Financial Crisis: Lessons in Risk Management

By: Sumner Blount

What can today’s financial crisis tell us about risk management best practices? Sumner Blount highlights some of the obvious failings of existing risk management models exposed by this recent turn of events.

Where Security and GRC Intersect – Article in Business Management magazine

By: Sumner Blount

Earlier this year, I wrote an article that was published in Business Management magazine on “The Changing Face of Compliance.”

The article highlights some of the recent trends in compliance, and their impact on both security controls and overall …

Lessons Learned from “Personal” Risk Management

By: Christopher Daugherty

Many of you reading this have purchased large ticket items like a home, condo, car, etc.  These purchases are somewhat calculated expenditures and typically a large investment of your disposable income.  If you are like me, these decisions are made …

The Challenge of Information Silos

By: Sumner Blount

Many of the large companies that we at CA talk to about their risk and compliance activities have different approaches, with somewhat different challenges that they need to meet.  Still, the one common element that virtually all of them have …

Does Compliance Equal Security?

By: Mike Hoefgen

In case you are one of the few CIOs or IT managers out there still asking this question, Network World offers up its answer in its “Does compliance equal security?” post in mid-August.

While it may be common understanding …

Weighing the Costs/Benefits of Regulatory Certification

By: Yves Le Roux

Particularly for information security professionals, regulatory compliance continues to be an important concern.  At the recent ISACA Information Security Management Conference in Las Vegas, there were several sessions on the topic — I personally presented two on ISO …

The Importance of Fostering Your “Compliance Culture”

By: Merritt Maxim

Late last week, headlines in US newspapers included a story about a notable ethics scandal in the Denver office of the Mineral Management Service (MMS) division of the US Department of the Interior.

While stories about ethical lapses in …

More from ISACA’s Info Security Management Conf: What is “Enterprise Risk Management” and how will it impact the CSO of the future?

By: Yves Le Roux

At this month’s ISACA Information Security Management Conference, I sat in on the “Convergence of Security and Enterprise Risk Management” panel dedicated to this topic. Panelists were Ron Hale, ISACA Director of Information Security Practices, Jeff Spivey, past …

Risky Business: Making effective risk management a priority

By: Chris Boswell

For many organizations, risk management may appear to be very risky business, indeed. CA expert Chris Boswell outlines a few common scenarios he's encountered that may explain why.

Thoughts on Day 1 of the ISACA Information Security Management Conference

By: Yves Le Roux

I’m on my way back to France from the ISACA Information Security Management Conference held in Las Vegas this week, which was attended by approximately 350 delegates.
Interestingly, the keynote by Michael Barrett, CISO of PayPal was followed by a panel …

OCEG Hosts IT for GRC Roundtable

By: Sumner Blount

Find yourself asking "How do we determine the right mix of Information Technology solutions for our GRC needs?"

When Too Much Green Isn’t Good: NERC Compliance is much more than just IT

By: Peter Stapleton

The United States is fortunate to have pretty reliable power, for the consumer and for commercial enterprise. I am certainly thankful that on the 98 degree days that we get during the DC summer, my air conditioning continues to work. As someone who has earned a living from IT for the last 15 years, I’m glad for the reliable power that allows data centers to operate and businesses to run uninterrupted. I’ve lived places where electricity was neither as plentiful nor as predictable, and UPS batteries and the contents of a refrigerator both have a finite life-span when the power stops flowing.

New CA GRC Manager NERC Program Accelerator for Power & Utilities Industry

By: Sumner Blount

Together With Sirius Solutions, CA Helps Companies Address Multiple Reliability Standards with a Sustainable NERC Compliance Program

KMWorld Names CA GRC Manager a “Trend-Setting Product of 2008”

By: Sumner Blount

CA GRC Manager made KMWorld magazine's list of the Trend-Setting Products of 2008.

CA’s Yves Le Roux Speaking @ ISACA Information Security Management Conf

By: Sumner Blount

Attending the ISACA event in Las Vegas at Caesar’s Palace Sep 8-10?

Make sure to check out the session on “Aligning COBIT 4.1, ITIL V.3 and ISO/IEC 27002 for Business Benefit,” which will be presented by Yves Le Roux, one …