risk management

  • Why don't risk management programs work?

    Posted May 20, 2013 - 4:30 pm

    When the moderator of a panel discussion at the recent RSA conference asked the audience how many thought their risk management programs were successful, only a handful raised their hands. Why don't these programs work?
  • How CIOs are making security an enterprise necessity

    Posted December 3, 2012 - 5:12 pm

    Information security is often seen as more trouble and cost than it's worth. Until it fails. How can CIOs truly make it part of enterprise risk management?
  • The Amazon outage in perspective: Failure is inevitable, so manage risk

    Posted November 1, 2012 - 11:29 am

    The most recent Amazon Web Services outage left customers (and rival cloud providers) blaming Amazon. Instead, CIO.com columnist Bernard Golden says, everyone needs to accept that cloud computing is not immune to failure. Fortunately, a key advantage of the cloud -- cheap, easy redundancy -- will help mitigate the risk of an outage.
  • Why risk management fails in IT

    Posted October 16, 2012 - 4:23 pm

    It is frustrating to see the amount of budget allocated to compliance when you consider that most of the money goes to documenting security controls, not improving defenses. One of the biggest reasons is that risk management, a carry-over from the bigger world of business, does not work in IT security.
  • 5 things you need to know about risk management

    Posted October 13, 2012 - 9:17 pm

    Risk is everywhere and if you're just trying to minimize it within IT, you're taking an additional risk. Follow these tips and learn how to take an intelligent approach to risk management.
  • Forecast 2013: Setting a mobile risk management strategy

    Posted September 24, 2012 - 11:41 am

    If you're CIO at a large enterprise -- or a small one, for that matter -- chances are good that you're seeing a steady rise in the number of employees using smartphones and tablets at work.
  • Easy risk management can prevent costly errors (ask United Airlines)

    Posted September 6, 2012 - 4:07 pm

    United Airlines just can't win. Last week a data center hardware failure grounded caused nine cancellations and 580 delays. Recently, too, the carrier's computer systems let members of its Mileage Plus frequent traveler program book reservations involving either a connection or a final destination in Hong Kong, for travel in the first-class cabin (where purchased tickets can go for more than $15,000), for as little as four--yes, four--miles roundtrip.
  • Owner's Manual: Risk management

    Posted July 5, 2012 - 2:54 pm

    Security pros offer advice for a successful risk management strategy.
  • Startup Allgress delivers heat maps that display cold risk management facts

    Posted June 26, 2012 - 9:49 am

    Startup Allgress made its debut Tuesday with software designed to give chief information security officers (CISOs) a view into the security and risk-compliance status of corporate networks and data resources.
  • Start-up Allgress delivers heat maps that display cold risk management facts

    Posted June 26, 2012 - 9:46 am

    Start-up Allgress made its debut Tuesday with software designed to give chief information security officers (CISOs) a view into the security and risk-compliance status of corporate networks and data resources.
  • Mobilisafe debuts with mobile risk-management software

    Posted June 4, 2012 - 2:52 pm

    Start-up Mobilisafe makes its debut Monday with a product intended to help IT managers monitor for risks associated with both employee-owned and corporate-issued mobile devices.
  • Patch management still big stumbling block in risk management, survey shows

    Posted May 29, 2012 - 2:45 pm

    Everyone talks about "risk and compliance" in security, but what do companies have to do to make it through audits and meet regulations related to information security? And what are the costs?
  • Symantec record: Two major hacks, two major delays admitting fault, risk to customers

    Posted January 26, 2012 - 3:16 pm

    If your company were hacked in a way that could directly hurt customers, would you announce the worst-case scenario so they could prep while you develop a solution? Or dribble out the news slowly? Symantec dribbled, first with SSL tokens, then source code, leaving customers at risk.
  • What are your risk managers thinking about?

    Posted November 30, 2011 - 5:34 pm

    Security looks at operational risk, but most big companies have officers called risk managers who actually buy insurance policies for the company. What's on their minds? If you run a security operation, you should know, because your work and their work are intertwined.
  • 3 security acronyms to avoid (and 3 to embrace)

    Posted October 13, 2011 - 8:02 am

    Today's security trends are the usual acronym soup. Here are 3 you'd do well to avoid and 3 worth your attention.
  • Hacks make Internet look lawless, but security just hasn't caught up to spear-phishers yet

    Posted June 3, 2011 - 12:09 pm

    Data breaches shake confidence in the cloud, blaming it for security gaps between new technology, old security policies and a human tendency toward trust. Fix that and you're golden.
  • Checklist for a successful security assessment

    Posted June 2, 2011 - 11:12 am

    A security assessment is a request to analyze the risk of an IT solution. The request is initiated by a CISO (Chief Security Officer) or ISO (Information Security Officer) within a corporation. It is used to make sure that security concerns are met before changes are made to the information technology infrastructure. There are foundation plans which evaluate the state of new applications or infrastructure. Or there are incremental plans that address changes to the foundation plan.
  • Skype is one more example of why to trust the cloud but wear a parachute

    Posted May 27, 2011 - 10:40 am

    Skype's outage is apparently due to corruption in client-side files -- much different from the cause of outages at Amazon and Azure. The reason doesn't matter; the contingency plan does.
  • Amazon crash reveals 'cloud' computing actually based on data centers

    Posted April 22, 2011 - 3:24 pm

    Hype makes it easy to forget the cloud requires the same skills and includes the same risks as n-tier applications and data-center computing anywhere.
  • Risk management in coud computing

    Posted April 15, 2011 - 9:50 am

    The rewards of cloud computing can be tremendous if the risks are well managed. E-Com Canada's Sri Prakash discusses how best to manage the risk when planning to move assets to the cloud.
  • SAP takes on IBM, Oracle with new GRC suite

    Posted March 23, 2011 - 9:16 am

    SAP is hoping to cement its foothold in the growing market for GRC (governance, risk and compliance) software with a new suite, announced Wednesday, that is nearly three years in the making.
  • Watch out CISOs and CSOs: Chief Risk Officers may be gaining on you

    Posted March 10, 2011 - 1:13 pm

    CSOs and CISOs may feel more pressure from a new breed of security professional - the chief information risk officer - now that the federal government has made risk management mandatory and spelled out in a new document just how risk ought to be assessed and dealt with.
  • Dos and don'ts for IT GRC success

    Posted March 7, 2011 - 9:47 pm

    DO agree on an IT-GRC implementation strategy. Moving disjointed, manual processes into an automated, centralized tool is an enormous undertaking. While a giant boa constrictor can unhinge its jaw and swallow a large mammal whole, that strategy is not advisable for your enterprise.
  • IT GRC tools: Control your environment

    Posted March 7, 2011 - 9:45 pm

    As enterprises approach a high level of maturity in their IT governance, risk and compliance (GRC) programs, they face a conundrum: How can they effectively implement and manage policies and their supporting controls to maintain a strong risk posture? To add to the difficulty, the environments they manage are often widely distributed and subject to multiple regulatory requirements and internal audit requirements, and must adapt to changing business needs. GRC tools are designed to help.
  • eGRC vs. IT GRC

    Posted March 7, 2011 - 9:43 pm

    Most analysts break the market down into two broad categories: IT GRC and Enterprise GRC (eGRC). The vendors generally don't make it any easier for potential enterprise customers, as the IT GRC players often claim they do eGRC, and all the eGRC vendors saying they encompass IT as well.
Spotlight on ...
Online Training

    Upgrade your skills and earn higher pay

    Readers to share their best tips for maximizing training dollars and getting the most out self-directed learning. Here’s what they said.


    Learn more

Join today!

See more content
Ask a Question