White Papers | IT GRC Forum

A Qualys Guide to Measuring Risk, Enforcing Policies, and FISMA compliance regulations.

Whether protecting five servers or 5,000, measuring the security status of your infrastructure and your organization's ability to rapidly mitigate emerging threats needs to be continuously monitored and measured. This paper details the essential aspects of putting into place a measurable and sustainable vulnerability management program.

This paper outlines the nature of infrastructure integrity, change auditing, and compliance solutions. It describes how an investment in configuration assessment and change auditing solutions can stabilize IT operations, lowering the operational costs associated with the IT infrastructure; be a force multiplier; and provide a solid foundation that increases the effectiveness of the investment in information security.

Find out about the requirements and issues addressed in corporate governance Bill 198, Canada's version of Sarbanes-Oxley, for internal controls for technology and how IT configuration auditing brings compliance.

Learn the basics about security benchmarks, and specifically how the security benchmarks developed by the Center for Internet Security (CIS) can help you with your compliance initiatives.

Mid-sized businesses have long struggled to protect their IT systems. Many firms are inadequately protected and mistakenly think that a disaster is rare and won’t happen to them anytime soon. This custom Yankee Group Report uses customer interviews, statistical data and Yankee Group SMB survey results to examine disaster recovery (DR) issues.

Read this white paper to discover the current and emerging trends of stealth malware and protect your organization from potentially devastating data breaches.

Compliance efforts and security concerns have driven businesses to make substantial investments in threat control. Too often, however, these efforts pay far too little heed to the risks posed by poorly controlled access to administrative privilege in IT, which can have a hugely disproportionate impact on the business.

This white paper explores insider attacks and insider risk, and shows how to control them by controlling and monitoring access. The paper describes the more common vulnerabilities exploited by insider attacks and a method for assessing insider risk.

This whitepaper discusses how creating a secure access control infrastructure in heterogeneous Unix/Linux environments supports the Payment Card Industry Data Security Standard (PCI DSS). Symark PowerBroker controls access to systems and cardholder data, and creates comprehensive logs and audit trails. Various tables show PowerBroker’s functionality mapped to the PCI DSS requirements.

In order to meet the demands of a constantly changing environment, businesses need to proactively manage their existing business processes. Business Process Management (BPM) helps businesses define and implement their goals, and measure and manage company financial results against these goals. Learn the features and benefits of the IBM® BPM Suite in this mini-course.

Ball State University was having unusually high IT failure rates during online student registration. Using BPM powered by the Smart SOA™ approach, they streamlined and automated the process and maximized their ROI. Their solution can be applied to your organization. Attend this on-demand web seminar to find out how, and receive a complimentary IBM® white paper on end-to-end BPM.

Encryption will help to protect data against unauthorized access by outsiders from lost or stolen devices such as laptops, thumb drives, and other removable media. But it does not protect against the insider threat-employees and contractors with authorized access to data who mistakenly or maliciously leak your most valuable assets.