Author: Michael J. Corby, PMP, CCP, CISSP, Consulting Director, M Corby & Associates, Inc.

Good security is a good thing. Meeting compliance expectations is also a good thing. Does that mean that establishing good security and meeting compliance requirements are essentially the same? (more…)

Author: Jim Reavis, President, Reavis Consulting Group; Editor, Risk Bloggers: Security Wisdom Ahead of the Curve www.riskbloggers.com

The people who own corporate information security programs have spent the last few years playing a game of regulatory catch up, while for the most part spinning their wheels when it comes to implementing new and actually useful concepts to mitigate evolving threats and justifying their existence. (more…)

Author: Thomas R. Peltier, President, Thomas R. Peltier Associates, LLC

Risk Management is a process that provides management with the balance of meeting business objectives or missions and the need to cost-effectively protect the assets of the organization. In this period of increased external scrutiny due to the myriad recent legislation requirements, risk management provides management with the ability to actively demonstrate due diligence and how they are meeting the fiduciary duty. (more…)

Authors: Mike Gentile, CISSP, Co-Founder, CISOHandbook.com/Traxx Consulting Services; Ron Collette, CISSP, Co-Founder, CISOHandbook.com/Traxx Consulting Services; Justin Seely, Writer, CISOHandbook.com

For many organizations that process credit card transactions, compliance with the standards set forth by the Payment Card Industry (PCI) has been a large component of their security program project agenda. Thousands of security professionals are scurrying to implement the list of controls that are required, which to the credit of the authors of the standard are fairly defined and clear. (more…)

Author: Justin Peltier, Senior Security Consultant, Peltier Associates

It may be tempting to write off the possibility of cyber attack, claiming your business is not important enough to be targeted, or that you have nothing to lose by an attack. Yet every day there are reports of costly, security-related incidents that could be prevented by a simple review of network security. (more…)