Incident Response Plans and Security Breaches
A study released by IBM and the Ponemon Institute found that:
77% of businesses worldwide do not have a consistent incident response plan for data breaches.
These corporations rely solely on informal or department-specific damage-control strategies.
Even more troubling, nearly half of the organizations surveyed characterized their incident…
We’ve all been there. It’s annual budget time and we are told that belts are tightening and we have to cut costs. Where does the finance organization look first for savings and what is their risk tolerance? That’s right… to the functions within the organization who do not contribute directly to the bottom line.
So what’s a security professional to do when you are already operating a lean organization? You are protecting your company’s assets the best you can? And you still are being asked to perform better with fewer resources? In this article Rachelle Loyear discusses a few options for helping you meet the financial pressures of the organization while not going outside of the risk tolerances set by your management team.
Cyberrisks are fast-evolving, posing an ever-changing threat to businesses. Five years ago cyber security risks ranked at number 15 for most important peril. According to the annual Allianz Risk Barometer cyber security risks is now the second most important peril globally today. But some of these risks remain underestimated, and negligence scenarios are also increasing.…
Creating a Culture of Cybersecurity
Even the best made cybersecurity governance programs cannot predict every situation that should be guided by a principle or policy. At some point, you will have to rely on the employees of your organization to do the right thing. How do you train every employee to do the right thing every time? The answer is you cannot; no amount of training will accomplish this. What you must do is change the culture of cybersecurity over time where doing the right thing becomes intuitive. Training will help, but is not the sole answer.
Just a decade ago, as security professionals, we could talk reasonably about physical security and logical security requiring different approaches. Five years ago, we might have found ourselves having conversations about the blurring lines between the two types of security discipline, and could have easily pointed to aspects of both physical and logical security that…