ANX Corporate Blog

At the close of RSA, Former U.S. President Bill Clinton closed the conference with his talk entitled “Embracing Our Common Humanity”. Unfortunately the speech wasn’t so much about Embracing Humanity (which we seem to have lost) and more about our responsibility as Security Professionals to be the Internet Police of the world ensuring that the Internet remain free. As we have all seen with the recent events in Egypt and now other parts of the Middle East, information must be allowed to flow freely. That freedom, however, does come with responsibility as President Clinton repeatedly stated “we must get back to reading and understanding the facts and not fall into Ideology”.

Overall the speech focused on the importance of making sure there is good political policy to back up new...

Read more

RSA 2011. Another rainy cold week in San Francisco. Being from the East Coast, I typically do not come west of the Mississippi for a Security Conference. With the CISO Summit in Orlando and INTEROP in New York, it’s basically same show, just a longer plane ride.

Being a 30 year veteran of the Information Security industry you become rather slighted to the “been there done that” mentality. So in attending RSA I had no preset expectations on the event in general. As I’ve transitioned more into a Strategy roll within Information Security I am more interested in “What’s Innovative”.

 The RSA Conference

If you are a veteran of the industry like me the vast majority of the topics and discussions were nothing new. The panel discussions, specifically around Cyber Security and...

Read more

Hello from RSA! 

As we traveled into a rainy San Francisco, we couldn't help but laugh at all of the 'RSA will be mostly cloudy' jokes.  Truly, rain included, we are thrilled to hear all of the excitement around the cloud this year! 

ANX has a large group running around this year’s show.  Look out!  ANX faces include: Matt Peterson, Curtis Blunt, Glenn Moore, Kim Francisco, Paul Arceneaux, and our CEO Rich Stanbaugh.  If you see any of us, please say hi.  One of our goals at RSA this year is to meet great people face-to-face.

We also encourage you to follow us on Twitter @ANX.  We will be live-tweeting throughout the show. 

Hopefully we get a chance to see all the great tracks that are being offered at the show.  I am looking forward to the GRC track and the cloud security...

Read more

What does 2011 hold in store for your GRC program? My post on Tuesday, December 7th, defined my first prediction - Greater Focus on Risk Management Capabilities.

Read below for my second prediction for 2011 GRC programs.

Prediction #2 | Redeployment of Internal Resources

According to recent studies, risk and compliance functions spend the majority of their time on tactical administrative tasks. Indeed, studies show that as much as 62% of effort is spent on data collection versus 36% on analytics/risk mitigation, and 2% on other tasks. 

I’ve found that when tactical activities dominate a program, there are 3 main issues that arise – audit fatigue, low value outcomes, and low level of executive participation.

Audit fatigue: Let’s face it – facilitating an assessment...

Read more

As part of my daily ritual, I search security news for interesting articles to see how other organizations are approaching compliance and risk management.  I stumbled upon this article from ITnew.com.au – How Woolworths made IT risk a business issue – and there was a quote that stuck out:

"It's easy to become [PCI DSS] compliant, but it's really hard to maintain compliance," [Peter Cooper, Woolworths’ risk manager] noted. "You see regularly companies that have PCI breaches; it's the sustainability that's really important."

I think this is partially true.  I disagree that becoming PCI compliant is easy.  Becoming PCI DSS compliance is only easy if you either designed your payments infrastructure to be PCI compliant from the beginning.  When this is not the case, becoming PCI...

Read more