Strategic Planning / ERM
News
Security culture begins at the top
What’s the most important factor of a successful security program? Technology such as endpoint protection? Making sure your change management processes and system development life cycle includes consideration of security risks? Strong policies? Not quite.
How to implement a successful security and disaster recovery plan
Although security issues are often top of mind for many organisations, they are often not considered as part of a disaster recovery (DR) plan.
Learn to ask the right questions on cloud security before it's too late
The hard sell around cloud computing is in full swing, but many potential customers are finding it hard to evaluate the security profiles of potential providers and should take a broader view of their objectives and standards, an expert in the auditing of IT security infrastructures has warned.
Security must change with service management: UXC Consulting
Security managers must break down their walled-garden mentalities and integrate security deep into the heart of increasingly flexible, BYO computing-driven IT service management (ITSM) environments or risk data death by a thousand cuts, a systems and security consultant has warned.
ISMS Certification for Outsourced Service Providers
The aim of this article is to provide companies that offer outsourced services, (dealing with the management of information), some tangible, commercial benefits to go down the ISMS implementation and certification path.
Opinions
Opinion : Mark Ames discusses "Value for Policy"
Your board and audit committee are looking for reduction in risk exposure driven by your information security policy. Is this something you can track and measure?
Get exclusive access to CSO, invitation only events, reports & analysis. 
Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).
- Have an incident response plan.
- Pre-define your incident response team
- Define your approach: watch and learn or contain and recover.
- Pre-distribute call cards.
- Forensic and incident response data capture.
- Get your users on-side.
- Know how to report crimes and engage law enforcement.
- Practice makes perfect.
Warning: Tips for secure mobile holiday shopping
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.
