Wannacry or Wannabrag? Educating the board on why

Wannacry or Wannabrag? Educating the board on why

Recent media attention on the Wannacry incident provides the opportunity for information security managers to demonstrate what they did right and how management decisions (and investments) directly impacted how the organization was...

05/24/17

Information security professionalism requires both credentialing and codes of professional practice

Information security professionalism requires both credentialing and codes of professional practice

It's time for information security practitioners to be recognized as professionals. But that will require self-discipline. Independent validation of skills and the promulgation of strong and enforceable codes of professional practice...

04/19/17

Hey New York - ready for CyberSOX?

Hey New York - ready for CyberSOX?

If your organization is regulated by New York State’s Department of Financial Services (DFS), your organization will need to comply with a new cybersecurity regulation that goes into effect on March 1, 2017.

02/21/17

Accepting the risk requires more than doing nothing

Accepting the risk requires more than doing nothing

It's not enough to accept the risk by doing nothing. Getting everyone to sign an agreed upon analysis that justifies accepting the risk is key to optimizing risk decisions and protecting both the organization and the risk management...

12/19/16

Overcoming the ghosts of data analytics past

Overcoming the ghosts of data analytics past

Data analytics has been around for quite some time. Yet, despite the technological advances, many users continue to be challenged in achieving promised benefits. The article provides a checklist of lessons learned that when applied to...

11/01/16

Friend or foe? Bank regulator issues new information security exam procedures

Friend or foe? Bank regulator issues new information security exam procedures

Financial institution regulatory agency issues revised examination handbook that communicates enhanced regulatory expectations on how institutions should better manage cybersecurity risks. Some new and some enhanced requirements will...

09/26/16

Key questions to mull as you head into infosec budgeting season

Key questions to mull as you head into infosec budgeting season

Tips for getting the budget past the financial people - from the financial professional's perspective.

08/22/16

Update to risk management framework should be taken seriously

Update to risk management framework should be taken seriously

COSO, that same organization that sponsors that internal control framework for Sarbanes-Oxley control compliance, recently issued a long awaited exposure draft update to their Enterprise Risk Management framework. By translating the...

07/12/16

How to avoid vulnerability assessment gotchas

How to avoid vulnerability assessment gotchas

Common findings and exceptions when auditing or performing a post-breach exam of vulnerability assessment effectiveness.

05/12/16

Audit committee cheatsheet for IT and cyber professionals

Audit committee cheatsheet for IT and cyber professionals

What exactly do audit committees do and who gets to be on one.

04/25/16

Reflections on the 2016 external audit season

Reflections on the 2016 external audit season

Having a "to-do" hangover from this year's external audit report? Here's what you can do to minimize those recommendations next year - while making yourself and your boss look good.

04/11/16

Answers to audit committee questions that will keep you employed

Answers to audit committee questions that will keep you employed

Cybersecurity continues to receive increasing attention from the Audit Committee. For many information technology professionals this interest creates opportunities for exposure to this critical corporate oversight committee and the...

04/01/16

Load More