions to benefit members of both organizations and the security industry. ASIS will offer the SEC’s innovative leadership materials—including books, presentations and research reports—in the ASIS bookstore. Read the rest of this entry »

Author: Dan Lohrmann, CISO, State of Michigan

Should the Department of Defense (DoD) ban the personal use of their networks? Read the rest of this entry »