Home > IBM Governance and Risk Management Info Center

IBM Governance and Risk Management Info Center EMAIL THIS Learn how to align business goals and IT investments while reducing the risks and costs of operating a secure, resilient infrastructure. The Governance and Risk Management Information Center offers content on building, managing and enforcing a viable data governance framework. INFORMATION SECURITY GOVERNANCE from SearchSecurity.com Understand how best to ensure the tools, people and business processes your organization implements accurately meet your information security needs. Layer 8 FEATURE - Governance Benefit Editor's Desk FEATURE - Making the Grade On the Job FEATURE - 12 lessons they don't teach you in security school about being a CISO. VIEW ALL IN THIS TOPIC ENTERPRISE RISK MANAGEMENT from SearchSecurity.com Learn how to most effectively plan, organize, and control your organization's activities to minimize your capital and earnings risk. Layer8 FEATURE - Fad or For Real? Reworking Risk Policy FEATURE - POLICIES Whether you manage policies manually or use automated tools, it is imperative to get your policies and systems in sync. Security Blueprint FEATURE - A formalized security architecture diagrams how you should handle the changing threat and regulatory environments. VIEW ALL IN THIS TOPIC RISK ASSESSMENT AND ANALYSIS from SearchSecurity.com Discover strategies to help you define the steps, responsibilities, tools, standards, and processes, to determine what is and isn't acceptable risk for your organization. What role does information security play in enterprise fraud-prevention activities? EXPERT RESPONSE - When an enterprise is worried about fraud, where does the information security team step in? Security management expert Mike Rothman explains the role information security plays in enterprise fraud-prevention activities. Data risks take shine off Google Chrome ARTICLE - The Chrome Web browser is a platform for Google Apps and as end users adopt Chrome, companies could lose control of sensitive corporate data. PCI is about eliminating data, not securing it, former QSA says. ARTICLE - Former QSA turned Forrester analyst John Kindervag calls PCI a "communicable disease." Anything introduced to the network is in PCI scope if credit card systems aren't segmented. VIEW ALL IN THIS TOPIC RISK MANAGEMENT METRICS AND MEASURING RISK from SearchSecurity.com Consensus Controls project aims to set benchmarks for compliance ARTICLE - The Consensus Controls project aims to provide organizations with a peer review system for IT controls. CIS takes the measure of information security ARTICLE - The Center for Internet Security has released eight security metrics companies can use to measure their security programs and it plans to expand its list over the next year. Security of customer data, IP sustains security budgets ARTICLE - Protecting customer data, corporate intellectual property and other sensitive internal data, remains a priority in many corporate board rooms, a Forrester Research survey finds. VIEW ALL IN THIS TOPIC MANAGEMENT SUPPORT FOR INFORMATION SECURITY from SearchSecurity.com IT security not valued at many firms, study finds ARTICLE - A study conducted by research firm IDC found that IT security is seen as an obstacle to business innovation. How to get information security buy-in from the executive team TIP - When pitching security to the big bosses, it's important to brush up on public-speaking skills and lay out the case in advance. Mike Rothman gives his recommendations. What are the pre-requisites for implementing single sign-on (SSO) in an organization? EXPERT RESPONSE - Implementing single sign-on (SSO) in an enterprise involves many security considerations, and there are no universal protocals. Identity access management expert Joel Dubin gives his advice on implementation. VIEW ALL IN THIS TOPIC SECURITY AND CORPORATE MERGERS AND ACQUISITIONS from SearchSecurity.com How the China syndrome doomed 3Com merger deal ARTICLE - The national security anxieties that caused the collapse of a merger deal between 3Com, Bain Capital and a Chinese company were warranted, most industry experts say. What are the pros and cons of outsourcing email security services? EXPERT RESPONSE - In this SearchSecurity.com Q&A, application security expert Michael Cobb explains whether it's right for your organization to hand off email security services to another provider. Cisco users upbeat about security direction ARTICLE - Cisco customers say the vendor's security strategy is headed in the right direction, which is why they believe the networking giant's IronPort integration will be smooth sailing. VIEW ALL IN THIS TOPIC INFORMATION SECURITY LAWS, INVESTIGATIONS AND ETHICS from SearchSecurity.com Anti-cybercrime legislation sent to president ARTICLE - New legal provisions tackle botnets and give law enforcement more tools to fight online crime. DHS should lose cybersecurity authority, experts say ARTICLE - A group of security and policy experts told a House subcommittee Tuesday that cybersecurity should move from DHS to the White House. Security Certifications' Ethics Programs Merely Window-Dressing FEATURE - Professional information security organizations' efforts to improve their ethics programs only dress up an ugly situation. VIEW ALL IN THIS TOPIC INFORMATION SECURITY POLICIES, PROCEDURES AND GUIDELINES from SearchSecurity.com Perspectives FEATURE - Conditioned for Success Layer 8 FEATURE - Control Quagmire Perspectives FEATURE - Page Through This Library VIEW ALL IN THIS TOPIC ACCEPTABLE USE POLICY from SearchSecurity.com Can DHCP be used to selectively block instant messaging clients? EXPERT RESPONSE - Restricting instant messaging use has been a significant security challenge for organizations, but will DHCP help solidfy an IM policy? In this SearchSecurity.com Q&A, Michael Cobb explains which access control mechanisms are ... Can watching online videos present enterprise security risks? EXPERT RESPONSE - In this SearchSecurity.com Q&A, security expert Mike Rothman unveils what security risks, if any, are presented by Internet video and radio. What are the best security practices to consider when developing a corporate