Khalid Kark offers five key points for articulating the value of infosecurity.
If the economic downturn has proven anything, it's that many CISOs still struggle to articulate the value of their security programs and justify the security budget to business and executive management. Many helplessly watched their budgets slashed, their projects postponed, and their employees laid-off.
Ben Rothke looks at how to destroy digitally stored information. Includes pros and cons of in-house and outsourced data destruction.
In the first installment of Why Information Must Be Destroyed I discussed how not discarding worthless hard copy documents, even though they appear to have no value is a security risk. While this is true for physical hard copies, it is even more relevant for digitally stored data.
Current security practice has failed users, they say. n
A panel of security experts agreed that security needs to thought of a lot earlier in the software development lifecycle, and that the IT industry needs to start shipping "hardened" products, especially with the advent of the cloud and visualisation making the location of sensitive data even more difficult to locate.
Deloitte survey shows that only 36% of the respondents expressed confidence that their organizations are prepared to prevent or block cyber-attacks from internal threats.
A survey of 250 chief information security officers involved in the financial-services world shows that while they have increasing responsibility for IT strategy and planning, they harbor growing concerns about internal security and management support amid the sharp economic downturn.
Should security policies, procedures and processes be managed within a central body, or distributed at an individual level? You need to find the middle ground.
The management of information risk has become a significant topic for all organizations, small and large alike. But for the large, multi-divisional organization, it poses the additional challenge of determining how to deploy an information security governance program among what are often disparate business units. Should the policies, procedures, and processes that define the program be developed and managed within a central, corporate body? Or perhaps responsibility would be better placed at the individual unit level? Is there a workable middle-ground?
Will your next exposure be academic or commercial?
Information Security is an odd environment in that most of the leading edge research takes place away from academic and designated research institutions, out in the industry. As a result there is a curious approach to publishing new information that doesn't really exist anywhere else.
