GRC, Page 2

E5 – The Flies and the Hornet – Insect Bites

A cool breeze whisked through the window causing the scrolls on the Wizard’s desk to rattle and tremor.  The wise man shifted a large scroll to weigh down some loose papers.  He reallocated a heavy paper weight to secure some more papers.  The weather had turned cold but the Wizard enjoyed the brisk air flowing…

Compensating for Control Issues

Whoa wait a minute…is this a psychology lesson? Well if so hopefully it’s no less comfortable than your favorite chair! Last week we kicked off a new blog series on Issues Management. Read Steve’s initial volley here which neatly frames up the problem of the “Issues Pit”. This week we’ll discuss the process of compensating for control…

Know your Gaps; Take Action

Issues – we all have them.   I should clarify that statement.   I am not talking about you personally or referring to the ‘lie on the couch, tell me about your relationship with your mother’ types of issues.  I mean – all organizations have issues.   Some are big and some are little but all organizations find…

E4 – Storms on the Horizon – Gathering Forces

Marty was getting use to his spot in the executive conference room.   He awaited the arrival of the host of the meeting – Howard Mentinger, the Chief Risk Officer of MagnaCorp.  The CRO had been with the company for many years and had held multiple roles in the business.  His analytical mind reduced business problems…

E4 – Storms on the Horizon – The Weather Turns Cold

Marty went through packet captures once more to make sure he wasn’t missing anything important.  He had pulled traffic logs and netflow data for the last few weeks specifically looking for anomalous activity.  His sixth sense was piqued by the vNextGen’s security team mentioning increased commotion on their network.  As he drilled deeper into the…

The Risks of Root Causes

I spoke recently at a workshop organized by the Alan Turing Institute in London to identify areas related to cyber security in which major research is needed. Though I focused on security analytics, I also talked about the need to develop more effective models for understanding and managing risk, citing the work that my colleagues…

E4 – Storms on the Horizon – First Winds

The Siren sat demurely in her corner booth at the café watching the patrons with an air of casual indifference.  A closer inspection of her after a few minutes though would reveal the intensity of a predator as her eyes smoothly moved from one customer to the next.  She surveyed every table for a few…

E4 – Storms on the Horizon – The Calm Before

Marty walked into the executive conference room and felt he had passed through a portal of luxury.  No battered pizza boxes in the trash cans.  No empty soda cans littering the table.  No crazy mess of networking cables running across the floor.  He was used to that type of working environment.  Instead, he saw an…

Introducing RSA Archer GRC 6 to Our Federal Community

Through the years, as federal information assurance professionals, we’ve seen a lot of adjustments and evolution. We had an arms race in buying newer and better firewalls, more secure networking devices, IDSs, IPSs, and SIEM tools. We bought generations of scanners and sensors. We watched several iterations of C&A and A&A methodologies come and go.…

Introducing RSA Archer GRC 6 – Inspiring Risk Management

There is no question organizations today are in a rapidly changing risk environment and the pressure to improve risk management practices is being driven top down from boards and executives. Managing a cultural shift from the reactive checking the box of compliance to a more proactive risk management model requires change and participation across the…