Home > IBM Governance and Risk Management Info Center

IBM Governance and Risk Management Info Center EMAIL THIS Learn how to align business goals and IT investments while reducing the risks and costs of operating a secure, resilient infrastructure. The Governance and Risk Management Information Center offers content on building, managing and enforcing a viable data governance framework. INFORMATION SECURITY GOVERNANCE from SearchSecurity.com Understand how best to ensure the tools, people and business processes your organization implements accurately meet your information security needs. Layer 8 FEATURE - Governance Benefit Editor's Desk FEATURE - Making the Grade On the Job FEATURE - 12 lessons they don't teach you in security school about being a CISO. VIEW ALL IN THIS TOPIC ENTERPRISE RISK MANAGEMENT from SearchSecurity.com Learn how to most effectively plan, organize, and control your organization's activities to minimize your capital and earnings risk. Layer8 FEATURE - Fad or For Real? Reworking Risk Policy FEATURE - POLICIES Whether you manage policies manually or use automated tools, it is imperative to get your policies and systems in sync. Information security blueprint for architecture and systems FEATURE - A formalized security architecture diagrams how you should handle the changing threat and regulatory environments. VIEW ALL IN THIS TOPIC RISK ASSESSMENT AND ANALYSIS from SearchSecurity.com Discover strategies to help you define the steps, responsibilities, tools, standards, and processes, to determine what is and isn't acceptable risk for your organization. IT security risks dismissed by boards, survey finds ARTICLE - A Carnegie Mellon University report illustrates the lack of understanding boards of directors have when it comes cybersecurity risks and their impact on overall business. Intellectual property protection do's and don'ts FEATURE - Theft of intellectual property is a growing problem but many companies are not prepared to deal with this security threat. Learn about the risk involved with trade secrets, why companies are failing to protect intellectual ... Product review: RedSeal Systems' RedSeal Security Risk Manager FEATURE - Red Seal Security Risk Manager allows security administrators to model and manage threats to corporate assets and networks. This product review looks at how the risk management tool rates in effectiveness, ease of setup, ... VIEW ALL IN THIS TOPIC RISK MANAGEMENT METRICS AND MEASURING RISK from SearchSecurity.com IT security risks dismissed by boards, survey finds ARTICLE - A Carnegie Mellon University report illustrates the lack of understanding boards of directors have when it comes cybersecurity risks and their impact on overall business. Intellectual property protection do's and don'ts FEATURE - Theft of intellectual property is a growing problem but many companies are not prepared to deal with this security threat. Learn about the risk involved with trade secrets, why companies are failing to protect intellectual ... Product review: RedSeal Systems' RedSeal Security Risk Manager FEATURE - Red Seal Security Risk Manager allows security administrators to model and manage threats to corporate assets and networks. This product review looks at how the risk management tool rates in effectiveness, ease of setup, ... VIEW ALL IN THIS TOPIC MANAGEMENT SUPPORT FOR INFORMATION SECURITY from SearchSecurity.com Maintaining a strong security program during a recession, layoffs FEATURE - Learn to maintain security during tough economic times and budget cuts when big corporations such as Merrill lynch, Wachovia and Chase, B of A are doing layoffs. IT security risks dismissed by boards, survey finds ARTICLE - A Carnegie Mellon University report illustrates the lack of understanding boards of directors have when it comes cybersecurity risks and their impact on overall business. The 100-day plan: Achieving success as a new security manager TIP - One of the top priorities of any newly minted information security manager is to implement a new enterprise security strategy. VIEW ALL IN THIS TOPIC SECURITY AND CORPORATE MERGERS AND ACQUISITIONS from SearchSecurity.com What are some best practices for handling a merger while getting our counterpart up to speed on PCI? EXPERT RESPONSE - Learn how to make sure you and your partner are compliant with PCI DSS while you prepare for the merger process. How the China syndrome doomed 3Com merger deal ARTICLE - The national security anxieties that caused the collapse of a merger deal between 3Com, Bain Capital and a Chinese company were warranted, most industry experts say. What are the pros and cons of outsourcing email security services? EXPERT RESPONSE - In this SearchSecurity.com Q&A, application security expert Michael Cobb explains whether it's right for your organization to hand off email security services to another provider. VIEW ALL IN THIS TOPIC INFORMATION SECURITY LAWS, INVESTIGATIONS AND ETHICS from SearchSecurity.com After a data breach, what are the legal implications of sharing the details? EXPERT RESPONSE - After a data breach, it may be helpful to share the highs and lows of the experience with other companies to help prevent similiar breaches, but what are the legal implications of this? Learn how to share details without ... How to create a data security policy to avoid disgruntled employee data leaks EXPERT RESPONSE - When crafting a data security policy, take into account that disgruntled employees may leak data. Learn how to prevent employee data leakage, and how to handle data loss if it occurs. Ethical hacking techniques for standard penetration testing EXPERT RESPONSE - Learn how to form a policy for standard penetration tests including getting written permission. Learn ethical hacking techniques. VIEW ALL IN THIS TOPIC INFORMATION SECURITY POLICIES, PROCEDURES AND GUIDELINES from SearchSecurity.com Does the DoD's ban of USB storage devices mean our enterprise should ban them too? EXPERT RESPONSE - When creating a portable device security policy, should an organization take into account the policies of the federal government? In this security management expert response, learn what can be helpful to keeping USB devices ... Perspectives FEATURE - Conditioned for Success Layer 8 FEATURE - Control Quagmire VIEW ALL IN THIS TOPIC ACCEPTABLE USE POLICY from SearchSecurity.com Can DHCP be used to selectively block instant messaging clients? EXPERT RESPONSE - Restricting instant messaging use has been a significant security challenge for organizations, but will DHCP help solidfy an IM policy? In