Breaking the Value Ceiling

As the conversation around the value of connecting processes within GRC progressed, the idea of a “Value Ceiling” for certain operational enablers and processes emerged. Certain niche technology enablers have a point where the tool is bringing value for the immediate needs but there is more value to be extracted if that technology enabler could be used for broader purposes. In other words, there is POTENTIAL value that could be derived beyond the initial scope of the technology IF the technology can share data or enable other processes. A Value Ceiling is the point where the technology enabler achieves its operational value but can no longer provide greater potential enterprise value due to constraints, disconnectedness or some other barrier.

Business Continuity: How to Apply Enterprise Risk Management to Your BCM Planning Efforts…and Vice Versa!

by Patrick Potter, RSA Archer GRC Solutions Business Continuity Management (BCM) programs typically do a good job of evaluating business criticality through performing Business Impact Analyses (BIAs) to determine recovery priorities.  However, how many BCM and IT Disaster Recovery (DR) programs adequately assess risks starting at the overall program level down to the process or…

The Space Between the 1s and 0s – Redux

A few months ago, I wrote a short blog using the “space between the 1s and 0s” as a metaphor to discuss dimensions of data that are beyond just the digits sitting on the disk drive. These dimensions included how the data was created, who created it and why it was created along with the security implications of those dimensions. Data created by a business process that includes personal information is much different than the invitation to the company monthly birthday party. Yet those 1s and 0s, many times, sit side by side on our laptops, servers and storage area networks. Recently, EMC announced the 2012 findings from IDC’s 6th EMC-sponsored Digital Universe Study. This study has some amazing and interesting results – some directly related to this “space between the 1s and 0s”.

Starting with the End in Mind: the Need for Security Governance

Under the leadership of CyLab Adjunct Distinguished Fellow, Jody Westby, the CyLab team gathered information from CEOs, CFOs, CROs and board members of the Forbes Global 2000 regarding security governance practices in their companies. The results showed significant gaps in security governance in more than half the respondents. Even for someone like me who tends to see the glass as half-full, this is a major concern in a world of increasing threats to information security.

The “Dynamic Tower”: Security as a Process

The Security for Business Innovation Council report published last month lays out a roadmap for responding “When Advanced Persistent Threats Go Mainstream” (as the report title puts it). One of the most important recommendations in that report is captured by Roland Cloutier, VP and CSO of ADP Inc, when he says: “you have to have the resources and a process for risk decision-making that enable rapid changes to your protection platform.” That is, the roadmap in the report doesn’t lead to a static, unchanging security monolith. It’s a model for a process that builds dynamism into security, not unlike the architectural model of the Dynamic Tower that David Fisher has designed for Dubai.

RSA’s Insight on Security Management

Welcome to one of Speaking of Security’s newest blogs completely focused on security management, something we’re calling Security Management Insights or SMInsights for short. I am honored to author the initial post in which should be a highly active and thought provoking forum for dialogue related to the challenges facing today’s information security professionals. This is a team blog so you will benefit from hearing from a multitude of product managers from the products and solutions which comprise RSA’s emerging Security Management Suite. We continuously receive the opportunity to interact with customers and analysts and will use this blog to share insights about organizations’ security challenges and strategies.