STRATEGIC PLANNING/ERM Articles
Enterprise risk management: Get started in six steps
Daunted by the ambition of enterprise risk management? Here's a straightforward exercise to get started delivering ERM's business value.
Security metric techniques: How to answer the 'so what?'
You need to be ready when the boss responds to your presentation with a "so what?" At Metricon 5, the focus is on several security metric techniques to pull it off.
Former PA CISO: National cybersecurity bill won't work
The Lieberman, Collins, Carper cybersecurity bill would do nothing but slow down real progress and undercut Howard Schmidt's authority, former State of Pennsylvania CISO Robert Maley warns.
Inside Oracle's security assurance program
Oracle CSO Mary Ann Davidson walks SOURCE Boston attendees through her company's evolving secure coding effort.
Measuring the health of corporate security
What does the term 'corporate security' really mean? And how important is it to a company's health? George Campbell explains
SaaS, Security and the Cloud: It's All About the Contract
Security practitioners have learned the hard way that contract negotiations are critical if their SaaS, cloud and security goals are to work. A report from CSO Perspectives and SaaScon 2010.
Security Consultants and Lawyers: Don't Trust Them to Manage Risks
Security consultant Scott Wright breaks down the similarities between attorneys and consultants -- and explains why neither can really give you the risk management you need
The Myth of Convergence
George Campbell challenges a narrow, IT-centric view of security and risk management
Minimize Risk by Maximizing Accountability
Risk management only works when it factors into everyone's thinking. Kerri Grosslight of Wells Fargo lays out steps for getting there.
Federal Data Security Law: 'Careful What You Wish For'
A cybersecurity bill advanced further up the U.S. Senate gauntlet last week, and some IT security practitioners aren't happy about it.
