SecurityRatty: IT Leaders - Security and Risk Management

Risk or Security Management: What's In a Term?

2008-11-11 14:59:18 by Posted By: Tom Scholtz, Research VP in IT Leaders - Security and Risk Management

...information security vs. information risk management Well, maybe such a clear differentiation is not always required. Maybe security and risk management is so intertwined that continuously trying to separate them becomes counterproductive. Let's try to look at this objectively: I can make a clear argument that security is an integral part of...

Given the Current Economic Turmoil, What Should IT Managers Do?

2008-10-17 11:38:02 by Posted By: John Bace, Research VP in IT Leaders - Security and Risk Management

...information in a timely fashion with friends and neighbors in the community. Management should be extremely sensitive to non-work related issues that may have an impact on employee morale and well being. The most obvious is related to housing, mortgage default and potential foreclosure. However, it can extend beyond the most obvious issues....

Tags: financial crisis, current financial crisis, increase cash flow, increase, central focus, cash flow, focus, senior management, obvious issues

Making Security Vendor Review a Continuous Process

2008-10-16 15:23:23 by Posted By: Greg Young, Research VP in IT Leaders - Security and Risk Management

...security market is moving faster than almost any area of technology. The churn of new companies popping up and existing companies getting acquired or disappearing can be seen by comparing a Magic Quadrant with the previous year's version. The ever-changing threat is the major driver for this hyperactivity Every security professional needs a...

Tags: security vendor, vendors, big-ticket support agreement, support, product vulnerabilities, product, annual internal budget, vendor check, check

M&A Patterns in the Security Space

2008-10-08 14:12:27 by Posted By: John Pescatore, VP Distinguished Analyst in IT Leaders - Security and Risk Management

...information security industry always come in waves, just like they do in the IT industry. After every wave, there is always talk of "consolidation" and "enterprises want one stop shopping" and that talk is always proven wrong. Just as in the overall IT industry, the majority of mergers and acquisitions do not succeed and the ones that do are...

Tags: security space, network security space, companies, patterns, firewall companies acquire, information security space, mergers fit, information security industry, mergers

From the Executive Women's Forum on Information Security

2008-09-18 19:29:34 by Posted By: Roberta Witty, Research VP in IT Leaders - Security and Risk Management

...Information Security, Risk Management & Privacy is "risk convergence is inevitable." The risks associated with information security, privacy, physical security and so forth are converging such that an integrated management approach is required from within the firm Interestingly enough, business continuity management was not a key risk area...

Tags: risk, risk approaches, risk program, risk management, management, management approach, key risk, audit department, internal audit department

XTM? YAUSA, or Yet Another Useless Security Acronym

2008-08-11 17:06:29 by Posted By: Greg Young and Adam Hils in IT Leaders - Security and Risk Management

...security vendors under the guise of fresh marketing 3. There is little evidence that many of the components in these platforms are integrated, much less "unified." Now, there is some promotion of the new acronym XTM (that is, eXtensible threat management) as a new generation of UTM. We're not referring to any product name, but the attempt to...

Tags: network, enterprise network firewalls, enterprise, network security products, enterprise security vendors, utm, acronym, term utm, products

Do You Speak E-Discovery? You Should, Even in Europe

2008-07-24 12:05:25 by Posted By: Carsten Casper and John Bace in IT Leaders - Security and Risk Management

...information is involved) is unique to the "common law" countries - notably the U.S., the U.K., Canada, Australia and New Zealand. Discovery in common-law civil litigation is a form of interrogatory in which both parties agree to the pretrial exchange of information, so that the plaintiff can prosecute a cause for action and the defendant can...

Tags: e-discovery, e-discovery simply, e-discovery actions, sensitive information, information, include information, discovery, produce relevant information, e-discovery claims

Same Letters, New Acronym

2008-06-27 12:50:12 by Posted By: John Pescatore, VP Distinguished Analyst in IT Leaders - Security and Risk Management

...information and address new threats that have common impacts across their product lines. This is markedly similar to the goals of another consortium that all five vendors belong to, the Information Technology Information Sharing and Analysis Center (IT-ISAC), established way back in 2001 and largely ineffective There are some differences,...

Tags: security, security officers, security services vendors, vendors, technology vendors, infrastructure vendors, security product vendors, north american vendors, vendors belong

FBI Freaks Out and Mixes Up Issues, but There Is a Valid Point in There

2008-06-02 11:16:35 by Posted By: Greg Young, Research VP in IT Leaders - Security and Risk Management

...security nexus is a good path to funding, albeit not always a legitimate case. There are too many examples of this bad behavior to list. The deck contains a point about vendors needing to link government sales and brand protection - instead, the point should be that government sales need to link to a trusted supply path Getting a trojan in...

Tags: fbi, network gear, counterfeit network gear, link government sales, link, government sales, fbi powerpoint deck, foreign power, deck

How Do I Get ISO27001 Certification?

2008-05-20 17:31:23 by Posted By: Carsten Casper, Research Director in IT Leaders - Security and Risk Management

Everybody has heard of the international standard ISO 27001 (or at least of its U.K. predecessor, BS7799-2). Now, more and more people wonder: How do I get a certificate for my organization? While in some

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo