Articles by Marleah Blades

How Business and Risk Drivers Impact Mitigation Strategy

By Marleah Blades, Bob Hayes, and Kathleen Kotwica Ph.D.
No Comments
As business changes, so does – or so should – security. The direction of business can have significant consequences for security, both internally – in terms of influence, funding and organizational structure – and externally – in new threats, new risk, new mitigation requirements. Are you watching business trends and thinking about how they should impact security and your strategies to mitigate risk?
Read More

Communicating Accurate Expectations with Management

By Marleah Blades
No Comments
Problem identified and communicated, plan created, funds provided, problem resolved. This is the lifecycle senior business leaders often expect – and prefer – organizational challenges to have. It’s the way decisions are made and issues addressed for many functions of the business.
Read More

How Test Sites Can Decrease Incidents and Increase Buy-In

By Marleah Blades
No Comments

One of the many difficult tasks in security leadership is showing senior management and other business leaders exactly how, where, and how much security investments positively impact the bottom line (assuming, that is, that security’s impact is positive).


Read More

When the Unpredictable Occurs

By Marleah Blades
No Comments
It is five years since the publication of Nassim Nicholas Taleb’s book The Black Swan. In the book, Taleb introduces the concept of Black Swan events, which he characterizes as events that are 1) rare; 2) extremely impactful and 3) often endowed by people – after the fact – with elements of predictability. Taleb argued that uncertainty cannot be tamed, in his words, and that it is foolish to attempt to tame it.
Read More

Do You Understand Risk Appetite?

By Marleah Blades
No Comments
Risk appetite isn’t a term that comes up a lot in the security trade media. This is interesting, because understanding risk appetite is a crucial factor in developing acceptable security programs, communicating value, and aligning the function with the goals of the business — all of which are talked about in security circles all the time. So what is risk appetite?
Read More

Securing Cities: Can We Do It Better?

What U.S. city governments can learn from Canada
By Marleah Blades
No Comments
Municipal governments present a challenging atmosphere for security. There’s the potential for leadership turnover at each election, and there are “politics,” which may manifest in strained relationships and difficulty accomplishing goals. Procurement rules and bureaucratic red tape can slow down even simple processes in some city governments, and then there are the challenges of zero-balance budgets.
Read More

Delivering Meaningful Metrics

By Marleah Blades
No Comments
If security continues to mature as a business function, senior management will likely ask for a set of metrics to measure performance. Security leaders should prepare meaningful metrics that inform management and improve security effectiveness.
Read More

Finding Time

By Marleah Blades
No Comments
Security leaders don’t have time. The best ones find time, or make time, for critical or strategic tasks that have a long-range payoff, but they often struggle to fit more into a workday that already stretches from dawn to dark.
Read More

The Titanic: Risk Management vs. Compliance

By Marleah Blades
No Comments
Next month will mark the 100th anniversary of the sinking of the Titanic, and plans abound to memorialize or capitalize on the tragedy, including the re-release of the 1997 movie Titanic in 3D, the production of a commemorative coin, and – believe it or not – a series of Titanic memorial cruises. Some members of the security community recently chose to remember the event in a more constructive way.
Read More

Risk at High Velocity

By Marleah Blades
No Comments
In last month’s column, we argued that the next generation of security leaders will be challenged more than previous leaders to run their function as a business; they will be expected to align with the organization and build value through security. As they work toward these goals, they will also be faced with new risks, some of which have the potential to escalate at a stunning pace.
Read More

Multimedia

Videos

Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.

Podcasts

Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

August 2014

2014 August

In the August issue of Security Magazine, read about the public-private partnerships and the future of DHS with Frank Taylor, sneak a peek at the ASIS 2014 security products, and read a special report on cyber risk and security. Also in this issue find out why America is in desperate need of a CSO and the most common mistakes in Cyber incident response. The security game has dramatically changed since September 11th, read about what enterprises are doing to keep Americans safe and sound.

Table Of Contents Subscribe

Adopting New Technology

How long do you wait before adopting a new technology?
View Results Poll Archive

THE SECURITY STORE

comptiahighriseproductphoto
CompTIA Security+ Certification Study Guide
CompTIA's Security+ certification is a globally-recognized, vendor neutral exam that has helped over 60,000 IT professionals reach further and higher in their careers. The current Security+ exam (SY0-201) focuses more on being able to deal with security issues rather than just identifying them.
More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.  

STAY CONNECTED

Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+