The Verizon RISK team have just published their VERIS community application. Structured on the VERIS (Verizon Enterprise Risk and Incident Sharing) framework, this application is a tool they have made available to extend to anyone the ability to contribute information on data breach incidents, to enrich the already considerable body of breach data Verizon has [...]
In a recent post, I talked about the security value of IT management disciplines such as configuration and change control. I pointed to evidence we had gathered here at EMA that support the security and IT risk management values of taking a strong approach to defining change management objectives, actually implementing them in practice, monitoring [...]
Intel-McAfee: First Stroke of Midnight for the IT Security Industry? Or Inflection Point for the Future?
Fortunately for me (I was going to say “unfortunately,” but in retrospect I think it was a Godsend), I was in South America with extremely limited connectivity when the Intel-McAfee story broke. This, however, gave me some time to a) enjoy the spectacular scenery of Rio de Janeiro, and b) formulate my thoughts about this eyebrow-raising deal [...]
What makes our coverage of security at EMA different? Simply this: We do not see security management as something confined to narrow segments of technology, isolated from other aspects of IT or from the people and processes that make up the business. At first blush, this may seem fairly obvious, considering that security is, after [...]