Still the best source for security, cyberspace law and IT risk management! The HORSE Project now has its own Android app. Now there is an Android app to help you take it with you. Access premium downloadable content, guidance, tools, frameworks, and other content right from your Android device. Find it here in the Google Play… Read More
Re-Post: C-Suite Slipping on Information Security, Study Finds
The analysis in this article is consistent with my research to date and I thought it worth sharing. I would suggest however that given the input from one of the largest audit firms creates a scenario that I refer to as the “Self-Licking Ice Cream Cone” and should be objectively consumed. It is quite ironic… Read More
Information Security By the Numbers
The Security Trifecta is a comprehensive and innovative approach to holistic security, risk, governance and privacy coverage for the enterprise. Because the methodology is universally applicable and ultimately sustainable, it has become the perfect model for any size organization regardless of business concentration. In fact, the more critical, the more regulated, the more sensitive the… Read More
2012 Louisville Metro InfoSec Conference
I attended the 2012 Louisville Metro InfoSec Conference, now in it’s 10th year, as keynote speaker. The conference is a function of the ISSA Kentuckiana Chapter currently led by Randall Frietzche. Once again, they are pushing the capacity of the venue space due to the increasing popularity of this important conference. On a personal note,… Read More
Risky Business: IT Security Risk Management Demystified
PenTest Magazine just released their latest issue and my article, Risky Business: IT Security Risk Management Demystified is included. You may find it here and also directly from the publisher here. Enjoy!
Risk Management CPM Model
I recently wrote an article about IT risk management and created several illustrations. One in particular stands by itself in terms of depicting a holistic view of the whole risk management life cycle in a critical path method model which I thought would be worth sharing. It would be useful to your ISO 27005 or… Read More
The PCI Challenge
It is frequently in the news. Reports have been written. Punitive and compensatory damages have been awarded. Companies around the globe have been challenged to find the resources required to comply with the Payment Card Industry Data Security Standard (PCI DSS). The prime PCI DSS objective is to protect cardholder data. The prime objective of… Read More
Juris Doctor 135-143 of 161: The Geek Shall Inherit the Universe
Cyber-espionage and Cyber-warfare poses the greatest threat to our society today. No longer are massive militarized forces with the most advanced weaponry the force to fear. The forces to be feared now are computer geeks. A single person or just a few cyber-savvy individuals working together as a team now possess the power to bring… Read More
Gearing Up for the Holidays? So Are Cyber-Criminals
Article Reprint: http://risnews.edgl.com/retail-best-practices/Gearing-Up-for-the-Holidays–So-Are-Cyber-Criminals40304 The holidays typically are the peak season for merchants. Yet at such a critical time of year many retailers still leave themselves vulnerable to significant e-commerce fraud – and the corresponding lost revenue and damaged brand reputation — because they don’t enforce or implement information security best practices throughout the year. While… Read More
Certified in Risk and Information Systems Control (CRISC)
I’ve received a Certified in Risk and Information Systems Control (CRISC) certification number of 1000201. I personally believe that the CRISC will be the industry standard for risk management just as the CISSP has been for information security practitioners. I certainly recommend pursuing this certification.
Weekly Digest for April 1st
mdpeters New blog post: Weekly Digest for March 25th https://michaelpeters.org/?p=1370 [obDADkenobi]. mdpeters posted User:Imfrom51. mdpeters posted . mdpeters posted 5 items. Risk management plan File:ITRM-Lifecycle.jpg Compliance Risk management plan FISMA mdpeters New blog post: Now Reading: Irrefutable Laws of Leadership – 3 https://michaelpeters.org/?p=1376 [obDADkenobi].
Weekly Digest for March 11th
mdpeters New blog post: Weekly Digest for March 5th https://michaelpeters.org/?p=1324 [obDADkenobi]. mdpeters New blog post: Juris Doctor 77 of 215 https://michaelpeters.org/?p=1329 [obDADkenobi]. mdpeters posted Risk management. mdpeters posted It-governance. mdpeters posted 3 items. Risk management Risk Assessment and Treatment: Risk management
Need business to technology al…
Need business to technology alignment, information security, risk management, or some form of expert technology leadership? Look no further.
CIO Finance Summit Closure
It is always good to visit with the folks from CDM Media in Scottsdale Arizona. I was invited to participate in a CIO Panel Discussion titled: “Security, Encryption and Fraud: Future proofing the banking system and ensuring greater consumer protection.” Scott Crawford, Managing Research Director, Security & Risk Management with EMA moderated. Mike Kearn, ISO… Read More