Comments for IT Policy Compliance http://www.itpolicycompliance.com Tue, 14 Feb 2012 09:03:48 +0000 hourly 1 http://wordpress.org/?v=3.2.1 Comment on Data Driven Reporting and Communications about IT by CISOs: Make the Most of Your Time in the Boardroom | In Defense of Data http://www.itpolicycompliance.com/research-reports/data-driven-reporting-and-communications-about-it/#comment-40 CISOs: Make the Most of Your Time in the Boardroom | In Defense of Data Tue, 14 Feb 2012 09:03:48 +0000 http://www.itpolicycompliance.com/?p=1276#comment-40 [...] only have five to eight minutes of time to present in Board of Director meetings, according to the latest research from the IT Policy Compliance Group. How CISOs use this time will often determine if they get the [...] [...] only have five to eight minutes of time to present in Board of Director meetings, according to the latest research from the IT Policy Compliance Group. How CISOs use this time will often determine if they get the [...]

]]> Comment on Managing the Benefits and Risks of Cloud Computing by Quest CEO Blog | Prosperity in 2012: Best-performing organizations use cloud computing http://www.itpolicycompliance.com/research-reports/managing-the-benefits-and-risks-of-cloud-computing/#comment-33 Quest CEO Blog | Prosperity in 2012: Best-performing organizations use cloud computing Tue, 03 Jan 2012 17:14:23 +0000 http://wp6.techniquedev.com/?p=815#comment-33 [...] *Source: IT Policy Compliance Group, Managing the Benefits and Risks of Cloud Computing, http://www.itpolicycompliance.com/research-reports/managing-the-benefits-and-risks-of-cloud-computin... [...] [...] *Source: IT Policy Compliance Group, Managing the Benefits and Risks of Cloud Computing, http://www.itpolicycompliance.com/research-reports/managing-the-benefits-and-risks-of-cloud-computin... [...]

]]> Comment on IT Policies and Controls: Which Matter? by Sharleen Stiggers http://www.itpolicycompliance.com/blog/it-policies-and-controls-which-matter/#comment-12 Sharleen Stiggers Wed, 16 Feb 2011 20:42:30 +0000 http://itpcg.wordpress.com/?p=307#comment-12 I was sitting on twitter trying to find something to cure my boredom - and KABOOM - somebody I follow tweeted this post. Now, I am not quite as bored. Thanks for posting good material I was sitting on twitter trying to find something to cure my boredom – and KABOOM – somebody I follow tweeted this post. Now, I am not quite as bored. Thanks for posting good material

]]> Comment on Legal discovery: Beyond the lawyer jokes by Eagan Attorney Minnesota http://www.itpolicycompliance.com/blog/legal-discovery-beyond-the-lawyer-jokes/#comment-4 Eagan Attorney Minnesota Sun, 30 Jan 2011 01:39:17 +0000 http://itpcg.wordpress.com/?p=31#comment-4 I must say, you have a very wonderful site. You have a extraordinary understanding of this area and articulate it very well. I must say, you have a very wonderful site. You have a extraordinary understanding of this area and articulate it very well.

]]> Comment on Who’s Spying on You, and What They Know by Financial Application http://www.itpolicycompliance.com/blog/who%e2%80%99s-spying-on-you-and-what-they-know/#comment-10 Financial Application Wed, 05 Jan 2011 09:50:45 +0000 http://itpcg.wordpress.com/?p=177#comment-10 Excellent post!! Very informative and easy to understand. Looking for more such posts!! Excellent post!! Very informative and easy to understand. Looking for more such posts!!

]]> Comment on Who’s Got Your Information — Today! by Medical Videolar http://www.itpolicycompliance.com/blog/who%e2%80%99s-got-your-information-%e2%80%94-today/#comment-11 Medical Videolar Thu, 30 Dec 2010 12:09:38 +0000 http://itpcg.wordpress.com/?p=210#comment-11 Hello. have a nice share. Thank you. was useful to me. Hello. have a nice share. Thank you. was useful to me.

