The Control Policy Group

Oct 22, 2009 we host the risk assessment specialist from Sweden, Michel Godet, who will be talking about how to save big money, by eliminating risk assessment silos. Michel will talk about his new approach – “All in 1″.

All in 1 unifies key risk assessment methodologies under one roof with building blocks. for highly cost-effective 3rd Party Information Assurance,

Silos ignore Commonality and cost money – especially when you have to certify that your third party service providers are compliant to standards like PCI DSS

• Most organizations tend to manage in a sliced fashion, focused on meeting the requirements
  of individual regulations as they emerge
• This approach carries significant risk of duplication of efforts and makes it extremely
  difficult for senior executives to invest in People, Technology and Processes
• Senior executives must look for areas of  commonality, conflicts and potential synergy

Register now for this great online workshop with one of the top experts in the field.

The Control Policy Group is a data security consultancy focusing on Central Europe  with  offices in Warsaw, Wrocław and Tel Aviv -  an experienced, independent, multi-cultural and multi-disciplinary force of professional IT, data and  software security specialists.

We help the management board reduce security and compliance costs, protect customer data and prevent intellectual property abuse.

We use advanced network surveillance and proven threat models to give you a precise picture of where your data is going and how much it costs you.

The Control Policy Group provides consulting, investigative audit, training and technology services to clients in bio-pharma, manufacturing, telecommunications and financial services industries.

In Central Europe – call  +48-608-29-3030 and ask for a meeting with one of our senior partners to discuss how we can help you protect your  data and reduce your security costs.

Learn more about our enterprise information protection program.

Learn more about our enterprise software security assessment program.

The two biggest security issues today for a business both from an operational and regulatory perspective are fraud and data loss. An  insider, often colluding with an outsider, can cause large scale damage to the business by manipulating transactions.

Read this excellent post on Israeli Software

The two top categories of operational risk are Internal and External Fraud, but what IS “operational risk” exactly?

The best definition of operational risk comes from Basel II, which defines operational risk as the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events.

Although originally designed for the banking system where regulatory safeguards are designed to  protect against large scale failure of the banking system and the economy; a systematic approach to operational risk management is important for any kind of organization

Read more

Most organizations separate the two functions: security functions typically inside the IT department and compliance usually reports to corporate finance or general management for large companies in a Chief compliance office.

We believe that security and compliance operations in a company are synergistic.Question is – How can you do it without committing political suicide in your company?

Read more

In a recent article published online at the JFK School of Government at Harvard – Malcolm Sparrow talked about how controlling risks, is a central challenge for government regulators charged with the task of reducing societal ills and preventing bad things from happening. Professor Sparrow notes there does not seem to be a well-established language for risk assessment.

We think it is interesting to analyze the causes for this situation

Read more

This article reviews the main areas for concern for protecting information assets from internal threats and vulnerabilities. It starts with an anecdote from an interview with a senior manager and concludes with a recommendation for implementing an approach to protect data directly (as opposed to commonly-used methods that attempt to protect the network and limit user permissions).

Read more

Abstract

Data loss prevention is a rapidly emerging network security technology area that has matured from simple regex-based Web / email content filtering products into products such as Fidelis Security Systems XPS that perform deep inspection of documents such as Microsoft Word and Adobe PDF with high levels of precision and recall.

Read more

Attack the attackers

I believe many people involved with IT security have a feeling of frustration that stems from continuously reacting to external forces: spam attacks, spyware attacks, insider threats, analyst reports and new product announcements. What should you do?

Consider the three basic tenets of IT Security

Read more