Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.
IT Industry Trends
Showing posts tagged with Risk Management
Showing posts in English
Guido Sanchidrian | 04 Jul 2012 | 0 comments

The role of the board of directors in Enterprise Risk Management (ERM) is changing significantly and becomes increasingly challenging due to major trends like cloud migration or big data, as well as initiative in mobile computing such as Bring-Your-Own-Devices (BYOD).

The board of directors and senior management have to re-think periodically their ERM approaches, concepts, techniques and tools to meet new business objectives and to achieve processes enhancements.

Adopting a structured approach to ERM by using industry best practices such as COBIT, COSO, ISO 31000, ITSM/ITIL, etc. provides a vital instrument to develop a common language that builds a "community of purpose" between operations and strategic business, and facilitates the discussion across the organisation.

Cloud computing in particular impacts the full bandwidth of financial risks, infrastructure risks, market risks as well as reputational risks. In the latest paper published by the...

Guido Sanchidrian | 18 Feb 2012 | 0 comments

In the past few weeks I was quite often involved into discussions about cloud security frameworks, proper attestation of security controls, and what criteria should apply for selecting cloud service provider.

The lack of a widely agreed cloud risk or cloud security standard (and an acknowledged certification process of it) makes it difficult for organisations to evaluate and select cloud service providers from risk perspective in addition to the business and cost benefit angle that the cloud service would provide.

Therefore many organisations fall back to already established in-house expertise in vendor selection, which is likely not fully adoptable for the selction of cloud service providers, or just mirror what other organisations do, even if those organisations likely have a different risk and maturity profile.

Hence the title of this blog article - One Size Fits None. That is usually my first answer to a lot of questions I have been asked around this topic...

Guido Sanchidrian | 03 Feb 2012 | 0 comments

Recently I commented a blog entry at "In Defense of Data" - a blog written by a variety of data security thought leaders and architects. The article is titled "Security and the Price of Coffee", and raised a very good point: Symbolically, a simple cup of coffee could be a mechanism for breaking the ice and building a relationship between IT Operations and the leaders of business units within organisations. Like the author of the article, I completely agree that many IT organisations act in silos. I share the same experience as the author; many times I walked in early to a customer meeting, I find the IT Security group introducing themselves to the leaders of other departments within their own organisations for the first time... Do I have to say more...

Guido Sanchidrian | 23 Sep 2011

Darren Thomson is Symantec’s Chief Technology Officer (CTO) for the EMEA region. He holds the most senior technical position in the region and works within Symantec EMEA Technical Sales Organization (TSO).

As I meet Symantec customers and partners to talk about some of the impacts that virtualization, mobile and cloud computing are having on their businesses, I hear time and time again about the importance of information and about the fact that the governance and security policy that surrounds information will be key to ensuring successful transitions to new computing and service delivery models. In almost every case, though, the organisation that I am speaking to is (fundamentally) struggling with the same problem: “Where on earth do I start with all of this?” I hear a lot of potential answers to this question ("data...