Welcome to Delicate template
Header
Just another WordPress site
Header

Making Security Make Sense

September 13th, 2011 | Posted by Michael Oglesby in Education - (0 Comments)

Skimming the July issue of MSDN magazine, an article titled “When Security Doesn’t Make Sense” by David Platt caught my eye. As someone who relays security advice on a daily basis, outside perspectives on security are of great interest.Read more

, ,

IT GRC, The Story – How do you do it? – Part 2

September 8th, 2011 | Posted by Tommy Thompson in Compliance | IT GRC | Security - (0 Comments)

I was recently discussing IT GRC program implementation with the CIO of a growing, mid-sized software company when he presented the question, “But HOW do you do it?  I mean, how do you get employees to follow the rules in a GRC program?”  The following is the second part to my response to his question…Read more

, ,

PCI Vulnerability Scanning – External and Internal Views

September 3rd, 2011 | Posted by Brett Edgar in PCI | Security - (0 Comments)

Vulnerability scanning. Mention those two words, and your IT operations staff usually shudders. Conversely, your IT audit/security staff usually start doing a happy dance (I think those guys are sadists, like Steve Martin in Little Shop of Horrors.) Love it or hate it, vulnerability scanning is required by many compliance regimens. The PCI DSS states that you have to perform vulnerability scanning quarterly, and from both an external and internal perspective. If you follow the letter of the PCI law, that’s at least eight scans a year. I would like to posit that if you’re really doing PCI vulnerability scanning correctly, it’s more like a minimum of 12 scans each year, with 16 being the better number.Read more

,

True’s Executive Roundtable Event Held August 24th

August 31st, 2011 | Posted by Kayna Kelley in Compliance | Events | Security - (0 Comments)
True Executive Roundtable Event

TRUE’s latest event brought together a select group of industry thought leaders to discuss various aspects of risk management theories and principles as well as the metrics involved in executive-level decision-making.

Attendees benefited through open and candid exchange with peers on how risk impacted the various organizations. Participants conveyed how risk is defined within their respective companies and discussed quantitative vs. qualitative risk assessments and the concept of company-defined acceptable risk.Read more

, , , ,

IT GRC, The Story – How do you do it? – Part 1

August 19th, 2011 | Posted by Tommy Thompson in IT GRC - (1 Comments)

I was recently discussing IT GRC program implementation with the  CIO of a growing, mid-sized software company when he presented the question, “But HOW do you do it? I mean, how do you get employees to follow the rules in a GRC program?”  My response to his question…Read more

, ,