Access "Layer 8: The security governance myth"
This article is part of the January 2005 issue of How security pros can benefit from information sharing
The unified business approach to security is creating better risk management. Is all the current fuss about governance making our lives easier or better? Can we really expect new regulations to force businesses to become as secure as we think they should be? I'm skeptical about the utility of government processes that are created to save business from itself; however, whether it's regulations like Sarbanes-Oxley or standards like COBIT and ISO 17799, the governance movement, driven by both internal initiatives and government mandates, has encouraged--if not forced--security to align itself with business philosophy, operations and objectives. Security is finally becoming part of a unified framework that shares goals, methods and vocabulary with the rest of the enterprise. Governance improves security's ability to communicate and expands the opportunity for sharing lessons learned. This is good for us and good for business. From the security pro's perspective, this unified corporate framework promulgates two primary agendas: risk management and transparency. ... Access >>>
Premium Content for Free.
You're just plugging holes if you don't have the right processes and policies.
The Sky's the Limit
What security technology do you need that you can't get today? Here's your wish list.
Content Filtering: Websense Enterprise 5.5
Websense's Enterprise 5.5
Authentication: RSA SecurID 6.0 for Windows
RSA Security's SecurID 6.0 for Windows
Seattle CISOs Ernie Hayden and Kirk Bailey are pioneering a new level of trust and cooperation to secure their enterprises.
Hot Pick: F5 Networks' FirePass 4100 Series
F5 Networks' FirePass 4100 Series
- Vulnerability Mismanagement
Antispyware: Webroot Software's Spy Sweeper Enterprise
Webroot Software's Spy Sweeper Enterprise
Secure Reads: Gray Hat Hacking
Gray Hat Hacking: The Ethical Hacker's Handbook
Recent Releases: Security product briefs, January 2005
Learn about the information security products released in January 2005.
by Steven Weil, Contributor
Avinti's iSolation Server 1.1
The Myths of Security
The ancient Greeks spun myths to explain the unexplainable. Modern enterprises use commonly held myths as a foundation for security.
Key to the World
SAML's portable trust makes federated identity work.
- Antispyware: Webroot Software's Spy Sweeper Enterprise
Logoff: Government tosses pennies toward information security
Death by a Thousand Cuts
Editor's Desk: Remembering the dearly departed
Built to Sell
Layer 8: The security governance myth
Perspectives: Walk in management's shoes
One security manager describes his experience with a management program that helped him understand how to align security with business objectives.
- Logoff: Government tosses pennies toward information security
More Premium Content Accessible For Free
Despite the enormous concerns around cloud security, many information security professionals remain on the sidelines when it comes to their ...
Not only is modern malware getting more prevalent and sophisticated, it's also now focusing on a broader array of targets. Attackers would still love...
IT Decision Center
Learn how to evaluate your potential vendor's UTM product and its ability to meet your specific business requirements.