Security Management Strategies for the CIOAccess "Collaboration with auditors will benefit information security programs"
This article is part of the November 2008 issue of Security researchers on biometrics, insider threats, encryption and virtualization
So it's coming up on the end of the calendar year (and for many, the fiscal year), which means it's time for one of the least favorite activities for security professionals. No, not budgeting, but audits. Yet rather than dread audits, we should actively look forward to them. Why? Because, to be frank, auditors as a rule get a lot more respect from the C-suite than we do. This means that auditors can be, and often are, our best chance to show what a good job we are doing and to get security projects funded. SOX 404, PCI and other regulations have only made this truer. Why do auditors have this advantage? They are viewed as independent observers who are supposed to report to executives in an unbiased manner using their controls as a metric. Most companies have two sets of auditors: internal auditors who help prep the company for the external audit, and external auditors who report their findings to the SEC. An open secret, however, is that most auditors as a rule want to help make your company and your security program better. Translation: the auditors are and... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
Diverse mobile devices changing security paradigm
Enterprises must develop more creative strategies for enabling business use of smartphones and PDAs, including those that cannot be fully managed and secured.
-
Layoffs, Mergers Put Focus on Data Protection
As banks fold, or are acquired, companies need to be vigilant about access controls and provisioning.
-
Host-based intrusion prevention addresses server, desktop security
HIPS is used for everything from traditional signature-based antivirus/antispyware and host firewalls to behavior analysis.
-
Product Review: Deepdive's DD300
Deepdive's DD300 appliance helps you identify and discover data on your network.
-
Security services: Fiberlink's MaaS360 Mobility Platform
The MaaS360 Mobility Platform service handles remote device updates, such as OS patches.
-
Product Review: Shavlik's NetChk Compliance
Shavlik's NetChk Compliance automates compliance and provides control by actively managing system and security settings and allows the IT manager to identify and mitigate risks.
-
Diverse mobile devices changing security paradigm
-
-
TrueCrypt an open source laptop encryption choice for SMBs
TrueCrypt eases security and privacy concerns. The open source security software encrypts a dedicated space on your hard drive, a partition or the whole disk, as well as removable storage devices.
-
Product Review: GuardianEdge Data Protection Platform
The GuardianEdge Data Protection Platform addresses the challenge of securing data wherever it resides, with centrally managed security on computers, mobile devices and portable storage.
-
Using a managed file transfer for secure data transmission, exchange
Managed file transfer (MFT) products meet the increasing security, compliance and operational demands of data in motion.
-
Security researchers leading way in biometrics, insider threats, encryption and virtualization
Carnegie Mellon University's CyLab is blazing trails in biometrics, insider threats, key exchange, virtualization and more.
-
Product Review: Symark PowerADvantage 1.5
Symark's Symark PowerADvantage allows Unix hosts to become member servers of an AD forest and leverage AD's centralized user management and authentication capabilities.
-
TrueCrypt an open source laptop encryption choice for SMBs
-
Columns
-
Poor development practices lead to continued security problems
Critical systems continue to fail because security specialists haven't established themselves as valuable professionals.
-
Maintaining a strong security program during a recession, layoffs
Learn to maintain security during tough economic times and budget cuts when big corporations such as Merrill lynch, Wachovia and Chase, B of A are doing layoffs.
-
Collaboration with auditors will benefit information security programs
Security professionals should appreciate their relationships with internal auditors, who by pointing out security areas that need improvement, head off failures with external auditors.
-
Interview: Former L0pht hacker and current Grand Idea Studio owner Joe Grand
Known as a hardware security wizard, Grand is now a sought-after trainer and one of the hosts of a new show on Discovery Channel called Prototype This! about building unusual projects on a tight budget and schedule.
-
Poor development practices lead to continued security problems
More Premium Content Accessible For Free
Next-generation firewalls play by new rules
E-Zine
Firewalls started their journey to the next generation at about the same time as the Star Trek TV series. While the products have advanced with ...
Developing your endpoint security management transition plan
E-Handbook
This TechGuide will help you develop your endpoint security management transition plan. Articles focus on overcoming the challenges of Web-based ...
Unlock new pathways to network security architecture
E-Zine
Network security architecture is showing its age at many organizations. With new technology, different data types, and use of multi-generations of ...