In my previous blogs (Vulnerability Risk Management: Lets not boil the Ocean and ulnerability Risk Management - It is a Big Deal) in this series, I focused on how important Vulnerability Risk Management is for organizations and the need to take it be...
In every organization, there is a universe of Devices and a universe of Vulnerabilities. Security Teams use Vulnerability Scanners to identify where systems are vulnerable. These scanners produce pages and pages of reports that are given to IT itemiz...
I suspect this headline might get an outburst of excitement, a few high fives, maybe even a virtual ‘Wave’ across cyberspace. Yes indeed, inline editing is now available with our latest release of the Platform 5.4 SP1. And do we have a deal for you! ...
My team and I have been having many discussions lately on the evolution of GRC programs and the value of integrating or supplementing tangential processes with data flowing in and out of risk management activities. Much of this discussion is fueled b...
Cliff Stoll’s The Cuckoo’s Egg was one of the major influences in my early career. The tale of a lone astronomer doggedly pursuing an accounting error on the mainframe to discover a nefarious hacker with international spook connections combined eleme...
Those of you that have followed Archer’s multi-lingual march around the globe already know about Archer’s core libraries we’ve previously translated into French, German, Spanish, and Japanese. I’m pleased to announce the addition of Italian, Portugue...
When I was in school, one of the biggest topics of conversation around test time was the “Curve”. For some students, it was a blessing raising their probability of passing. For others, the Curve meant that their final grade may or may not be affected...
All great shows must come to an end. The curtain is nearly closed and the last echoes of my final song are waning as I finish up my series on the “Groove Theory of GRC”. I hope you have enjoyed this running analogy and it has given you a few ideas on...
I have spent that last few weeks wandering through my “Groove Theory of GRC” and am reaching my last postulate. GRC is a groove that underpins the business to optimize decisions and provides the “safety” net that allows the business to grow, mature a...
In my last blog post, I talked about the importance of building collaboration across the organization to bring the greatest value to your GRC program. For this blog, I am borrowing a piece of wisdom from an old sage of rock and roll. I heard an inter...
The initial inspiration of my “Groove Theory of GRC” was Rocco Prestia, the bass player for the funk band Tower of Power. His definition, or lack thereof, of the term groove started my thought process on how very important things can exist without ex...
Many moons ago, in a galaxy far far away, a theory emerged that would challenge the very existence of the universe. Okay, I may be a little dramatic here. It was actually in 2009, in Overland Park, KS and involved a two part blog series I wrote for S...
Welcome to my second in a series of blogs based on what I term “The Groove Theory of GRC”. As you may or may not know (or infer from this series), I have been a musician for much of my life. Starting in grade school playing in the school band, I have...
Did you know that Business Continuity Awareness Week 2013 takes place March 18–22, 2013? The theme this year is ‘Business Continuity for the risks you can see and the ones you can’t.’ The theme announcement was made by the Business Continuity Institu...
To continue with my series on the Next Generation of Security Operations, I want to look at how well security operations are positioned for the be-all, end-all of security – the actual Security Breach. Security incidents have a life of their own. How...
What a week it's been! We met with Gartner analysts Roberta Witty and John Morency to present the updates to our RSA Archer Business Continuity Management & Operations (BCM&O) solution for their 2013 BCM Magic Quadrant study, announced the new soluti...
Over the past few weeks, I have been watching some interesting articles trickle across my screen as I peruse industry news. Dark Reading has been posting recaps of significant security attacks and breaches from 2012 as they review the year. Each one ...
A few months ago, I wrote a short blog series using the “space between the 1s and 0s” as a metaphor to discuss dimensions of data that are beyond just the digits sitting on the disk drive. These dimensions included how the data was created, who creat...
