Home
Topics
Information Security Management
Enterprise Risk Management: Metrics and Assessments

Dan Geer: Internet dependency raises risk

Luminary Dan Geer says IT infrastructure risk can be reduced by boosting Internet resiliency and by planning backup processes should the Net go down.
Panel urges new security focus, less product dependence

Blunt experts at InfoSec World said enterprise IT security strategy often misses the mark, but some attendees suggested the experts are out of touch.
Manage the compliance cycle, reduce compliance fatigue

Too often, organizations jam all their compliance tasks into the quarter when the audit is due. Read advice for reducing compliance fatigue.
How SMBs can recover from a hacked bank account

RSA Conference 2012 panelists discussed court rulings on liability for hacked bank accounts, and gave advice to security pros for protecting financial assets.

Enterprise Risk Management: Metrics and Assessments

Essential Knowledge
News
Tips
Expert Advice
Multimedia
All

Email Alerts

Register now to receive SearchSecurity.com-related news, tips and more, delivered to your inbox.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Risk Management

guide
Eye On IT Security

guide
Readers' Choice Awards 2011

null
Quiz: Building a compliance scorecard

How much have you learned about building a compliance scorecard? Find out with this short quiz. Quiz
The New School of Information Security

In this chapter excerpt from "The New School of Information Security," authors Adam Shostack and Andrew Stewart explain why the use and abuse of security language calls for a fresh and innovative way of thinking. Book Chapter: Windows Vis
Quiz: Building a risk-based compliance program

A five-question multiple-choice quiz to test your understanding of Richard Mackey's Compliance School lesson. Quiz
Quiz: Developing a risk-based compliance program

A five-question multiple-choice quiz to test your understanding of the content presented by expert Richard Mackey in this lesson of SearchSecurity.com's Compliance School. Quiz
Security Metrics: Replacing Fear, Uncertainty, and Doubt

In this chapter excerpt from "Security Metrics: Replacing Fear, Uncertainty and Doubt," author Andrew Jaquith reveals ways to present security data in a clean and elegant manner. Book Chapter
Endpoint Security

Read an excerpt from the book, Endpoint Security. In Chapter 3, "Something is Missing," author Mark S. Kadrich reveals a new way of modeling the network. chapter excerpt
Risk management: Data organization and impact analysis

This first article of the Insider Threat Management Guide explains how to data organization is the first step in implementing insider threat controls. Learning Guide
See More: Essential Knowledge on Enterprise Risk Management: Metrics and Assessments

Geer: More redundancy, manual processes can cut IT infrastructure risk

Luminary Dan Geer says IT infrastructure risk can be reduced by boosting Internet resiliency and by planning backup processes should the Net go down. News | 19 Apr 2012
Industry is doomed by automation, misguided IT security strategy, experts warn

Blunt experts at InfoSec World said enterprise IT security strategy often misses the mark, but some attendees suggested the experts are out of touch. News | 04 Apr 2012
How to manage the compliance cycle to improve your compliance strategy

Too often, organizations jam all their compliance tasks into the quarter when the audit is due. Read advice for reducing compliance fatigue. News | 06 Mar 2012
More than hype: Security big data helps bank to boost security program

At RSA Conference 2012, Zions Bancorporation detailed how it harvested security big data using a Hadoop-based security data warehouse. News | 01 Mar 2012
Can SMBs sue their bank and recover losses from a hacked bank account?

RSA Conference 2012 panelists discussed court rulings on liability for hacked bank accounts, and gave advice to security pros for protecting financial assets. News | 01 Mar 2012
Longstanding network security problems plague enterprises, Trustwave finds

While organizations focus on mobile security and other emerging threats, an analysis of more than 2,000 penetration tests conducted by Trustwave found older threats often overlooked. News | 07 Feb 2012
Developing IT risk management decision-making criteria an ongoing challenge

Even the most mature organizations are using multiple risk-management frameworks and various processes to make risk-based decisions. News | 04 Oct 2011
Top five themes from Gartner Security Summit 2011

Eric B. Parizo discusses the top themes from the 2011 Gartner Security & Risk Management Summit, including the rediscovery of enterprise risk management. Column | 23 Jun 2011
Forrester: The simple, two-year plan for security program maturity

Forrester analyst Khalid Kark said a good information security program starts with a risk assessment. Article | 17 Sep 2010
IBM to acquire OpenPages for GRC, operational risk management

