Filter By:

Type

Topic

Recent Blogs & Podcasts

Insights Portal

\ GRC 



February 16, 2018 | Threat Intelligence and Modeling
By Adam Shostack, IANS Faculty

 Comprehensive, Structured and Systematic: Engineering for Security

The hardest part of security is going from random discovery of problems as you create new features to a systematic, comprehensive and structured approach to finding problems early. In this webinar, IANS Faculty Adam Shostack identifies ways to bring security engineering to the very earliest parts of product or service cycles, align with agile practices and reap the benefits that come from such efforts: faster, more predictable and more secure launches.

Read More »


February 5, 2018 | Vendor and Partner Management
By Aaron Turner, IANS Faculty

 Understand and Manage Offshore Contractor Risk

Using offshore contractors in countries like India presents a host of risks, beyond those faced when working with U.S.-based third parties. In this Ask-an-Expert written response, IANS Faculty Aaron Turner urges companies to focus on both geopolitical and human risk factors when choosing an overseas partner.

Read More »


February 5, 2018 | Regulations & Legislation
By George Gerchow, IANS Faculty

 5 Practical Steps to GDPR Success

With all the noise, panic and questions about the EU’s new General Data Protection Regulation (GDPR), it’s difficult to discern the right mix of policies, procedures and technologies to ensure compliance. In this webinar, IANS Faculty George Gerchow helps you prioritize the practical steps you can take today – and the tougher steps you can safely put off for tomorrow – to ensure your organization is fully prepared when the ruling comes into full force this May.

Read More »


February 1, 2018 | Risk Management

 IANS Risk Register Tool (Updated)

Building a Risk Register is a critical undertaking for organizations of all sizes, and there are a number of factors that contribute to its accuracy and success. This tool (updated to include the latest PCI DSS 3.2 requirements) offers a step-by-step guide for identifying risk and harm, calculating exposure and adopting appropriate security controls. 

Read More »


January 30, 2018 | Enterprise and IT Compliance Management

 IANS General Data Protection Regulation (GDPR) Checklist

With all the noise, panic and questions about the EU’s new General Data Protection Regulation (GDPR), it’s difficult to discern the right mix of policies, procedures and technologies to ensure compliance. This checklist helps prioritize the practical steps you can take today to ensure your organization is fully prepared when the ruling comes into full force this May.

Read More »


January 10, 2018 | Malware and Advanced Threats
By Aaron Turner, IANS Faculty

 Information Security Trends for 2018

In 2017, we saw some of our most valued controls undermined and witnessed security incidents impacting businesses around the world.  What will 2018 bring? In this report and webinar, IANS Faculty Aaron Turner examines the major trends in store for IT security professionals in the coming year. From the new incidents we need to prepare for to the investments we need to make to keep up with attackers' capabilities, we have our work cut out for us..

Read More »


January 2, 2018 | Security Policies and Strategy
By Aaron Turner, IANS Faculty

 Create a Workable Acceptable Use Policy for Social Media

Creating strong, fair acceptable use policies governing employees' social media usage, especially in this era of BYOD and remote workforces, is fraught with thorny privacy, legal and other issues. In this Ask-an-Expert written response, IANS Faculty Aaron Turner details the importance of combining employee consent with a clear code of conduct.

Read More »


December 28, 2017 | Privacy
By Rebecca Herold, IANS Faculty

 Benchmark Your Privacy Program Maturity

As privacy becomes increasingly important to regulators, consumers and organizations alike, determining optimal privacy program maturity is critical. In this Ask-an-Expert written response, IANS Faculty Rebecca Herold details the process of benchmarking a program's maturity using the 14 ISACA Privacy Principles and the AICPA/CID Privacy Maturity Model.

Read More »


December 19, 2017 | Risk Management
By Bruce Bonsall, IANS Faculty

 Get the C-Suite to Own Cyber Risk

The business owns all the business results and therefore owns all the risks, including those that fall under information security. But what's the best way to convince upper management of that? In this Ask-an-Expert written response, IANS Faculty Bruce Bonsall offers several proof points, including a long list of regulatory initiatives that explicitly hold top execs accountable for information security risk.

Read More »