Far too often the relationship between auditors and their boards is not as effective as we might hope. What makes the difference? Here is some advice based on my recent conversations.
Earlier this month, I had the chance to attend RSA Conference 2012, which always reminds me how fluid our industry is, and how important it is to stay educated and abreast of change.
What skills are needed to be an effective fraud examiner? My short answer is that, as with any discipline, there are certain skills and areas of knowledge one needs to learn to be successful.
How can companies and IT security leaders keep a security breach from becoming a long-term problem and stop it from negatively affecting their customer base?
IT security leaders rely on penetration testing to determine whether applications are secure. But penetration tests can't be a primary source of assurance, says Jeff Williams, co-founder of OWASP.
While organizations need to make investments in data protection and storage, it's crucial that they first get a real handle on classifying their data before allocating resources in the wrong places.
An analysis of many recent studies suggests that over 80 percent of applications contain simple vulnerabilities. Here are five tips that developers can leverage to secure their code.
Enforcement and class actions are what the year 2011 will be remembered for in privacy. So, how can pros prepare for the inevitability of a litigious and increased-enforcement environment?
Moving into 2012, IT risk professionals will need to develop deep areas of subject-matter expertise. Here are some areas of increasing importance for your organization - and your career.
After reviewing the results of the IIA's new Emerging Trends and Leading Practices survey, we must ask ourselves, "Are we doing our absolute best to meet our stakeholders' needs?"
2011 has offered quite a number of tough lessons for security professionals. Here at (ISC)2, where security education is our focus, the close of another year raises the old teacher's question: "What have we learned, class?"
It seems to just be "understood" that if you're accepting favors you're doing so because the vendor expects to influence you and that you've compromised yourself if you start down that path. During the course of my career, I've seen only a couple of incidents of this type.
Careful coordination is needed: Are we duplicating services? Worse, are there risks that fall between the cracks, into the gray areas on the borders of our separate assurance functions?
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.