-
How important is 'risk management?'
Experts Bruce Schneier and Marcus Ranum debate whether risk management is an appropriate strategic direction for information security professionals to follow. Face-off
-
Security Metrics: Replacing Fear, Uncertainty, and Doubt
In this chapter excerpt from "Security Metrics: Replacing Fear, Uncertainty and Doubt," author Andrew Jaquith reveals ways to present security data in a clean and elegant manner. Book Chapter
-
Endpoint Security
Read an excerpt from the book, Endpoint Security. In Chapter 3, "Something is Missing," author Mark S. Kadrich reveals a new way of modeling the network. chapter excerpt
-
Insider Threat Management Guide
In this Insider Threat Management Guide, contributor Gideon Rasmussen reviews how to fortify your organization's current insider threat controls and keep internal dangers to a minimum. Learning Guide
-
Risk management: Data organization and impact analysis
This first article of the Insider Threat Management Guide explains how to data organization is the first step in implementing insider threat controls. Learning Guide
-
Risk management audit
This article explores the audit function in the insider threat management process. Learning Guide
-
Risk management: Implementation of baseline controls
This fourth article in the Insider Threat Management Guide examines the implementation of baseline controls. Learning Guide
-
Risk management: Baseline management and control
Identifying baseline controls is the second step to implementing insider threat controls as described in this article from SearchSecurity's Insider Threat Management Guide. Learning Guide
-
Business continuity planning standards and guidelines
An excerpt from Chapter 1: Contingency and Continuity Planning of "Business Continuity and Disaster Recovery for InfoSec Managers," by John W. Rittinghouse and James F. Ransome. Book Chapter
-
Alphabet soup: Understanding standards for risk management and compliance
This article makes sense of the soupy mix of standards by taking a closer look at the various methodologies and frameworks, and examining what each has to offer. Information Security maga
- See More: Essential Knowledge on Information Security Risk Assessment: Methodology and Analysis
-
Cloud maturity model to help SMBs judge security of cloud providers
CAMM, a new cloud maturity model, may be the key to helping organisations, and especially SMBs, evaluate the security of cloud providers. News | 20 Jan 2012
-
Report on UK cybercrime statistics reveals culprits and responders
PwC’s cybercrime statistics reveal who is most likely to commit cybercrime, and who is the best choice to respond in any organisation. News | 06 Dec 2011
-
Private companies can expect more ICO fines, regulator warns
A regulator warned private companies who do not adequately protect data will face ICO fines up to £500,000. News | 20 Oct 2011
-
UK IT spending by industry: Despite cuts, security spending likely stable
While industries slash IT budgets, information security spending will likely hold steady. News | 22 Sep 2011
-
Bank security on top in consumer information security trust survey
More than half of respondents indicated they trusted financial institutions with their personal data, with students being the most trusting overall. News | 16 Sep 2011
-
ICO issues warning over NHS Data Protection Act breaches
Following five more NHS Data Protection Act violations, the Information Commissioner’s Office will redouble efforts to help NHS improve security. News | 05 Jul 2011
-
Symantec smartphone security comparison offers mixed results
Big Yellow’s new smartphone security comparison paper says iOS and Android devices can be secured, but dual consumer-business use presents risks. News | 01 Jul 2011
-
Security awareness tips: Making programmes more effective
Several information security pros, via LinkedIn, share their best security awareness tips with SearchSecurity.co.UK. News | 22 Jun 2011
-
Risk management key to security budgeting, smartphone security issues
Thoughtful risk management can aid efforts both toward increasing security budgets and locking down smartphones, panels at Infosecurity Europe concurred. News | 19 Apr 2011
-
Open Group launches guide to boost ISO 27005 efforts
A new guide from the Open Group is designed to help organisations meet ISO 27005 standards, but some risk management professionals feel it may not be so effective. News | 29 Mar 2011
- See More: News on Information Security Risk Assessment: Methodology and Analysis
-
Incident reporting and employee surveillance laws in other countries
When an organisation has employees abroad, the security team must understand employee surveillance laws and incident reporting requirements. Tip
-
Security policy and international employment laws for hiring overseas
Before opening an office abroad and hiring employees in other countries, learn how to adapt your security policy to international employment laws. Tip
-
Stop phone tracking and GPS data leakage
GPS-enabled smartphones and other GPS devices may leak confidential or sensitive data, making it easy for attackers to target your employees. Tip
-
Getting control of IT security documentation
Does your IT department feel buried under mountains of paperwork? Expert Michael Cobb shows an easy way to organise your IT security documentation. Tip
-
Outsourcing security issues: Managing outsourced software development
Learn the most important outsourcing security issues to cover in partner contracts and SLAs when outsourcing software development. Tip
-
Segregation of duties: Small business best practices
Segregating duties can be tough in organisations that have few staff members and resources. Get duty segregation best practices for SMBs. Tip
-
Managing security during acquisition: A merger integration checklist
Security must be carefully managed before and during an acquisition. Mike Cobb proposes a merger integration checklist for security. Tip
-
RSA Europe 2011: IT security conference coverage
All the news from RSA Europe 2011. Read news, features, tips and blogs from the London based IT security conference. Tip
-
Internal security audit: The importance of security system assessment
Internal security audits can help keep compliance programs on track, as well as reduce the stress of formal audits. Tip
-
Best practices for audit, log review for IT security investigations
Device logs can be one of the most helpful tools infosec pros have, or they can be a huge waste of space. Tip
- See More: Tips on Information Security Risk Assessment: Methodology and Analysis
-
Are there Web service security standards or risk assessment checklists?
