Successfully Managing Security Risk A holistic process protects data and meets business goals by Rick Greenwood, Chief Technology Officer, Shavlik Technologies, LLC Information security has many mandates, including ensuring the availability and integrity of company data and complying with both regulatory and legislative requirements. According to the 2005 Ernst & Young Global Information Security Survey, regulatory compliance and malware prevention are the primary drivers for information security.

Editorial Corner

Holistic Security Risk Management Holistic and security in one sentence? That sounds like yoga and football mixed together. We see yoga and football as two completely different activities. That's how many view information security and risk management. This month's feature explains what it means to take a holistic approach to information security and risk management. Having a security policy in place is vital to an organization's security well-being. But how do you create one and put it in place? All policies didn't magically appear. Readers offer step-by-step advice on how to get going with ways to create and enforce a new policy. Reading other people's experiences — both good and bad — can help us better understand certain situations. Knowing what went right or wrong can give us ideas on how to do better next time. This month's reader question asks about security blips and how these were resolved. Anyone who submits advice or asks for advice will get a free Shavlik t-shirt! Thank you for your feedback, questions, complaints and suggestions. Many of you have asked about topics we've covered in earlier issues that may have been missed. You can check out the archives here. We appreciate you sharing what's on your mind through reader survey comments. As always, for filling out a survey, you're entered into a drawing, and the current prize is a 256MB MP3 player. We archive every issue of The Remediator. If you can't wait 'til the next issue to get feedback, maybe the forums can help you. To show our appreciation for filling out the form or asking for advice, we enter your name into a drawing for a 256MB MP3 player. Best, Meryl K. Evans Editor, The Remediator Security Digest To unsubscribe instantly or change your preferences, see links at the bottom

Simplify Operational Security with Shavlik NetChk™ Compliance Shavlik NetChk Compliance is a powerful solution to scan for, compare and enforce over 230 security settings on your systems.

Coming Soon! Shavlik NetChk Protect 5.8 The simplest way to secure complex enterprise networks! Shavlik NetChk Protect 5.8 Features: Flexible Architecture to Meet Your Needs Integrates Seamlessly in Your Environment Comprehensive Active Vulnerability Management for more information.

Last Issue's Security Dilemma: What’s your policy for managing the policy? My organization agrees it needs a security policy to enforce. I want to know how to enact a comprehensive security policy that is easily and cheaply maintainable and enforceable. What advice can people give me about developing and managing a comprehensive security policy? — Eric, IT Manager Read the best advice from readers of The Remediator Digest   This Issue's Security Dilemma: School of IT security hard knocks When we hear about security breakdowns on the news, usually a large company or many users are affected. While we can learn lessons from these situations, they’re not the norm. The small security snafus that happen more often aren't newsworthy but make great learning case studies. What IT security problems have companies run into and how did they work through them? Note from the editor: We do not expect you to share your company's name. Remember, we only publish names when you give us permission. — Jeffery, Systems Engineer Can You Help? Share your experience. You could win a 256 MB MP3 Player. Congratulations to this month's winner of a 256 MB MP3 Player: Ronnie Russo, systems administrator, Regions Financial

Know how to get what you need:

Take charge of your career:

For a well-deserved breather: