Saturday, March 12, 2011
Computerworld reports that the White House is proposing a big increase in cybersecurity research and development in next year's budget to improve, in part, its ability to reduce the risk of insider threats and ensure the safety of control systems such as those used at power plants.
The report further adds, Philip Coyle, associate director for national security, said at the budget briefing on Monday that the administration is proposing "considerable growth" in cybersecurity research. When all the cybersecurity spending plans across the board are added together, cybersecurity research and development spending will increase 35% to $548 million next year, he said.
This is good news overall for the security industry and information security job market in particular.
OWASP started a new educational project called Appsec Tutorial Series.
The OWASP Appsec Tutorial Series breaks down security concepts in a easily accessible, friendly way. Each video will be 5-10 minutes long and highlights a different security concept, tool or methodology.
So far, they have posted two videos, you can check them out here.
Sunday, March 6, 2011
One of the complaints that we hear from information risk practitioners is that the management does not show enough support and concern for the program.
There is no doubt that good management comittment makes the program successful and management's efforts lead to making information security and risk management as a culture within the organization. But, at the same time as information risk professionals, it is absolutely essential that one understand the business. In order to build a program that suits the business requirement, one should understand the business processes, business objectives, key stakeholders, key customers, other business interests, legal and regulatory requirements, etc.
So, do we have any evidence of enough management concern towards information risk?
In a recent interview, Ram Charan, the acclaimed advisor to many CEOs world over was asked,
What are the challenges and problems CEOs are coming to you with post the financial crisis?
This varies from business to business, economy to economy. I will give you what is generally on the minds of the leaders. One is enterprise risk, that’s because uncertainty has increased. There is more regulation and more volatility in the financial system. So they all have to think about risk and how to mitigate it. Two, corporate governance and succession have become important items.
This is definitely good news as information risk plays important roles in both corporate governance and enterprise risk.