Strategic Planning / ERM

News

Security culture begins at the top

By Wayne Chung | 02 February, 2012 11:03 | 6 Comments

What’s the most important factor of a successful security program? Technology such as endpoint protection? Making sure your change management processes and system development life cycle includes consideration of security risks? Strong policies? Not quite.

How to implement a successful security and disaster recovery plan

By Philip Owens | 22 December, 2011 10:36

Although security issues are often top of mind for many organisations, they are often not considered as part of a disaster recovery (DR) plan.

Learn to ask the right questions on cloud security before it's too late

By David Braue | 21 October, 2011 13:54 | 1 Comment

The hard sell around cloud computing is in full swing, but many potential customers are finding it hard to evaluate the security profiles of potential providers and should take a broader view of their objectives and standards, an expert in the auditing of IT security infrastructures has warned.

Security must change with service management: UXC Consulting

By David Braue | 18 October, 2011 07:32 | 1 Comment

Security managers must break down their walled-garden mentalities and integrate security deep into the heart of increasingly flexible, BYO computing-driven IT service management (ITSM) environments or risk data death by a thousand cuts, a systems and security consultant has warned.

ISMS Certification for Outsourced Service Providers

By Mark Jones | 13 October, 2011 11:03

The aim of this article is to provide companies that offer outsourced services, (dealing with the management of information), some tangible, commercial benefits to go down the ISMS implementation and certification path.

Opinions

Opinion : Mark Ames discusses "Value for Policy"

By Mark Ames | 08 July, 2011 06:12

Your board and audit committee are looking for reduction in risk exposure driven by your information security policy. Is this something you can track and measure?

CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

AVG Internet Security 2011 Business Edition

Ultimate protection for your small or medium-sized business

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.