Compliance and risk management aren’t the same, but they are closely aligned with one another. Companies operating with IT and data-intensive technologies and industries must attend to the reality that risk of breach, damage, or data loss exists in their system and that they will almost always have to manage the balance between optimized business… Read More
As compliance costs skyrocket, standards grow increasingly complex, and the cyber threat environment evolves, organizations are turning to RegTech solutions to automate their compliance processes and improve their overall cybersecurity posture. Compliance with regulatory and industry standards, such as HIPAA, PCI DSS, FedRAMP, and SSAE 16 SOC reporting, are a burdensome yet necessary part of… Read More
With a show of those virtual hands, who has been notified by their credit card company about their personal information being exposed to cyber-crime? Now, with a show of those virtual hands; who has never been notified? If you think the problem is that cyber criminals are too good; you are mistaken. The problem is… Read More
The convergence is upon us all; this influx of technology intermingled with information infused now in every possible facet of our business and personal lives. We live in the presence of infinite possibilities through technology. Business is being propelled into new trajectories never before possible. Out social spheres and human interpersonal interactions have all been… Read More
You’ve see it in the news all too frequently now in our technologically interconnected world; companies are being breached seemingly at-will by hackers, malicious insiders, competing company entities, and nation states. The terrible truth is that companies and consumers are losing the battle. The cost of these breaches is rising as consumers are beginning to… Read More
I was presented with a question this week that I thought was worth sharing. The question was “What you think information security executives will need to be focused on in the next 2 to 3 years in order for their organizations to be successful?” I responded with these tasks-concepts that security executives must embrace: Collaboration… Read More
Still the best source for security, cyberspace law and IT risk management! The HORSE Project now has its own Android app. Now there is an Android app to help you take it with you. Access premium downloadable content, guidance, tools, frameworks, and other content right from your Android device. Find it here in the Google Play… Read More
The analysis in this article is consistent with my research to date and I thought it worth sharing. I would suggest however that given the input from one of the largest audit firms creates a scenario that I refer to as the “Self-Licking Ice Cream Cone” and should be objectively consumed. It is quite ironic… Read More
The Security Trifecta is a comprehensive and innovative approach to holistic security, risk, governance and privacy coverage for the enterprise. Because the methodology is universally applicable and ultimately sustainable, it has become the perfect model for any size organization regardless of business concentration. In fact, the more critical, the more regulated, the more sensitive the… Read More
I attended the 2012 Louisville Metro InfoSec Conference, now in it’s 10th year, as keynote speaker. The conference is a function of the ISSA Kentuckiana Chapter currently led by Randall Frietzche. Once again, they are pushing the capacity of the venue space due to the increasing popularity of this important conference. On a personal note,… Read More
PenTest Magazine just released their latest issue and my article, Risky Business: IT Security Risk Management Demystified is included. You may find it here and also directly from the publisher here. Enjoy!
I recently wrote an article about IT risk management and created several illustrations. One in particular stands by itself in terms of depicting a holistic view of the whole risk management life cycle in a critical path method model which I thought would be worth sharing. It would be useful to your ISO 27005 or… Read More
It is frequently in the news. Reports have been written. Punitive and compensatory damages have been awarded. Companies around the globe have been challenged to find the resources required to comply with the Payment Card Industry Data Security Standard (PCI DSS). The prime PCI DSS objective is to protect cardholder data. The prime objective of… Read More
Cyber-espionage and Cyber-warfare poses the greatest threat to our society today. No longer are massive militarized forces with the most advanced weaponry the force to fear. The forces to be feared now are computer geeks. A single person or just a few cyber-savvy individuals working together as a team now possess the power to bring… Read More
Article Reprint: http://risnews.edgl.com/retail-best-practices/Gearing-Up-for-the-Holidays–So-Are-Cyber-Criminals40304 The holidays typically are the peak season for merchants. Yet at such a critical time of year many retailers still leave themselves vulnerable to significant e-commerce fraud – and the corresponding lost revenue and damaged brand reputation — because they don’t enforce or implement information security best practices throughout the year. While… Read More
I’ve received a Certified in Risk and Information Systems Control (CRISC) certification number of 1000201. I personally believe that the CRISC will be the industry standard for risk management just as the CISSP has been for information security practitioners. I certainly recommend pursuing this certification.
mdpeters New blog post: Weekly Digest for March 25th https://michaelpeters.org/?p=1370 [obDADkenobi]. mdpeters posted User:Imfrom51. mdpeters posted . mdpeters posted 5 items. Risk management plan File:ITRM-Lifecycle.jpg Compliance Risk management plan FISMA mdpeters New blog post: Now Reading: Irrefutable Laws of Leadership – 3 https://michaelpeters.org/?p=1376 [obDADkenobi].
mdpeters New blog post: Weekly Digest for March 5th https://michaelpeters.org/?p=1324 [obDADkenobi]. mdpeters New blog post: Juris Doctor 77 of 215 https://michaelpeters.org/?p=1329 [obDADkenobi]. mdpeters posted Risk management. mdpeters posted It-governance. mdpeters posted 3 items. Risk management Risk Assessment and Treatment: Risk management
Need business to technology alignment, information security, risk management, or some form of expert technology leadership? Look no further.
It is always good to visit with the folks from CDM Media in Scottsdale Arizona. I was invited to participate in a CIO Panel Discussion titled: “Security, Encryption and Fraud: Future proofing the banking system and ensuring greater consumer protection.” Scott Crawford, Managing Research Director, Security & Risk Management with EMA moderated. Mike Kearn, ISO… Read More