Author: Dan Lohrmann, CISO, State of Michigan

Should the Department of Defense (DoD) ban the personal use of their networks? (more…)

Author: Thomas Peltier, President, Thomas R. Peltier Associates, LLC

Not every application, business process and/or system needs to have a formal risk assessment process or a business impact analysis conducted for them. What is needed is an enterprise-wide formal methodology that allows for a “pre-screening” of applications and systems to determine needs. By using the processes learned in qualitative risk assessment your organization will be able to develop a quick pre-screening methodology that could save time and money. (more…)

Authors: Mike Gentile, Editor, CISOHandbook.com & Ron Collette, Editor, CISOHandbook.com

If we were to tell you that most security programs, in the typical organization, are struggling to define and obtain security success we are sure that you would not be terribly surprised. It is our belief that the primary reason in which our discipline, and specifically most organizational security efforts, are having difficulties is that they do not enlist the rest of the organization to assist with their efforts. (more…)