Published:
September 29 2008, 04:00 AM
|
6 Comment(s)
by
Sumner Blount
The current financial crisis that we face has dominated the headlines recently. Many people on Main Street have asked "how could this have happened to our economy?"¦.who was asleep at the switch?....who was managing this risk ?" These are certainly reasonable questions that we all are probably asking, even if only to ourselves. And, with home prices cratering, and the stock market in an occasional free-fall, virtually nobody is exempt from the impact of this crisis. Let's face it "" it's a very scary situation for anyone who owns a home, or who has retirement money in the stock market. There are endless debates about what happened, who's at fault, whether we should be bailing them out, and how this will impact...
Read more...
By: Sumner Blount
Sumner Blount has spent his 25-year career focused on the development and marketing of software products for a range of top-tier enterprise IT firms. Currently, he’s a Director in the Security business unit at CA. Previously he managed the large computer operating system development group at Digital...
Read More..
Published:
September 26 2008, 04:30 AM
|
no comments
by
Sumner Blount
Earlier this year, I wrote an article that was published in Business Management magazine on " The Changing Face of Compliance ." The article highlights some of the recent trends in compliance, and their impact on both security controls and overall GRC management. At the time, I was on CA's security team, and I attempt to illustrate in this article the close linkage between security and GRC. You'll find this is a common topic of interest to the contributors here on the CA GRC blog, as well, as we look to shed light on how security issues may impact your GRC initiatives. I hope you find the Business Management article interesting, and welcome your comments.
Read more...
By: Sumner Blount
Sumner Blount has spent his 25-year career focused on the development and marketing of software products for a range of top-tier enterprise IT firms. Currently, he’s a Director in the Security business unit at CA. Previously he managed the large computer operating system development group at Digital...
Read More..
Published:
September 24 2008, 04:00 AM
|
3 Comment(s)
by
Christopher Daugherty
Many of you reading this have purchased large ticket items like a home, condo, car, etc. These purchases are somewhat calculated expenditures and typically a large investment of your disposable income. If you are like me, these decisions are made after weighing alternatives while trying to predict future risks. You undoubtedly ask yourself questions like: Will the home or condo appreciate and if so, at what rate? What is the maintenance cost of the dwelling? What repairs are needed and expected outlays? Will the car hold its value, what is the anticipated maintenance, what is the automakers history for this model, etc...? The truth is, there are many more questions affecting these decisions than we could include here. This process is what I...
Read more...
By: Christopher Daugherty
Christopher Daugherty has over 14 years of consulting experience focused on technical assessments, ERP implementations, IT infrastructure management, IT governance, and information security. Today he is a Sr. Architect with CA, where he works with Fortune 500 companies to develop solutions involving...
Read More..
Published:
September 23 2008, 05:30 AM
|
no comments
by
Sumner Blount
Many of the large companies that we at CA talk to about their risk and compliance activities have different approaches, with somewhat different challenges that they need to meet. Still, the one common element that virtually all of them have (at least to some degree) is the problem of "information silos." The meaning of this description is fairly obvious "" pockets of information spread around the organization which contain either similar, or in some cases, identical data relating to compliance activities. And, of course, when the same information is stored in multiple places, the opportunity for inconsistency is persistent. The reason why this is such a pernicious problem is that the existence of these silos is often invisible...
Read more...
By: Sumner Blount
Sumner Blount has spent his 25-year career focused on the development and marketing of software products for a range of top-tier enterprise IT firms. Currently, he’s a Director in the Security business unit at CA. Previously he managed the large computer operating system development group at Digital...
Read More..
Published:
September 22 2008, 04:00 AM
|
no comments
by
Mike Hoefgen
In case you are one of the few CIOs or IT managers out there still asking this question, Network World offers up its answer in its "Does compliance equal security?" post in mid-August. While it may be common understanding at this point, it's an important reminder that simply complying with a standard or regulation does not mean your company or information is secure. Pick your favorite authority document from PCI , ISO 27001/27002 , and NIST 800-53 , to COBIT and the FFIEC IT Handbook . They are all best practices. Implementing them is not a 100% guarantee of security. Yes they are all great first steps at securing you assets, but they are only first steps. If you have implemented any one of these frameworks within your organization...
Read more...
By: Mike Hoefgen
Mike Hoefgen has been helping clients solve business problems for over 20 years. Mike is currently a Principal Consultant with CA, Inc working with the Governance business unit and is based in Seattle. Mike holds a Bachelor of Science degree in electrical engineering from the University of Wisconsin...
Read More..