blog? EXPERT RESPONSE - Creating a corporate blog can sensitize your corporation to attacks or information theft. In this SearchSecurity.com Q&A, security expert Mike Rothman unveils the best practices to consider when developing a blog for your ... VIEW ALL IN THIS TOPIC CREATING AND MANAGING INFORMATION SECURITY POLICIES from SearchSecurity.com IT security not valued at many firms, study finds ARTICLE - A study conducted by research firm IDC found that IT security is seen as an obstacle to business innovation. IAM best practices for employees with varying degrees of access to the same computer EXPERT RESPONSE - Protecting access to a single PC with multiple users can be a daunting task, but there are some security best practices to consider. Sound compliance policies, practices reduce legal costs ARTICLE - Results of a recent survey show that if large enterprises adhere to compliance best practices, they can significantly trim what they spend on legal fees. VIEW ALL IN THIS TOPIC DEVICE SECURITY POLICY from SearchSecurity.com How can organizations secure implanted microchips and RFID tags? EXPERT RESPONSE - RFID tages and implanted microchips provide excellent tracking technolgies, but what security risks do they involve? Security management expert Mike Rothman weighs in. Finding lost notebooks with 'LoJack for laptops' EXPERT RESPONSE - LoJack software can be helpful in retrieving stolen laptops, but there may be a better way. Security management expert Mike Rothman explains the pros and cons. iPhone security in the enterprise: Mitigating the risks TIP - In this tip, Ed Skoudis examines iPhone-specific attacks and reveals how organizations can limit their exposure as the popular devices infiltrate the enterprise. VIEW ALL IN THIS TOPIC REMOTE ACCESS POLICY from SearchSecurity.com What are the dangers of Web-based remote access systems? EXPERT RESPONSE - Identity management and access control expert Joel Dubin discusses the security risk associated with using Web-based remote access systems, such as LogMeIn and GoToMyPC. The dangers of granting system access to a third-party provider TIP - In this tip, security expert Joel Dubin discusses the potential threats involved with granting access to a third-party provider and examines solutions for avoiding these dangers. What are the potential risks of giving remote access to a third-party service provider? EXPERT RESPONSE - In this SearchSecurity.com Q&A, identity management and access control expert Joel Dubin discusses the potential risks involved with providing remote access to a third-party service provider. VIEW ALL IN THIS TOPIC INFORMATION SECURITY STANDARDS from SearchSecurity.com Layer 8 FEATURE - Security by Numbers Data Encryption Standard WORD - Data Encryption Standard (DES) is a widely-used method of data encryption using a private (secret) key that was judged so difficult to break by the U.S. government that it was restricted for exportation to other countries. ... VIEW ALL IN THIS TOPIC ISO 17799 from SearchSecurity.com Is the Trusted Computer System Evaluation Criteria (TCSEC) still relevant for assessing security controls? EXPERT RESPONSE - Is the Orange Book still the be-all and end-all for assessing security controls in the enterprise? Security management expert Mike Rothman explains what happened to the Orange Book, and the Common Criteria for Information ... GRC: Over-Hyped or Legit? FEATURE - Governance, risk and compliance (GRC) is being used as a catch-all phrase for most information security strategies and tagged onto various products, adding even more confusion in the market as to what it truly means or ... Mix of Frameworks and GRC Satisfy Compliance Overlaps FEATURE - Three organizations reveal how they use a combination of frameworks such as COBIT or ISO 27001 along with GRC tools satisfy overlapping industry and federal regulatory demands. VIEW ALL IN THIS TOPIC COBIT from SearchSecurity.com Is the Trusted Computer System Evaluation Criteria (TCSEC) still relevant for assessing security controls? EXPERT RESPONSE - Is the Orange Book still the be-all and end-all for assessing security controls in the enterprise? Security management expert Mike Rothman explains what happened to the Orange Book, and the Common Criteria for Information ... GRC: Over-Hyped or Legit? FEATURE - Governance, risk and compliance (GRC) is being used as a catch-all phrase for most information security strategies and tagged onto various products, adding even more confusion in the market as to what it truly means or ... Mix of Frameworks and GRC Satisfy Compliance Overlaps FEATURE - Three organizations reveal how they use a combination of frameworks such as COBIT or ISO 27001 along with GRC tools satisfy overlapping industry and federal regulatory demands. VIEW ALL IN THIS TOPIC SECURITY AUDIT from SearchSecurity.com Screencast: How to use Nipper to create network security reports TIP - Peter Giannoulis of The Academy.ca demonstrates how to use Nipper, a free open source network infrastructure parser tool. What's the latest on efforts to develop a common logging and audit standard? EXPERT RESPONSE - As many people believe a common logging and audit standard is imminent, what steps are being taken to create one? Identity and access management expert Joel Dubin gives his thoughts. Version 1.2 of Payment Card Industry (PCI) Data Security Standard answers questions, raises others TIP - Clarifications to terminology and requirements are coming in PCI DSS version 1.2. Diana Kelley details the changes in version 1.2 and what they will mean for your organization. VIEW ALL IN THIS TOPIC SECURITY MANAGEMENT from SearchSecurity.com On The Radar FEATURE - Help from the Government In MSSPs We Trust FEATURE - Regulatory and cost-cutting pressures are forcing enterprises to reexamine the value of managed security services. Warning Lights FEATURE - Evolving risk dashboards will tell how secure you are and when something's wrong. VIEW ALL IN THIS TOPIC DISASTER RECOVERY AND BUSINESS CONTINUITY PLANNING from SearchSecurity.com Perspectives FEATURE - Pandemic Pitfalls Don't Wait for Disaster FEATURE - Security managers are covering their bases to curb the effects of an avian flu pandemic. We look at what some are doing.