-
Recent Comments
- Jens on The Difference between Quantitative and Qualitative Risk Analysis and Why It Matters (Part 1)
- IT Security » Blog Archive » IT Sec Professionals–Will Automated Security Tools Affect Your Job Security? on So Why Do We Need Security Professionals, Anyway?
- Bouch on Who’s In Charge Here? The Problem of Information Security Governance
- SecurityExec on Who’s In Charge Here? The Problem of Information Security Governance
- dustin on Patent No. 7,124,197: ARP Poisoning Hack!
Tags
agility algorithms application security assessment awareness Awareness / Education awareness instruction awareness training bloginfosec Annoucements Books on InfoSec breach incidents Budgeting for Security business business continunity CIA triad CISO CISO savvy CISO skills COBIT Coding Securely / SDLC compliance Conferences / Events / Meetups contingency plans counterfeit counterfeit equipment data breaches data breach notification laws data classification digital signature disaster recovery education Encryption end-point security equipment Exploit Code / Malware facebook fake FBI featured FFIEC Forensics / Incidents FUD FUD Theater GLBA governance government Gramm-Leach-Bliley hackers hash HIPAA honeynet honeypot identity management identity theft IDM incident Industry Commentary Information security Interviews ISACA Jobs in Information Security Johnny Long KPMG law leadership Legal & Regulatory Issues malicious insider malware metrics nation states network News Commentary No Tech Hacking OWASP Patching PCI Penetration Testing perimeter Phishing Policies and Procedures Privacy Privacy Rights Clearinghouse Reverse Engineering risk Risk Analysis risk management ROI ROSI SB 1386 Security security awareness Security Breaches self-awareness Social Engineering soft skills Solutions / Workarounds SPAM spotlight successful behaviors Tools training Uncategorized Virtual Trust Viruses / Worms vulnerability assessment Vulnerability Commentary Vulnerability Disclosure Wireless Wireless Client Wireless Discussion Wireless Security Wireless Vulnerability Discussion
The Risk Rack written by Frank Cassano
Reviewing a SAS 70 report (and getting it right)
March 21, 2008 – 6:00 am
–
Welcome to the second “The Risk Rack” column. What I would like to talk to you today about are SAS 70 assessments. Not the actual performance of the assessment but, the proper way to review a SAS 70 assessment to ensure your service provider has the appropriate controls in place to protect…
The core truth of risk
March 11, 2008 – 6:00 am
–
Welcome to the inaugural “The Risk Rack” column. Being the first column I thought it would a good idea to use it to start simply and slowly. First I wanted to note that this column is intended for information technology risk management professionals, information technology auditors,…
Biography of Frank Cassano
March 4, 1999 – 3:50 pm
–
Frank Cassano is an information risk management consultant with over 20 years experience in the field. His experience includes both internal corporate experience as he has held a number of senior Information Technology management positions within organizations, as well as external experience as…
Loading ...



CIO: The Next Career Step After Being The CISO? Why Not?