PCI Compliance: Does It Equal Security?

The standards of the Payment Card Industry have been driving some new spending on security and the question has come up as to whether that actually imporves security. Generally, anything that encourages attention to security is a good thing. Of that there can be little doubt. PCI Compliance: Does It Equal Security?

Apple's iPhone A Tight Fit For The Enterprise -- iPhone -- InformationWeek

With all the recent hype about the iPhone, inevitably there has been some analysis as to how it would fit into business systems. This article explains the limitations involved in making it a controlled part of the system. Apple's iPhone A Tight Fit For The Enterprise -- iPhone -- InformationWeek

CGEIT Certification

CGEIT Certification: "ISACA recognized this shift in emphasis in 1998, and formed the IT Governance Institute (ITGI) to focus on original research, publications, resources and symposia on IT governance and related topics. To support and promote this significant body of work, ISACA and the ITGI are proud to offer a certification program for professionals charged with satisfying the IT governance needs of an enterprise."

Thought Center - A Balanced Approach to Risk and Performance

A series of podcasts on the E&Y site provides some thoughtful analysis on risk and controls. Thought Center - A Balanced Approach to Risk and Performance

Forever 21 says nearly 99,000 cards compromised in data thefts

Another huge data breach has been announced, this time the work of hackers. Forever 21 says nearly 99,000 cards compromised in data thefts

Open phones are more vulnerable, security execs say

Already seriously challenged by mobile devices, security administrators now have to cope with increased security risks from mobile phones because of a movement towards open source operating systems on the devices. Open systems raise the possibility of hacker meddling in those phones and therefore can provide a gatwway into some systems. Open phones are more vulnerable, security execs say

Radical Desktops Deliver Power To The People. But What About IT? -- Tomorrow's Desktop

Cloud computing, Virtualization and the like are changing the way IT departments deliver capability to the users. It'll give them more flexibility and will have major implications for systems management and security. A new challenge for systems assurance. Radical Desktops Deliver Power To The People. But What About IT? -- Tomorrow's Desktop

The ISSA Journal

The ISSA Journal for August 08 contains a lead article that explores how established silos impede the management of security risk in contemporary systems. It's a timely message, given the expansion of modern systems through varying platforms and numerous kinds of mobile devices. The ISSA Journal

The key to data security: Separation of duties

Separation of duties has been a key aspect of good controls for many years - in finance pretty well since controls began. In the world of IT, however, it has not been so well recognized, although auditors have been pushing it for years in their recommendation letters. This article looks at this issue, and supports the use of good separation of duties for IT security. The key to data security: Separation of duties

Security ROI: Fact or fiction?

ROI is often suggested as a measure of the worth of security measures, especially by some vendors. But it's a flawed concept and could result in bad security decisions because security is not an investment and should not be treated as such. This article expands on this view. Security ROI: Fact or fiction?

Aberdeen Group: The 2008 Email Security Report

A new Aberdeen Group report focuses on the risks to information security posed by email. It is well known that the risks are considerable. The report explores the issues in some depth and then applies a PACE model to addressing those risks. Aberdeen Group: The 2008 Email Security Report