]]> Comment on Who’s Spying on You, and What They Know by Coby Montoya http://www.itpolicycompliance.com/blog/who%e2%80%99s-spying-on-you-and-what-they-know/#comment-9 Coby Montoya Tue, 21 Dec 2010 14:08:54 +0000 http://itpcg.wordpress.com/?p=177#comment-9 Device finger printing is nothing more than profiling attribs which has existed for a long time in many forms. If a guy repeatedly goes into a brick & mortar store and steals from it and he is always wearing a green shirt, a red baseball cap and white sneakers and is caught on camera, than each person wearing the same thing is going to be profiled as a risk. Thats all device finger printing is. A profile of what a device looks like. Profiles of devices that initiate fraud are tracked but these profiles are easily changed and have a certain shelf life. Considering these PII would be like considering a pair of the shoes your wearing that have a stain on the front toe PII. If I go into a store I am probably the only customer wearing white Adidas that have a smudge in the exact spot my shoes have a smudge on. That does not mean when I enter that store I will be wearing the same shoes or the smudge will even be there any longer. Device finger printing is nothing more than profiling attribs which has existed for a long time in many forms. If a guy repeatedly goes into a brick & mortar store and steals from it and he is always wearing a green shirt, a red baseball cap and white sneakers and is caught on camera, than each person wearing the same thing is going to be profiled as a risk. Thats all device finger printing is. A profile of what a device looks like. Profiles of devices that initiate fraud are tracked but these profiles are easily changed and have a certain shelf life. Considering these PII would be like considering a pair of the shoes your wearing that have a stain on the front toe PII. If I go into a store I am probably the only customer wearing white Adidas that have a smudge in the exact spot my shoes have a smudge on. That does not mean when I enter that store I will be wearing the same shoes or the smudge will even be there any longer.

]]> Comment on Who’s sets objectives: Legal, Business lines or IT? by Stephen http://www.itpolicycompliance.com/blog/whos-sets-objectives-legal-business-lines-or-it/#comment-8 Stephen Wed, 26 May 2010 21:32:25 +0000 http://itpcg.wordpress.com/?p=80#comment-8 Gentlemen, with all due respect, none of the options are near appropriate. Keep in mind that when a data breach is identified and the alarms have gone off, it is the financial and security executives who feel the most pain (when the digital dust settles). They are the ones who have to pick up the forensic mess of Who? What? Where? When? How do we determine the cost of loss? This is where the CFO and Senior Security Officer of any SaaS operation are held accountable. And, the fall back question is beginning to point to the liability "elephant-in-the-room". How much did this cost us? Another issue: Should we have purchased data (breach) insurance? SLA's don't cut it anymore. Eventually the stakeholder's and collective objectives you mention do have a say as to IT policy, but the cost of loss is always where the decision buck stops...where data liability and the end result meet. IT policy should include the Chief Financial (insurance) Officer, because he is who writes the lack of coherent IT policy or the "IT loss" checks. IT policy and "risk of data loss" require cover. Stephen Gentlemen, with all due respect, none of the options are near appropriate.

Keep in mind that when a data breach is identified and the alarms have gone off, it is the financial and security executives who feel the most pain (when the digital dust settles). They are the ones who have to pick up the forensic mess of Who? What? Where? When? How do we determine the cost of loss?

This is where the CFO and Senior Security Officer of any SaaS operation are held accountable. And, the fall back question is beginning to point to the liability “elephant-in-the-room”. How much did this cost us?

Another issue: Should we have purchased data (breach) insurance?

SLA’s don’t cut it anymore.

Eventually the stakeholder’s and collective objectives you mention do have a say as to IT policy, but the cost of loss is always where the decision buck stops…where data liability and the end result meet. IT policy should include the Chief Financial (insurance) Officer, because he is who writes the lack of coherent IT policy or the “IT loss” checks.

IT policy and “risk of data loss” require cover.

Stephen

]]> Comment on Who Manages Information Security? by Ross Richards http://www.itpolicycompliance.com/blog/who-manages-information-security/#comment-7 Ross Richards Mon, 10 May 2010 07:41:28 +0000 http://itpcg.wordpress.com/?p=71#comment-7 I found your survey extremely interesting. However, there is one further piece of information I would find very valuable. When asking whether organisations had a CISO, did you give define your understanding of the role and madate of a CISO? The reason I ask is that the CISOs in different organisations have hugely different roles. (Ranging from what I would describe as "head of IT Operational Security" to something like "head of management of all risks related to information"). Ross I found your survey extremely interesting. However, there is one further piece of information I would find very valuable. When asking whether organisations had a CISO, did you give define your understanding of the role and madate of a CISO? The reason I ask is that the CISOs in different organisations have hugely different roles. (Ranging from what I would describe as “head of IT Operational Security” to something like “head of management of all risks related to information”).

Ross

]]> Comment on Who Manages Information Security? by Teshome Beyene http://www.itpolicycompliance.com/blog/who-manages-information-security/#comment-6 Teshome Beyene Thu, 22 Apr 2010 14:09:34 +0000 http://itpcg.wordpress.com/?p=71#comment-6 I just want to know some more about IT security. Please help. What are the principles and what are the alerts. I just want to know some more about IT security. Please help. What are the principles and what are the alerts.

]]>