Filter By:

Recent Blogs & Podcasts

114 Results for: "Rich Guida"

 



October 2, 2017 | Vendor and Partner Management
By Rich Guida, IANS Faculty

 Weigh the Risk/Benefit of Partnering with Startups

Vetting third-parties that are new, small and innovative is very different from assessing established vendors. In this Ask-an-Expert written response, IANS Faculty Rich Guida explains how to weigh a startup's overall benefits against its security risks, and offers tips for getting the business to mitigate or accept them.

Read More »


September 18, 2017 | Risk Management
By Rich Guida, IANS Faculty

 Infosec Risk Management: How to Focus on the Business Units

Information security professionals spend a lot of time doing risk management, but how do we know what the enterprise’s biggest risks are? How did we determine them? In this webinar, IANS Faculty Rich Guida discusses ways to ensure that business units (and their executive leaders) can be brought to the table and contribute meaningfully in risk identification and ranking, so when you ask for money to mitigate those risks, you have confidence that leadership has bought in to them.

Read More »


July 26, 2017 | Password Management
By Rich Guida, IANS Faculty

 Implement a Strong Corporate Password Policy

Creating a corporate password policy can be a very complex challenge, particularly considering the fact that passwords bring with them some significant enterprise risks. In this Ask-an-Expert written response, IANS Faculty Rich Guida details the standard guidelines for password policies and offers tips for taking them to the next level. 

Read More »


June 22, 2017 | Metrics and Reporting
By Rich Guida, IANS Faculty

 Choose Your Risk Metrics Wisely

We all know we need to measure information security risk appropriately, but what are the best methodologies and metrics to use? In this Ask-an-Expert written response, IANS Faculty Rich Guida explains how to use a risk register to identify critical metrics, and offers tips for gathering relevant data and handling reporting.

Read More »


June 8, 2017 | Enterprise and IT Compliance Management
By Michael Pinch, IANS Faculty

 5 Tips for Migrating to a New Security Framework

Changing an organization's security program alignment is never an easy task. In this Ask-an-Expert written response, IANS Faculty Mike Pinch offers five key steps to take when migrating to a new security program, with specific guidance for switching to the NIST Cybersecurity Framework. 

Read More »


April 19, 2017 | Enterprise and IT Compliance Management
By Josh More, IANS Faculty

 Understanding the Australian Regulation’s ‘Two-Person Rule’ Requirement

The Australian Regulation's PPG 234 requires that extremely sensitive IT assets be subject to the "two-person rule," but it doesn't offer much guidance in terms of what it deems "extremely sensitive." In this Ask-an-Expert written response, IANS Faculty Josh More explains the rule and offers some practical   advice for complying with it efficiently. 

Read More »


April 7, 2017 | Password Management
By IANS Faculty, IANS Faculty

 Poll: What Are the Best Password Strategies?

Password guidelines seems to change all the time. With new recommendations from NIST and vendors like Microsoft cropping up, how can enterprises determine the best approach? In this Faculty Viewpoint report, IANS Faculty Rich Guida, John Galda, Jason Gillam, Kevin Beaver, Marcus Ranum and Stephen McHenry offer their opinions and some rules of thumb for creating strong, enforceable password policies.

Read More »


April 5, 2017 | Risk Management
By Rich Guida, IANS Faculty

 Creating an Effective IDAM Governance Committee

Planning an optimal identity and access management (IDAM) strategy requires participation and buy-in from a variety of stakeholders, including HR, legal and more. In this Ask-an-Expert written response, IANS Faculty Rich Guida offers recommendations for creating the right membership, rules and processes for a strong IDAM governance committee.

Read More »