this SearchSecurity.com Q&A, Michael Cobb explains which access control mechanisms are ... Can watching online videos present enterprise security risks? EXPERT RESPONSE - In this SearchSecurity.com Q&A, security expert Mike Rothman unveils what security risks, if any, are presented by Internet video and radio. What are the best security practices to consider when developing a corporate blog? EXPERT RESPONSE - Creating a corporate blog can sensitize your corporation to attacks or information theft. In this SearchSecurity.com Q&A, security expert Mike Rothman unveils the best practices to consider when developing a blog for your ... VIEW ALL IN THIS TOPIC CREATING AND MANAGING INFORMATION SECURITY POLICIES from SearchSecurity.com Security and audit relationships: Uneasy antagonists or partners in arms? TIP - The relationship between information security pros and auditors can be a rocky one, but there are a few specific steps that can make it smoother. How to be an Information Security Know-it-all FEATURE - The essentials every chief information security officer must master, including PCI compliance, server and desktop security, securing the data lifecycle and how to best align security and business. Collaboration with auditors will benefit information security programs FEATURE - Security professionals should appreciate their relationships with internal auditors, who by pointing out security areas that need improvement, head off failures with external auditors. VIEW ALL IN THIS TOPIC DEVICE SECURITY POLICY from SearchSecurity.com What are the options for a mechanical (not electrical) door security system on a server room door? EXPERT RESPONSE - After a server room door has been compromised, finding a more secure solution is of utmost importance. Learn how to choose a server room door that can secure your server without breaking the bank. How can organizations secure implanted microchips and RFID tags? EXPERT RESPONSE - RFID tages and implanted microchips provide excellent tracking technolgies, but what security risks do they involve? Security management expert Mike Rothman weighs in. Finding lost notebooks with 'LoJack for laptops' EXPERT RESPONSE - LoJack software can be helpful in retrieving stolen laptops, but there may be a better way. Security management expert Mike Rothman explains the pros and cons. VIEW ALL IN THIS TOPIC REMOTE ACCESS POLICY from SearchSecurity.com How to set up a remote access security policy EXPERT RESPONSE - Interested in setting up a remote access security policy for users? Learn to use IPsec vs. SSL VPN and appropriate systems, applications and authentication methods. What are the dangers of Web-based remote access systems? EXPERT RESPONSE - Identity management and access control expert Joel Dubin discusses the security risk associated with using Web-based remote access systems, such as LogMeIn and GoToMyPC. The dangers of granting system access to a third-party provider TIP - In this tip, security expert Joel Dubin discusses the potential threats involved with granting access to a third-party provider and examines solutions for avoiding these dangers. VIEW ALL IN THIS TOPIC INFORMATION SECURITY STANDARDS from SearchSecurity.com Layer 8 FEATURE - Security by Numbers Data Encryption Standard WORD - Data Encryption Standard (DES) is a widely-used method of data encryption using a private (secret) key that was judged so difficult to break by the U.S. government that it was restricted for exportation to other countries. ... VIEW ALL IN THIS TOPIC ISO 17799 from SearchSecurity.com Security survey finds increase in security standards adoption ARTICLE - Ernst & Young's 2008 Global Information Security Survey finds both positive and negative trends in information security depending on how you look at the numbers. Is the Trusted Computer System Evaluation Criteria (TCSEC) still relevant for assessing security controls? EXPERT RESPONSE - Is the Orange Book still the be-all and end-all for assessing security controls in the enterprise? Security management expert Mike Rothman explains what happened to the Orange Book, and the Common Criteria for Information ... GRC: Over-Hyped or Legit? FEATURE - Governance, risk and compliance (GRC) is being used as a catch-all phrase for most information security strategies and tagged onto various products, adding even more confusion in the market as to what it truly means or ... VIEW ALL IN THIS TOPIC COBIT from SearchSecurity.com Security survey finds increase in security standards adoption ARTICLE - Ernst & Young's 2008 Global Information Security Survey finds both positive and negative trends in information security depending on how you look at the numbers. Is the Trusted Computer System Evaluation Criteria (TCSEC) still relevant for assessing security controls? EXPERT RESPONSE - Is the Orange Book still the be-all and end-all for assessing security controls in the enterprise? Security management expert Mike Rothman explains what happened to the Orange Book, and the Common Criteria for Information ... GRC: Over-Hyped or Legit? FEATURE - Governance, risk and compliance (GRC) is being used as a catch-all phrase for most information security strategies and tagged onto various products, adding even more confusion in the market as to what it truly means or ... VIEW ALL IN THIS TOPIC SECURITY AUDIT from SearchSecurity.com Security and audit relationships: Uneasy antagonists or partners in arms? TIP - The relationship between information security pros and auditors can be a rocky one, but there are a few specific steps that can make it smoother. Collaboration with auditors will benefit information security programs FEATURE - Security professionals should appreciate their relationships with internal auditors, who by pointing out security areas that need improvement, head off failures with external auditors. Cybersecurity expert sees PCI DSS problems ahead for retailers Q A INTERVIEW - Some systems will have to be replaced over the next several years costing big-box retailers millions of dollars to become compliant with PCI DSS. VIEW ALL IN THIS TOPIC SECURITY MANAGEMENT from SearchSecurity.com On The Radar FEATURE - Help from the Government In MSSPs We Trust FEATURE - Regulatory and cost-cutting pressures are forcing enterprises to reexamine the value of managed security services. Warning Lights FEATURE - Evolving risk dashboards will tell how secure you are and when something's wrong. VIEW ALL IN THIS TOPIC DISASTER RECOVERY AND BUSINESS CONTINUITY PLANNING from SearchSecurity.com Perspectives FEATURE - Pandemic Pitfalls Don't Wait for Disaster