Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Tag Archives: governance

Classy Data (pt. 3) – Ownership and Risk

– Security professionals proudly describe how they assign owners to their organizations’ data and those owners “assume the risk of any compromise of the data.” Give me a break! The owner is invariably some business-unit manager who just wants to get the job done. The manager will agree to…

We Are Secure and Compliant – You Can Go Now! A Story of a Disturbing Trend

– In the past 2 months several members of my CSO Breakfast Club have been let go from their positions as senior level information security bosses.  One was let go from a top 20 law firm, another from an international Fortune 1000 company, and the other from a spinoff of a large, international…

Distributed Security for Fun and Profit…

– Global organizations often have challenges creating a comprehensive security program.  Too much central control and the regions either feel ignored, so chafe at security cost allocations and pay only nominal attention to the program, causing great risk to the overall organization.  Or they fill…

GRC (Part 2): Risky Business

– Let’s resume where we left off in part 1. I had created a table, repeated here, which shows the interrelationships among governance, risk and compliance. Governance Risk Compliance The Governance of … 1 2 3 Risks Related to … 4 5 6 Compliance of … 7 8 9 …

Governance, Risk Management, Compliance (pt. 1): Form over Content?

– Just a couple of months ago I had a discussion with a colleague, Jim Reavis, on the validity of the recent interest in GRC (Governance, Risk management, Compliance), whereby vendors are peddling systems and services to integrate all three areas. I had said to Jim that I thought GRC was the…