Author: Michael J. Corby, CCP, PMP, CISSP

We learned (or maybe just heard about) Security being comprised of three main Components, Confidentiality, Integrity and Availability. Some argue that there is a fourth, Compliance, but we’ll leave that for another time. Yeah, the press latches on to the violations in confidentiality and we hear endless stories of credit card, driver’s license, social security, health and criminal records being lost or stolen. The buzz around the confidentiality violations is constant and chronic. Read the rest of this entry »

Author: J. Andrew Brinkhorst, CISM

In the best businesses, operations flow smoothly from area to area, function to function, with little or no wasted effort. Ideally, each function in the business works hand-in-hand with others, providing the smooth flow that predicates success. Today, information technology and processing is acknowledged as one of those key processes. Read the rest of this entry »

Author: David A. Meunier, CISSP, HISP, VP Information Risk Management & CISO, MasterLink Corporation

“Information Risk Management is the Holistic process of institutionalizing the identification, analysis, evaluation, mitigation, monitoring and communication of risk to achieve compliance with corporate policy, regulatory requirements and processes in accordance with the CIA Triad of Confidentiality, Availability and Integrity of information.”

That statement accurately outlines the tremendous amount of effort required to achieve risk reduction and regulatory compliance. A key success factor relies on the security leader’s ability to reduce the potential information risk his or her business faces on a daily basis. Read the rest of this entry »

Author: Dan Lohrmann, CISO, State of Michigan

The conventional wisdom is that government security culture at all levels suffers from a lack of training. But leaving the quality, timeliness and relevance of specific courses aside for a minute, is it possible that the real problem is too much training? Some say yes, but I doubt it. Read the rest of this entry »

The Security Executive Council (SEC), an international membership organization for public- and private-sector security executives, and ASIS International, the preeminent society for security management professionals, have formed a partnership to provide leadership tools and solutions to benefit members of both organizations and the security industry. ASIS will offer the SEC’s innovative leadership materials—including books, presentations and research reports—in the ASIS bookstore. Read the rest of this entry »

Author: Dan Lohrmann, CISO, State of Michigan

Should the Department of Defense (DoD) ban the personal use of their networks? Read the rest of this entry »

Author: Thomas Peltier, President, Thomas R. Peltier Associates, LLC

Not every application, business process and/or system needs to have a formal risk assessment process or a business impact analysis conducted for them. What is needed is an enterprise-wide formal methodology that allows for a “pre-screening” of applications and systems to determine needs. By using the processes learned in qualitative risk assessment your organization will be able to develop a quick pre-screening methodology that could save time and money. Read the rest of this entry »

Authors: Mike Gentile, Editor, CISOHandbook.com & Ron Collette, Editor, CISOHandbook.com

If we were to tell you that most security programs, in the typical organization, are struggling to define and obtain security success we are sure that you would not be terribly surprised. It is our belief that the primary reason in which our discipline, and specifically most organizational security efforts, are having difficulties is that they do not enlist the rest of the organization to assist with their efforts. Read the rest of this entry »

Author: Dan Lohrmann, CISO, State of Michigan

Security predictions for 2008 are rolling in. Here’s a summary of what’s being said in cyberspace as well as a few of my own thoughts on 2008. Read the rest of this entry »

Author: Jim Reavis, President, Reavis Consulting Group; Editor, Risk Bloggers www.riskbloggers.com

Read Jim Reavis’ spin on some security topics and possible headlines for 2008.

I would like to wish all security practitioners a happy holiday season and my hopes for a prosperous new year. Let me share some random wishes I have for headlines I would like to see in the coming year:

- That the Russian Business Network will find fewer safe places to operate on the Internet and that supporting governments will see some negative consequences for their complicity. Read the rest of this entry »