As more organisations integrate business-critical functions with Web services, the security of those services becomes of greater importance. But are there Web service security standards whereby businesses can assess that security? Expert Neil O'Conno... Ask the Expert
-
Getting the most out of the gap analysis process
In this expert response, Neil O'Connor explains how to get the most out of the gap analysis process in your organization. Ask the Expert
-
What considerations should be made when outsourcing IT infrastructure?
Expert Peter Wood explains how to investigate a partner's security posture when your IT infrastructure is outsourced. Ask the Expert
-
How can a corporation assess the costs of whole-disk encryption?
Security management pro Mike Rothman explains how an enterprise can estimate the costs of implementing whole-disk encryption. Ask the Expert
-
Protecting consumer data with a fraud and risk assessment policy
In this Q&A, Mike Rothman discusses the risk assessment policies that merchants should practice when handling consumer bank cards. Ask the Expert
-
What types of software can help a company perform a security risk assessment?
Security management expert Mike Rothman unveils what kind of software is on the market to help assist a company in the risk assessment process. Ask the Expert
-
What is the relationship between open port range and overall security risk?
Exposing a large number of well-known ports could be a substantial risk, depending upon their nature. In this expert Q&A, Mike Chapple explains why it may be best to narrow down a port range. Ask the Expert
-
What are the risks associated with outsourcing security services?
In this expert Q&A, security management pro Mike Rothman discusses why outsourcing security services could be a bad idea. Ask the Expert
-
Should all members of a security staff be involved in the risk assessment process?
In this SearchSecurity.com Q&A, security management expert Mike Rothman discusses risk assessment for an enterprise, and explains how all members of the senior security staff should be involved in the process. Ask the Expert
-
Should ISO 17799 play a role in risk assessment?
In this SearchSecurity.com Q&A, security pro Mike Rothman offers advice on the best risk assessment procedures, and discusses whether or not ISO 17799 should be involved in the process. Ask the Expert
- See More: Expert Advice on Information Security Risk Assessment: Methodology and Analysis
-
Risk management in information technology
Get advice on creating a strategy for mitigating information security risk from expert Nick Frost of the Information Security Forum. Video
-
Marcus Ranum on cyberwarfare, infosec careers
At 2009's Information Security Decisions conference, security expert Marcus Ranum sat down to answer some of readers' security questions. Video
-
Building a framework-based compliance program
Richard Mackey of SystemExperts offers expert advice on how to construct a framework that can help enterprises identify their compliance needs. Video
-
Incident reporting and employee surveillance laws in other countries
When an organisation has employees abroad, the security team must understand employee surveillance laws and incident reporting requirements. Tip
-
Security policy and international employment laws for hiring overseas
Before opening an office abroad and hiring employees in other countries, learn how to adapt your security policy to international employment laws. Tip
-
Cloud maturity model to help SMBs judge security of cloud providers
CAMM, a new cloud maturity model, may be the key to helping organisations, and especially SMBs, evaluate the security of cloud providers. News
-
Stop phone tracking and GPS data leakage
GPS-enabled smartphones and other GPS devices may leak confidential or sensitive data, making it easy for attackers to target your employees. Tip
-
Getting control of IT security documentation
Does your IT department feel buried under mountains of paperwork? Expert Michael Cobb shows an easy way to organise your IT security documentation. Tip
-
Outsourcing security issues: Managing outsourced software development
Learn the most important outsourcing security issues to cover in partner contracts and SLAs when outsourcing software development. Tip
-
Segregation of duties: Small business best practices
Segregating duties can be tough in organisations that have few staff members and resources. Get duty segregation best practices for SMBs. Tip
-
IT in Europe: Information Security Edition e-zine
e-zine
-
Report on UK cybercrime statistics reveals culprits and responders
PwC’s cybercrime statistics reveal who is most likely to commit cybercrime, and who is the best choice to respond in any organisation. News
-
Managing security during acquisition: A merger integration checklist
Security must be carefully managed before and during an acquisition. Mike Cobb proposes a merger integration checklist for security. Tip
- See More: All on Information Security Risk Assessment: Methodology and Analysis
About Information Security Risk Assessment: Methodology and Analysis
Get advice and the latest news on enterprise risk management. Browse our resource center to get information on information security risk assessment analysis, methodology, tools, training and tips on how to build a risk assessment policy.