STRATEGIC PLANNING/ERM Articles
Survey Says More Companies Hiring CSOs, Holding Steady on Spending
Seventh Annual Global Information Security Survey: In a sign that companies may finally be getting that security is important, more say they have hired a CSO to take charge of their defenses. (Last of a four-part series)
The Seven Deadly Sins of Security Policy
Are your security policies really managing your organization's risks? Or are they just 'check-the-box' rules? We detail common policy mistakes security pros often make.
7 Ways Security Pros DON'T Practice What They Preach
IT security pros spend oodles of time trying to hammer best practices into the heads of fellow employees. But in an informal poll conducted by CSOonline, many admitted they don't always follow their own advice.
No Excuses: Managing Operational Risk
Headlines about high-profile white-collar criminals sometimes mask underlying weakness in business controls and risk management. This book excerpt looks behind the curtain.
How to Succeed in a Two-Faced IT Security Job Market
More companies are hiring CSOs and moving security tasks in-house. But that doesn't always mean more jobs (article and 3 audio clips).
Surviving Layoffs: Five Career Lessons from the Security Trenches
Company politics, stonewalling, layoffs -- sometimes it's part and parcel of the security job. Here are one CISO's takeaways.
What Should WH Cybersecurity Coordinator's Job Description Look Like? One Man's View
Part 2 of Ariel Silverston's "Mission Impossible" series: If President Obama's new cybersecurity coordinator is to have any real impact, there are a few things that will need to be worked into the job description.
Report: Business Risk of Fraud, Corruption Up Amid Economic Crisis
Control Risks' report suggests businesses heighten efforts to guard against fraud and comply with stringent regulations.
Mission Impossible? A Plan to Secure the Federal Cyberspace
Security expert Ariel Silverstone looks at what is needed to truly secure the online systems used by the federal government. Does Obama's plan measure up? (First of a three-part series)
How to Write an Information Security Policy
Jennifer Bayuk explains the critical first step, what to cover and how make your information security policy - and program - effective
