businessman with blank book and arrows choice as concept s_148634498

IT Compliance: All About That Base (Standard)

When it comes to IT risk management approaches, few things spark more debate than the use of standards. To explore this is to ponder another alphabetic quagmire of acronyms, categories, and random numeric designations. So which is the best? Is there even such a thing as “best”? If not, how do you choose otherwise? Or…

Read More

Compliance by Design

It’s not often that I get to share the stage with a legal expert. But at this year’s RSA Conference US, Hayden Delaney and I gave a session on Compliance by Design, exploring this emerging discipline that is becoming as important as Privacy by Design and Quality by Design. (image copyright ©2015 Havden Delaney. Used by…

Read More

The Growing Need to Manage Third-Party and Vendor Risk

Organizations are increasingly outsourcing key processes to third parties and using an ever-wider range of vendors in their supply chains. Among the benefits most cited are the opportunity to reduce operating costs, access to specialized expertise, and the ability to better focus on core competencies. But, organizations looking to work with third parties must balance…

Read More
van den Dool

Risk and Security Spotlight: Accenture

We caught up with Floris van den Dool, Managing Director for Information Security Services across Europe, Africa and Latin America for Accenture at the RSA Archer EMEA GRC Summit in London in November to get his take on what’s happening in the security industry. Van den Dool explained that traditional ways of security are no…

Read More

How Focusing on GRC Processes Can Improve the Business

As the risks that organizations face increase and mandates become ever more prescriptive, effective governance, risk management, and compliance (GRC) implementations have become core to the business. To make these projects more successful, organizations need to focus on business issues and processes before moving on to implementation. According to ISACA, putting in place repeatable processes…

Read More
IGA PAM Blog Image

Connect IGA with PAM to Truly Control All Identities and Access

Organizations today are struggling with managing and governing access. Increasing regulations, a heightened threat landscape, insider threats and an explosion in the number and type of users have all conspired to cause tremendous pressure on IT and Information Security.  At the same time, organizations are expected to grow, generate more revenue and be more productive,…

Read More

Introducing The SBIC Blog — Strategic Guidance from Global Security Executives

Imagine if you had regular access to a group of top-notch advisors – security leaders from some of the world’s largest brand-name companies – to help you build your security strategies? Companies like Coca-Cola, Fed-Ex, Intel, Johnson & Johnson, JPMorgan Chase, SAP and Walmart. For the last five years, the Security for Business Innovation Council (SBIC) has been publishing reports which deliver actionable recommendations from some of the world’s most accomplished security leaders. Given the immense challenges in information security today, we know that practitioners are hungry for more guidance based on real-world experiences and lessons learned. This new SBIC blog provides increased access to Council members’ valuable insights.

Read More

To Cybercriminals, The Size of a Company No Longer Matters

Gone are the days when it was thought that size of the company matters to the cybercriminals. The latest PwC Information Security Breaches Survey 2013 shows that there has been a significant rise in the number of small businesses that were attacked by an unauthorized outsider in the last year – up by 22%. Interestingly large organizations only went up by 5%. The cybercriminal has moved on to stealing intellectual property or corporate secrets as that’s where the real money is and small companies become easy targets as many do not have the resources or budgets to fully protect their information.

It’s time to understand the differences between corporate secrets and custodial data.

Read More