You Can’t Manage What You Can't Measure: Tips to Help You Build an Information Security Measurement Program

8989833_s

8989833_sThere’s a mantra in the business world that says “You can’t manage what you can’t measure” and no truer words have ever been spoken in information security. Building an information security metrics program is not glamorous, but it’s an invaluable tool to help measure and visualize KPI’s (Key Performance Indicators) to help you improve security across the organization. By displaying the evidence in an objective manner to your selected key stakeholders you will be able to get your point across regarding risks, areas of improvement and highlight the company’s achievements in protecting the organization.

Read more on You Can’t Manage What You Can't Measure: Tips to Help You Build an Information Security Measurement Program…

Dont Know How to Stay on Top of Corporate Security Policy Compliance? Start by Baselining your Environment

Homer-Simpson

Homer-SimpsonFor many IT security professionals, compliance goes way beyond meeting regulatory standards. Increasingly, many companies, particularly those in the financial sector, have taken a harder stance and require compliance with their own stricter corporate security standards and industry best practices to minimize the risk of cyber-attacks. These corporate standards are often updated following a well-publicized security breach—which means that lately there have been a lot of updates.

Read more on Dont Know How to Stay on Top of Corporate Security Policy Compliance? Start by Baselining your Environment…

Reaching for Cloud Nine: Tips to Help You Prepare to Launch Business Applications to the Cloud

reaching for cloud

reaching for cloudAccording to a recent survey, two thirds of organizations are currently deploying or planning to deploy business applications on a public cloud infrastructure. If your organization is among them consider this: two-thirds of the organizations we surveyed are struggling to figure out how to extend their security policy across the hybrid environment. It a little daunting, right?

Read more on Reaching for Cloud Nine: Tips to Help You Prepare to Launch Business Applications to the Cloud…

Don't Get Lost in Translation: Tips to Understand Your NAT When Managing Firewall Rules

Lost in translation

Lost in translationA business owner makes a simple change request in order to allow traffic to a new application. You now need to figure out the right firewall rules to change. This should be pretty simple… but what if you’re using NAT (Network Address Translation) in your environment?

Read more on Don't Get Lost in Translation: Tips to Understand Your NAT When Managing Firewall Rules…

Security is Not Just Technology: 4 Tips to Secure Your Enterprise Without Technology

human link

human linkThe recent spate of breaches and outages at leading retailers and financial institutions has placed the spotlight firmly on security at most enterprise organizations.

But while CIOs and CISO are focused on selecting the right technologies to help detect and contain attacks before they can do any damage, there are a bunch of things you can and should do to harden your security posture that don't directly involved technology. Here are 4 tips:

Read more on Security is Not Just Technology: 4 Tips to Secure Your Enterprise Without Technology…

Look Before You Leap: Tips to Help You Manage Your Security Policy Across a Hybrid Cloud Environment

giantleap

giantleapThis situation may sound familiar – your CEO, CIO, or another executive outside of the security organization summons you to a meeting. “We have decided to move [Enter unreasonable number here] of our business applications to the public cloud by [Enter impossible timeframe here] he announces. “And don’t tell us that security is an issue in the cloud – [Enter name of high-profile competitor here] has already saved millions of dollars by moving to the cloud – so do what you need to do make sure we are secure”.

Read more on Look Before You Leap: Tips to Help You Manage Your Security Policy Across a Hybrid Cloud Environment…