Filter By:

Recent Blogs & Podcasts

Insights

\ GRC 



September 25, 2017 | IT Service Management
By George Gerchow, IANS Faculty

 Top 5 GRC Solutions to Consider

The market for governance, risk management and compliance (GRC) solutions continues to evolve, but certain vendors consistently work their way to the top of most organizations' short lists. In this Ask-an-Expert written response, IANS Faculty George Gerchow offers his take on five top vendors: LockPath, MetricStream, ZenGRC, RSA Archer and ServiceNow.

Read More »


September 18, 2017 | Risk Management
By Rich Guida, IANS Faculty

 Infosec Risk Management: How to Focus on the Business Units

Information security professionals spend a lot of time doing risk management, but how do we know what the enterprise’s biggest risks are? How did we determine them? In this webinar, IANS Faculty Rich Guida discusses ways to ensure that business units (and their executive leaders) can be brought to the table and contribute meaningfully in risk identification and ranking, so when you ask for money to mitigate those risks, you have confidence that leadership has bought in to them.

Read More »


September 18, 2017 | Embedded Systems and Internet of Things
By Chris Poulin, IANS Faculty

 Poulin: The Economics of IoT Fear and Uncertainty

Information- (and now device-) security is an underappreciated field. It’s anti-climactic and difficult to justify the cost of building security in, bolting security on and implementing security controls for the operating environment. But it's up to us in the community to become early adopters and work with the manufacturers to make products as secure as possible for the general public. 

Read More »


September 14, 2017 | Encryption, Digital Signatures, Certificates, Tokenization
By Dave Shackleford, IANS Faculty

 Apply Blockchain Technology to Enterprise Security

Blockchain has been the focus of many hype cycles of late, and it seems to be making inroads into every technology area under the sun - but how enterprise-ready is it? In this report, IANS Lead Faculty Dave Shackleford examines how the technology works and details its current and future use cases in security.

Read More »


September 6, 2017 | Risk Management
By Josh More, IANS Faculty

 Avoid the Pitfalls of Using FAIR for Risk Management

FAIR is an effective approach for rating complex, wide-ranging risks, but it has its downsides. In this Ask-an-Expert written response, IANS Faculty Josh More details the pitfalls of using FAIR to manage tactical risks such as vulnerability management and offers tips for ensuring success.

Read More »


September 6, 2017 | Regulations & Legislation
By George Gerchow, IANS Faculty

 Get Your GDPR Ducks in a Row

Ensuring compliance with the new General Data Protection Regulation (GDPR) can seem like a daunting task, especially with enforcement set to begin in May 2018. In this Ask-an-Expert written response, IANS Faculty George Gerchow details some key steps to take to ensure you have the right people and processes in place by the deadline.

Read More »


September 5, 2017 | Enterprise and IT Compliance Management
By Dave Shackleford, IANS Faculty

 Get a Handle on FAR Compliance

The new Federal Acquisition Regulation (FAR) requires compliant organizations to implement best practice security within 15 different control areas, but what constitutes full compliance is not completely clear in many cases. In this Ask-an-Expert written response, IANS Lead Faculty Dave Shackleford details the 15 control areas and recommends using NIST 800-171 as a guide. 

Read More »


August 24, 2017 | Risk Management
By Josh More, IANS Faculty

 Risk-Scoring Firms Aren’t Viable – Yet

A new breed of vendors is attempting to extend the financial/credit risk-scoring model to the information security world, enabling organizations to rate vendors according to their "risk score." In this Ask-an-Expert written response, IANS Faculty Josh More explains why such security risk scores aren't a very viable approach to vendor assessment, at least not yet.

Read More »


August 18, 2017 | Vulnerability Assessment and Management
By Josh More, IANS Faculty

 Take an Effort-Based Approach to Vulnerability Management

Traditional risk-only based approaches to vulnerability management often lead to conflicts between security and the business, each of which has difficulty understanding the priorities and motivations of the other. In this Ask-an-Expert written response, IANS Faculty Josh More explains how an effort-based approach can side-step such issues, improving security while fostering better relations with the business.

Read More »