PRO+ Premium Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
January 2009

Security steering committee force CISOs to connect with the business

Not long ago, the smart people at Carnegie Mellon University's CyLab security research and education center wrote a report on the disconnect between senior management, boards of directors, and those responsible for information security in the enterprise. The results were disturbing because they pointed out how little oversight executives and board members have over security, how unaware directors are of security and privacy budgets, and roles and responsibilities. Among a long list of recommendations coming out of the CyLab Governance and Enterprise Security report was the need to include IT risk in an enterprise risk management program, segregate responsibility for security oversight away from audit committees, and establish a separate risk committee that assesses enterprise risks, including IT risks. Also tucked away on the list was the suggestion to establish a cross-organizational entity that meets regularly to discuss security and privacy issues and include on that team, among others, legal, finance, HR, public relations, ...

Access this PRO+ Content for Free!

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Features in this issue

  • Product Review: Cenzic Hailstorm Enterprise ARC 5.7

    Web application security has moved from a niceto- have to a must-have requirement, for data protection and compliance. Cenzic's Hailstorm, which we last reviewed in 2005, reflects the growth in the depth and maturity of Web application vulnerability assessment software.

  • Product Review: GoldKey Secure USB Token

    The GoldKey Secure USB Token works with Windows and Macintosh operating systems to provide a secure place to stash encryption keys for virtual disks. By keeping encryption keys on a small, removable USB token, GoldKey simplifies the task of locking away important information on laptops and encourages good security behaviors.

  • Product Review: Hedgehog Enterprise 2.2

    Eight years after the release of Microsoft SQL 2000, we're still looking for help from bolt-on security product vendors to harden and protect critical production database servers. Sentrigo's Hedgehog Enterprise 2.2 is designed to monitor and protect against known and unknown database threats.

Columns in this issue