OpenPages will be integrated with IBM's business analytics software portfolio. Article | 15 Sep 2010
See More: News on Enterprise Risk Management: Metrics and Assessments

How to implement an enterprise threat assessment methodology

Learn how incorporating an assessment of external threats can increase the accuracy and comprehensiveness of risk assessments. Tip
Building a compliance culture means learning from mistakes

In this bonus to our "Compliance scorecard" Security School lesson, Eric Holmquist covers the importance of learning from failure by assessing how and why mistakes happen. Tip
How to write an effective enterprise mobile device security policy

Expert Lisa Phifer explains the process for creating a winning enterprise mobile device security policy that reduces the risk of mobile data threats. Tip
Remediating IT vulnerabilities: Quick hits for risk prioritization

There's no way to eradicate all IT vulnerabilities, but spotting the most critical ones is essential. Read these quick hits for risk prioritization. Tip
Forrester: Developing an enterprise risk assessment template

Despite skeptics, an enterprise risk assessment template is worth investing in. Forrester’s Chris McClean explains why and how to get started. Tip
Defining enterprise security best practices for self-provisioned technology

Is your current enterprise security policy ready for mobile and cloud computing technology? Probably not, but it can be: Forrester's Chenxi Wang explains how. Tip
Understanding SCAP NIST guidance and using SCAP tools to automate security

The Security Content Automation Protocol (SCAP) is intended to help automate vulnerability management, but is it really effective? Learn how NIST guidance can help you navigate an SCAP implementation. Tip
Creating a compliance culture to boost infosec compliance and risk management

Creating a culture of compliance takes time, but expert Eric Holmquist offers five time-tested tactics to help break down cultural barriers to improve information security risk and compliance management. Tip
Linux security best practices for Linux server systems

Linux servers are used throughout many enterprises, and their security posture shouldn't be overlooked. In this tip, King Ables discusses risk assessment pointers for Linux server systems. Tip
SOC 2.0: Three key steps toward the next-generation security operations center

According to Forrester Research, traditional security operations are no longer practical. Forrester's John Kindervag discusses the new model, SOC 2.0, why it's important, and how to make it happen. Tip
See More: Tips on Enterprise Risk Management: Metrics and Assessments

Network security metrics: Basic network security controls assessment

Get advice on how to devise appropriate network security metrics for your enterprise from expert Mike Chapple. Answer
How to protect intellectual property from hacker theft

More hackers are targeting corporate IP over SSNs and card data. Expert Nick Lewis explains how to protect intellectual property in the enterprise. Answer
Merger management: How to handle potential merger threats to security

During a merger, management of information security becomes even more crucial in order to mitigate threats, including the many new insiders and attentive attackers that want to take advantage of holes in the companies' infosec integration. Ask the Expert
Perform a Windows Active Directory security configuration assessment

How secure is your configuration of Active Directory? Learn how to perform a security configuration assessment on such a directory in this expert response . Ask the Expert
Creating a security risk management plan format

Enterprises without a codified risk management plan are much more susceptible to threats. In this expert response from Ernie Hayden, learn how to create a risk management plan that covers all the bases. Ask the Expert
How to determine the net value of an asset for risk impact analysis

Asset valuation and impact analysis are two different but equally important aspects of risk analysis. Expert Ernie Hayden explains. Ask the Expert
Gap analysis methodology for IT security and compliance

If your enterprise is faced with multiple-standard compliance, having a set gap analysis methodology can save a lot of time and effort. Learn more in this expert response from Ernie Hayden. Ask the Expert
Risk prioritization: DLP for data loss or laptop full disk encryption?

With a limited IT security budget, it's often necessary to undergo risk prioritization and make difficult choices. In this expert response, Ernie Hayden discusses whether it's better to deploy a DLP tool for data loss or laptop full disk encryption. Ask the Expert
Electronic access control system and biometrics authentication

Biometrics authentication and an electronic access control system can be closely related, but they're not the same thing. In this IAM expert response, Randall Gamby explains the difference. Ask the Expert
How to perform an enterprise risk analysis

Some IT security best practices might not be right for your enterprise. In this expert response, learn how to perform an enterprise risk assessment and analysis to determine which of your resources are at risk and how to protect them. Ask the Expert
See More: Expert Advice on Enterprise Risk Management: Metrics and Assessments

Exploit Intelligence Project: Rethinking information security threat analysis

Information security threat analysis is fundamentally flawed, said Dan Guido of iSEC Partners. He says the Exploit Intelligence Project hopes to change that. Video
Gartner Security Summit attendees on IT security, government issues

