Bridging the Risk Gaps Among Security, Operations, and Business Leadership
In most organizations, the responsibility for protecting against vulnerabilities falls on the shoulders of two teams: This dynamic creates a tendency to approach vulnerability management “by the numbers.” For example, the vulnerability management team in the security organization might determine that several vulnerabilities in Apache web servers pose a very high risk to the business […]
SCALING PLAN – I want to sustain & implement while exploring different ways of increasing the scale of my work.
Once a project or pilot has been successfully implemented, the next step is to build upon this success by sustaining and growing it further. Essentially this means extending the reach of your work to a bigger population. There are many ways of scaling up – from replicating the project across geographies, to collaborating with different […]
Prection of Systems: Working with Risk Management
Risk management sits at the heart of everything the information security team does. As such, the information security manager should encourage the business to embed information risk management into every process it uses to deliver its products and services. Every member of staff should be encouraged (and educated) to raise threats, vulnerabilities, and risks with […]
Protection of Systems – Secure Development Business Processes
Secure Development The information security manager’s role in systems and software development is key. You will be required to ensure that the output from any development projects running in your organization (or outsourced to a third-party development company) is secure, whether they are creating a new line-of-business application or a new infrastructure capability . “But […]
CREATING A SECURITY STRATEGY
The concept of a strategy is often used to describe the way the business will grow or develop over a long period of time with a number of specific targets it wants to achieve: grow by 30%, establish a 55% market dominance, expand into Europe or Australia, and so forth. Strategic targets are often pitched […]
Integration with Risk Management
Risk management is at the heart of everything we do in information security . The information security manager must advocate a risk based approach for every security-related decision taken by the business,including even the simplest decisions, such as whether or not to buy a firewall for the perimeter defense or purchase some antivirus software for […]
It’s Not Just About Technology: The People Side of Digitization
Anything that can be digitized will be digitized! The process of digitization affects almost everything in today’s organizations and puts huge pressure on these to change. Therefore, it is crucial for leaders to understand the implications of digitization on their organization and employees. Digitization not only changes the way of working, it also accelerates the […]
Encourage a Culture of Security Awareness
What’s different about information security in the business as opposed to other aspects of your organization’s operation is that security becomes the responsibility of every single person. From the very top of your business, down to the very bottom, every single person has access to information that could be misused or abused if it got […]
Security in Organizational Structures
We all know that the big boss is usually the chief executive officer (CEO) or the managing director. In businesses of significant size, the CEO typically reports to a board of directors, who are responsible for providing strategic direction to the business and ensuring that the CEO stays on-target and protects their investment. Beneath the […]
Strategic Intelligence: The Core of Executive Decision Making
When people first hear the term strategic intelligence (SI), they think of military or defense intelligence. Even though the roots of SI may have been with the military, the essence of SI applies to all organizations — that is, how organizations can improve their strategic decision-making process. To help reduce this risk, executives can use […]
