Risk News, Features, and Interviews


Lost patience with IT risks creating lost opportunities in security

By Richard Chirgwin | 26 July, 2012 14:03

Businesses are losing patience with IT at the worst possible time: just when companies are becoming more aware of enterprise risk.

Embedding risk culture

By David Roche | 28 February, 2012 16:51 | 1 Comment

An observation from the global financial crisis is that organisations with a weak risk culture can experience extensive or even catastrophic damage. Significant investment in risk management people, processes and technology is only part of a sound business risk environment. The key component is the risk culture.

Reloaded: Paying Lip Service to Incident Response

By Drazen Drazic | 12 December, 2011 09:39

"It will take a massive incident for our company to wake up to itself!" How often do you hear that in the information security industry? All the time -- so what generally happens when things go horribly wrong after the "incident" occurs?

Carrier IQ security risks overblown?

By George V. Hulme | 08 December, 2011 02:37

While we wait for the final judgment on the privacy implications of the Carrier IQ fiasco, security pros are asking what the potential security implications of the embattled mobile diagnostic software could be.

IT Audit Survey Exposes Weak Risk Assessment

By Roy Harris | 06 October, 2011 10:09

Even in the face of costly and embarrassing corporate security breaches, one in four companies fails to conduct any IT risk assessment. And 42% say there are areas of their information technology audit plans that cannot be addressed because of a lack of resources and expertise.


20 useful IT security Web sites

By Jon Brodkin | 08 April, 2008 09:50

Bookmarking these sites will help you protect your network, comply with government regulations and stay ahead of all the latest threats.


Sydney Water IT security manager talks governance strategy

By Rodney Gedda | 03 September, 2010 09:41

Information security governance should not be treated like corporate governance, IT security steering committees must have the right stakeholders and the board can remain largely unaware of security issues. Those are key strategies for effective security governance, says IT security and assurance manager at Sydney Water, Stephen Frede.

Why your information security stinks & what to do

By Bill Brenner | 22 April, 2010 03:19

Amit Yoran was the Department of Homeland Security's first director of the National Cyber Security Division of the Information Analysis and Infrastructure Protection office. But by September 2004 he was frustrated by what he saw as a lack of concern and commitment to Internet security. So he quit his post.

Why Security Matters Now

By Bill Brenner | 16 October, 2009 05:06

Social networking and cloud computing threats abound, our annual Global Information Security Survey finds, making information security important once again to business leaders.

Researchers advise cyber self defense in the cloud

By Dan Nystedt | 12 October, 2009 21:16

Security researchers are warning that Web-based applications are increasing the risk of identity theft or losing personal data more than ever before.

How dangerous could a hacked robot possibly be?

By Robert McMillan | 08 October, 2009 18:54

It seems like a question ripped from the back of a cheap sci-fi novel: What happens when the robots are turned against us?


Coping with a DoS attack

By Louise McKeag | 07 September, 2004 14:33

We keep hearing about Denial of Service attacks, and how they can bring large organisations to a standstill, yet do we really understand the full range of events that the term encompasses? What does make up a DoS (or distributed DoS) attack, how it is done, and what can you do to prevent it happening to you?


Risk Priorities for Financial Institutions in 2010

By Dana Wiklund | 09 December, 2009 08:08

Looking through the holidays into 2010 there are four clear priorities for risk management that cut across all tiers with financial institutions. Over the last year the pendulum has swung from the exotic to the pragmatic, from chaos to order within financial services. The four priorities for risk in 2010 can be derived from the word D.A.T.A.(data, analysis, transparency, accuracy).

The 10 Ackerman Principles of Counterterrorism

By Mike Ackerman | 27 November, 2008 12:43

Consultant and author Mike Ackerman's 10 counterterrorism principles for business.

The Importance of IT Risk Management in M&A

By Bill Kobel and John Gimpert | 03 November, 2008 12:21

Two experts break down critical considerations in merger and acquisition activity.

Information security governance: Centralized vs. distributed

By Audrey Agle | 05 September, 2008 10:15

The management of information risk has become a significant topic for all organizations, small and large alike. But for the large, multi-divisional organization, it poses the additional challenge of determining how to deploy an information security governance program among what are often disparate business units. Should the policies, procedures, and processes that define the program be developed and managed within a central, corporate body? Or perhaps responsibility would be better placed at the individual unit level? Is there a workable middle-ground?

Internet security: What will work

By Roger A. Grimes | 21 January, 2008 07:41

In the first column of this year, I discussed computer security outlook and hopes for 2008. I forecast more of the same that we saw in 2007: more spam, more malware, more bad guys basically owning the Internet and our connected computers. I don't see any trends or new leaders with significant power to change the status quo.

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Identity & Security Management

Identity and Security Management

Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.