Tue, January 31, 2012 - Michael Santarcangelo explains that by evading difficult issues, we actually increase our risk

Wed, November 30, 2011 - Security looks at operational risk, but most big companies have officers called risk managers who actually buy insurance policies for the company. What's on their minds? If you run a security operation, you should know, because your work and their work are intertwined.

Mon, November 07, 2011 - It's probably no big surprise to any of you, but the effectiveness of your organization's risk-management endeavors is directly related to your ability to navigate the quagmire known as corporate politics.

Tue, November 01, 2011 - Akamai Technologies CSO Andy Ellis talks about some of the things organizations need to consider in order to better manage risk.

Fri, October 28, 2011 - Woodforest National Bank implements a replication system for its virtualized data center in the Gulf Coast

Wed, October 05, 2011 - Even in the face of costly and embarrassing corporate security breaches, one in four companies fails to conduct any IT risk assessment. And 42% say there are areas of their information technology audit plans that cannot be addressed because of a lack of resources and expertise.

Tue, August 30, 2011 - The development of the world's largest single-file name data repository could help predict weather and prevent overhyping of hurricanes like Irene.

Tue, August 30, 2011 - I thought we could examine a recent theme in a little more detail this month: the challenges of dealing with the consumerization of IT devices in the workplace. We recently completed a study, in partnership with Symantec, that looked at the security and compliance risks of a mobile workforce. It affirmed what I've believed for a long time, namely, that there is a consensus that mobile workers pose a great risk and that, for the most part, businesses are not prepared to mitigate that risk.

Mon, August 22, 2011 - Why Portland General Electric deployed Security Information and Event Management (SIEM) technology and what they've been able to accomplish as a result.

Fri, August 19, 2011 - Recent cases of IT workers who turn against their companies and destructively shut down networks for days provide lessons for how businesses can work to prevent similar attacks.

Mon, July 18, 2011 - I've been an architect on some complex applications and I have a significant concern about assessing architectural risk for public/private cloud applications. Traditional risk assessments focus on external/internal access to confidential information like social security numbers, credit card number, and for banks PINs for the ATMs. Access controls and network protection are high priorities because they suppress the risk.

Thu, June 23, 2011 - The role of the corporate finance department is moving more deeply into the areas of financial risk management, performance management, and enhanced nonfinancial and statistical reporting, according to new survey titled the "Finance Capabilities and Needs Survey." That is in addition to the better-understood missions that involved dealing with numerous changes in accounting regulations.

Mon, June 13, 2011 - Last year, administrators in the City of Winter Park, Fla., realized they had a serious compliance risk in their police department. The FBI's Criminal Justice Information Services Division has regulations that call for tight access controls for records. However, many officers share workstations and, therefore, also share passwords. The solution, they realized, was to deploy fingerprint scanners that would enable individual authentication.

Tue, June 07, 2011 - IT outsourcing is on the rise and for good reason. There are notable benefits associated with it such as gaining greater flexibility in meeting customer demands regionally or nationally, changing fixed costs to variable costs, extending expertise beyond internal resources, improving risk management and so on.