When managing IT security, government infosec pros face unique risks. Check out these Q&As from the 2011 Gartner Security & Risk Management Summit. Video
Jim Lewis on cyberwarfare, secure infrastructure collaboration

In this video, the director of the Center for Strategic and International Studies discusses cyberwar and the need for collaborative infrastucture protection. Video
CISO interview: Choosing enterprise risk management policy

In this video interview from RSA Conference 2011, CISO Scott Sysol discusses his organization's enterprise risk management policy on various emerging technologies. Video
The future of hacking: Dealing with the underground economy

How is the underground economy evolving, and what can security practitioners do to anticipate and respond to future threats? In this Face-off video, Hugh Thompson and Adam Shostack discuss the best options. Video
Face-off: Information security management metrics

Are metrics useful, or do they just distract security pros from the real issues at hand? In this video, Hugh Thompson and Adam Shostack discuss the necessity of metrics. Video
Security risk factors: Business partner security and pandemic planning

In this exclusive interview, Sara Santarelli gives tips on how to deal with the risks posed by business partners and possible pandemics, and how to assess your enterprise's exposure to these risks. Video
Schneier-Ranum face-off part 5: Security metrics

In part 5 of this face-off series, filmed at ISD 09, Bruce Schneier and Marcus Ranum give their takes on the most (and least) effective security metrics. Video
How to detect and respond to money laundering

Money laundering, by its very nature, is difficult to detect, but expert Eric Holmquist gives advice on how to spot it and how to respond. Video
Countdown: Top 5 most important questions to ask endpoint security vendors

After the endpoint security assessment is over and it's time to go talk to vendors, how can you tell between a song and a dance, and what you can truly expect out of a product? Podcasts
See More: Multimedia on Enterprise Risk Management: Metrics and Assessments

Geer: More redundancy, manual processes can cut IT infrastructure risk

Luminary Dan Geer says IT infrastructure risk can be reduced by boosting Internet resiliency and by planning backup processes should the Net go down. News
Industry is doomed by automation, misguided IT security strategy, experts warn

Blunt experts at InfoSec World said enterprise IT security strategy often misses the mark, but some attendees suggested the experts are out of touch. News
How to manage the compliance cycle to improve your compliance strategy

Too often, organizations jam all their compliance tasks into the quarter when the audit is due. Read advice for reducing compliance fatigue. News
More than hype: Security big data helps bank to boost security program

At RSA Conference 2012, Zions Bancorporation detailed how it harvested security big data using a Hadoop-based security data warehouse. News
Can SMBs sue their bank and recover losses from a hacked bank account?

RSA Conference 2012 panelists discussed court rulings on liability for hacked bank accounts, and gave advice to security pros for protecting financial assets. News
Longstanding network security problems plague enterprises, Trustwave finds

While organizations focus on mobile security and other emerging threats, an analysis of more than 2,000 penetration tests conducted by Trustwave found older threats often overlooked. News
How to implement an enterprise threat assessment methodology

Learn how incorporating an assessment of external threats can increase the accuracy and comprehensiveness of risk assessments. Tip
Building a compliance culture means learning from mistakes

In this bonus to our "Compliance scorecard" Security School lesson, Eric Holmquist covers the importance of learning from failure by assessing how and why mistakes happen. Tip
How to write an effective enterprise mobile device security policy

Expert Lisa Phifer explains the process for creating a winning enterprise mobile device security policy that reduces the risk of mobile data threats. Tip
Exploit Intelligence Project: Rethinking information security threat analysis

Information security threat analysis is fundamentally flawed, said Dan Guido of iSEC Partners. He says the Exploit Intelligence Project hopes to change that. Video
See More: All on Enterprise Risk Management: Metrics and Assessments

About Enterprise Risk Management: Metrics and Assessments

Get the help you need with your enterprise risk assessments, analysis and management framework. Learn the steps, assign roles and responsibilities, find the right tools, make use of standards and automate the process, plus decide what is and isn't acceptable risk.

Latest Headlines

Featured

Topics

Hot Topics

Advice & Tutorials

Technology Dictionary

Tips

Answers

Ask a Question

Research Library

Product Demos

Resource Centers

Blogs

Enterprise Risk Management: Metrics and Assessments

Email Alerts

About Enterprise Risk Management: Metrics and Assessments

More from Related TechTarget Sites