the State of Security

_IT Compliance

Challenges in placing information security teams in the right organizational structure

Challenges in placing information security teams in the right organizational structure

by Shawna Turner-Rice

I often write blogs based on what crosses my inbox during a week; and recently I saw just enough articles on who security should report to that I thought I’d select it as the topic du jour.  (Much like Adam, I rarely seem to get to writing these early. This isn’t a new topic, I [...]

Read More

HyperLogging: Preventing the Security Blindspot

by Cindy Valladares

In the security world, there are a LOT of things to keep track of on a daily basis. There is no shortage of legitimate security threats, not to mention all the mundane operational activities that need to be managed:  OS/app patches, rogue access points, physical security, post-it notes with passwords (yes, I’m guilty here too)… [...]

Read More

How to Achieve Better Security

by Cindy Valladares

A few weeks ago I had the pleasure of interviewing Mike Dahn, Director of Risk and Compliance at PwC, and Josh Corman, Research Director of Enterprise Security at The 451 Group. The focus of our conversation was on what practical advice they could give to organizations that wanted to move beyond proving compliance validation to [...]

Read More

PCI DSS Compliance: More Carrot and Less Stick?

by Cindy Valladares

Or a less sexy title: does compliance with mandates such as Payment Card Industry Data Security Standard (PCI DSS) help reduce risks for organizations (the carrot) even though it’s costly and the consequences of non-compliance even costlier (the stick)?

Read More

Minding the Gap: Infosecurity Europe and BSidesLondon

by Cindy Valladares

This week I’ve been in London for two security shows: Infosecurity Europe and BsidesLondon. The two events are very different from each other, attracting not only different sponsors/vendors (in BsidesLondon there are sponsors; in Infosecurity there are vendors), but distinct audiences. For an organization like Tripwire, it’s good to be present at both types of [...]

Read More

Understanding the Cost of Compliance — Part IV

by Cindy Valladares

This is the fourth and final blog in my series of Understanding the Cost of Compliance, and I’ll discuss the per capita cost of compliance and non-compliance. The True Cost of Compliance report estimates the cost of compliance to be $3.5M and the cost of non-compliance to be $9.3M. In my conversations with practitioners, I’ve [...]

Read More

← Previous Entries