Compliance

Great Things Come in 3s – EMC (RSA) Positioned in Leader’s Quadrant in Three Gartner Magic Quadrants

We have all heard the adage that great things come in threes. Stooges. Pigs. Blind Mice. The list goes on and on. I have am very pleased to announce another thrilling combination of three – Gartner Magic Quadrants. EMC (RSA) has been positioned in the leader’s quadrant in three Gartner Magic Quadrants: Operational Risk Management,…

Know your Gaps; Take Action

Issues – we all have them.   I should clarify that statement.   I am not talking about you personally or referring to the ‘lie on the couch, tell me about your relationship with your mother’ types of issues.  I mean – all organizations have issues.   Some are big and some are little but all organizations find…

IT Compliance: All About That Base (Standard)

When it comes to IT risk management approaches, few things spark more debate than the use of standards. To explore this is to ponder another alphabetic quagmire of acronyms, categories, and random numeric designations. So which is the best? Is there even such a thing as “best”? If not, how do you choose otherwise? Or…

CVSS Scoring: Why your Smart Refrigerator does not need to be Patched (Yesterday)

Is a CVSS score of 10, really a 10 in your environment? Vulnerability Risk Management is a work in progress for most organizations. Having dealt with many customers in this space, we have seen it all – the mature folks who utilize asset management to define ownership to multiple remediation teams – all the way…

Compliance by Design

It’s not often that I get to share the stage with a legal expert. But at this year’s RSA Conference US, Hayden Delaney and I gave a session on Compliance by Design, exploring this emerging discipline that is becoming as important as Privacy by Design and Quality by Design. (image copyright ©2015 Havden Delaney. Used by…

The Growing Need to Manage Third-Party and Vendor Risk

Organizations are increasingly outsourcing key processes to third parties and using an ever-wider range of vendors in their supply chains. Among the benefits most cited are the opportunity to reduce operating costs, access to specialized expertise, and the ability to better focus on core competencies. But, organizations looking to work with third parties must balance…

Risk and Security Spotlight: Accenture

We caught up with Floris van den Dool, Managing Director for Information Security Services across Europe, Africa and Latin America for Accenture at the RSA Archer EMEA GRC Summit in London in November to get his take on what’s happening in the security industry. Van den Dool explained that traditional ways of security are no…

How Focusing on GRC Processes Can Improve the Business

As the risks that organizations face increase and mandates become ever more prescriptive, effective governance, risk management, and compliance (GRC) implementations have become core to the business. To make these projects more successful, organizations need to focus on business issues and processes before moving on to implementation. According to ISACA, putting in place repeatable processes…

Connect IGA with PAM to Truly Control All Identities and Access

Organizations today are struggling with managing and governing access. Increasing regulations, a heightened threat landscape, insider threats and an explosion in the number and type of users have all conspired to cause tremendous pressure on IT and Information Security.  At the same time, organizations are expected to grow, generate more revenue and be more productive,…

Implementing Advanced Authentication to Satisfy CJIS Security Policy Compliance – Podcast #247

IT Director Lesley Chaney of New Hanover County North Carolina joins the Speaking of Security Podcast to talk about her experience with the newly updated Criminal Justice Information Systems (CJIS) Security Policy. Lesley recently led her team to implement RSA SecurID to protect remote access via laptops and mobile devices for more than 270 police…