From mobile devices to social media and cloud computing, IT governance is all about risk management. "You can't de-risk everything, but you can de-risk the majority of circumstances you will see in normal operations," says governance expert Robert Stroud.
Auditors find that the SEC's IT office documented and incorporated National Institute of Standards and Technology patch requirements in its policies and procedures but that guidance wasn't always followed.
"Managing risk with regard to information systems and security sometimes doesn't go to the highest levels and that's why the risk framework is a way to get senior leaders involved early in the process," NIST senior computer scientist Ron Ross says.
Looking ahead to the new year, Kristin Lovejoy of IBM says information security organizations face a host of global compliance issues - and the complexity of this challenge may be the biggest task of 2011.
Governance, risk and compliance - GRC - are priorities for information security leaders of all organizations. And these priorities have only been underscored by the economic recession and elevated scrutiny of businesses and government agencies.
Governance, risk and compliance - GRC - are priorities for information security leaders of all organizations. And these priorities have only been underscored by the economic recession and elevated scrutiny of businesses and government agencies.
In an exclusive interview on GRC trends, Chris McClean, analyst with...
The next version of the Payment Card Industry Data Security Standard (PCI DSS), due out some time in 2010, may include guidelines for the use of virtualization technology to protect card data.
This was the prediction of some industry leaders meeting at the Payment Card Industry's Security Standards Council...
The annual BAI Retail Delivery Conference & Expo was held in Orlando, Fl in late November, focusing on innovative strategies and technologies.
Nick Burke, Director of Sales for Information Security Media Group (ISMG), publisher of BankInfoSecurity.com and CUinfoSecurity.com, attended the event, meeting with many of...
Interview with Jennifer Bayuk, Former CISO at Bear Stearns & Co.
Governance is a term increasingly used in financial institutions, as banking/security leaders try to introduce new processes and disciplines to their organizations.
In this exclusive interview, Jennifer Bayuk, an information security specialist...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.
