risk management

Security looks at operational risk, but most big companies have officers called risk managers who actually buy insurance policies for the company. What's on their minds? If you run a security operation, you should know, because your work and their work are intertwined.

Data breaches shake confidence in the cloud, blaming it for security gaps between new technology, old security policies and a human tendency toward trust. Fix that and you're golden.

Skype's outage is apparently due to corruption in client-side files -- much different from the cause of outages at Amazon and Azure. The reason doesn't matter; the contingency plan does.

The rewards of cloud computing can be tremendous if the risks are well managed. E-Com Canada's Sri Prakash discusses how best to manage the risk when planning to move assets to the cloud.

CSOs and CISOs may feel more pressure from a new breed of security professional - the chief information risk officer - now that the federal government has made risk management mandatory and spelled out in a new document just how risk ought to be assessed and dealt with.

As enterprises approach a high level of maturity in their IT governance, risk and compliance (GRC) programs, they face a conundrum: How can they effectively implement and manage policies and their supporting controls to maintain a strong risk posture? To add to the difficulty, the environments they manage are often widely distributed and subject to multiple regulatory requirements and internal audit requirements, and must adapt to changing business needs. GRC tools are designed to help.

Although most speak about increased attention to enterprise risk management (ERM) at Board levels, few firms appear to have the organizational prowess and human fortitude to put in place the policies, technologies, and processes to prove out the promise of ERM.

You've probably heard the phrase, "Failure is the key to success." But are security professionals really learning from their mistakes? As identity theft and online risks keep growing, is our industry rising to the challenge or repeating the miscues of the past? While security technology is improving, the bad guys also have access to better tools. So are the good guys working smarter?

Aiming to expand its business analytics capabilities to support compliance and risk management processes, IBM today announced it is purchasing Waltham, MA-based software vendor OpenPages. Terms of the deal for the privately held company were not disclosed. Naturally, the acquisition is contingent upon regulatory approval.

When Bill Badertscher arrived at Georgetown University three years ago, campuswide security was handled in several departments with little coordination among teams. It was time for a change. Badertscher is Georgetown's senior engineer for facility and safety control systems and leader of a new IT team that focuses on the same areas. The goal is to address enterprise risk management (ERM) by redefining it to include nontraditional systems. Understanding that security is mission-critical has led the University Safety and Information Services departments to work together in unprecedented ways.

What does the term 'corporate security' really mean? And how important is it to a company's health? George Campbell explains.

As the first Information Security Manager at a fairly large financial institution, I lived by trial and error for a while. Admittedly, I made mistakes along the way, but the good thing is I learned from them and most of the time put what I learned to use.