APQC recently spoke with Ed Perkins, the developer of the Certified Enterprise Risk Manager® – Cyber Security™ certificate, about the current state of cybersecurity and the introduction of the U.S. National Institute of Standards and Technology (NIST)Cybersecurity Framework. This post presents the first half of the interview, in which Perkins describes the cybersecurity landscape and introduces the NIST framework. Continue reading
Publicly announced breaches of secured information are so common today that they almost seem routine. Last year, in the United States alone, financial companies like JPMorgan Chase and retailers such as Target and Home Depot were victimized by information system hackers that allegedly gained access to the confidential data of millions of businesses and consumers. Continue reading
I wrote the following article to help clarify CyberSecurity Threats and vulnerabilities, so that we can facilitate better risk assessment. This assessment of software vulnerabilities was based on data pulled from the Common Vulnerability and Exposure database. For added context below I included statistics from Q1 RedSocks Report on Malware. It’s apparent that the CVE only registers a small percentage of the overall vulnerabilities. This report supports the need for ongoing vulnerability management, however there is an equally important emphasis on regular security testing and integration with product development and change management. Continue reading
Office of Management and Budget (OMB) is requiring US agencies and departments to manage risks at the enterprise level.
Why?
Ebola? Wars? Shootings? Civil unrest? Global warming? Droughts? You name it. The unexpected is happening – all to often. The unexpected has become the expected. Not only in the US – but the world over in government and the private sector. Continue reading
In my personal experience, people have very different definitions for “friend” and “acquaintance”.
Having lived and worked in countries with military dictatorships, dangerous social, religious and political unrest, I have what I called a “Third World” definition of a friend. My definition of a friend is someone you can trust with your life and the lives of your friends and family.
This kind of friendship includes not doing things that can cause other people to be threatened or harmed to get to you, or who you may harm by revealing or even insinuating a confidence. I have lived in places where people write out a “Statement of Conscience” – which represents what they believe and stand for that can be used to counter anything they may be coerced into saying through threats or torture. Continue reading