It has been my experience that many groups do a poor job of managing the tools they have. This comment is not directed at managing costs or keeping up with renewals, though that can be a problem as well. Instead it is about how we deploy and employ the tools themselves.So how are we falling

Read More

We all know how important they are, but the fact is that security policies are often the most neglected part of information security programs. IT compliance starts with comprehensive security policies that are issued by an organization to secure its valuable information. Though a time investment, policies can be addressed with little or no cost.

Read More

I attended a security conference recently and it was interesting to hear about the various breaches that companies suffered and how failures in their information security programs lead to those breaches. Following the usual round of Monday morning quarterback type of discussions, I could not help but wonder just how much of what I was

Read More

Despite the prevalence of chief information security officers (CISOs), some larger companies still choose to do business without having one in place. The traditional CISO fulfills a vital role in a company by directing protection of its information technology (IT) assets, and systems, but the individual doesn’t always have to be located on premises. As

Read More