blogs

Big News: there was an important election at the end of 2008. No, I'm not talking about the presidential election.

The need for a CISO goes away and morphs into the role of the Chief Information Risk Officer reporting to either a Chief Risk Officer or Chief Compliance Officer outside of IT. Security truly becomes embedded in this model and the costs are reduced through consolidation of efforts.

A recent Seattle Times article offers an interesting case-study for security professionals. The headline: "After 6 months, drivers ignoring cellphone ban." Can we learn anything from law enforcement's implementation of this new law? I think so.

buy a link »

The only way to mitigate risk associated with business continuity events is to prepare. It's unreasonable to believe events will never happen, that all business processes will continue to operate flawlessly. Planning, training, and continuous improvements to response and recovery efforts comprise the most important difference between a business which successfully moves past an event and one seriously damaged.

The President of the National Association of State Chief Information Officers (NASCIO) was recently featured by Governing Magazine as he made the case for our nation making significant investments in the "invisible infrastructure." Gopal Khanna, who is also the chief information officer for the state of Minnesota, makes a compelling case that includes security components.

Yes, ladies and gentlemen, according to the Institure of Internal Auditors(IIA), "there is no such thing as 'IT Risk'". After closing a semester of teaching web application security, I wanted to share my observations and concerns regarding the understanding of "risk" among the next generation of security professionals.

In this post of the Business Continuity Event Management (BCEM) series, we continue event response and recovery planning with a transition from incident response to recovery operations.

What are you doing about Web 2.0 and formal acceptable use policies? As a blogger from a state known to be a leader in the use of technology in government, I get that question a lot. The answer: quite a bit right now.

Even though I was part of Able Flight, I guess I'll post this since it represents us all. 6931st ESS forever...

I've been a bit too serious lately and it is almost time to wrap up 2008. So here is a new twist on the Twelve Days of Christmas.

Suggestions for new verses are welcome!

CSO

Blogs

CSO Corporate Partner

CSO Executive Seminar on Application Security