Brightfly, Inc.

Interview with Niall Browne

bsdunlap — Sat, 07 Nov 2009 15:11:17 +0000

JJ Thompson and I were fortuntate enough to interview Niall Browne, CISO at LiveOps and Chair of the Development Committee for BITS while we were at the Cornerstones of Trust conference in the Bay Area.

Executive Roundtable & Secure Houston 2009

bsdunlap — Fri, 06 Nov 2009 16:12:44 +0000

A whirlwind tour out west and back awaits me next week. To start off, I’ll be headed to Seattle, WA next week where I’ve been invited to interview Liz Rogers, Director of Information Security for Symantec on how they manage security and compliance internally. Being the 4th largest software company in the world and publicly traded certainly presents it’s own unique challenges and I hope to hear from Liz how she meets and overcomes those challenges. The event is being held at Daniel’s Broiler in Bellevue on Tuesday Nov. 10th from 11:30am-1:30pm. Seating is limited, so if you are interested, please click here to register now.

From there, I hop a red eye back to Houston where I meet up with JJ Thompson, Partner at Rook Consulting and head over to SecureHouston2009 on the 12th, to bring you “Compliance As Competitive Advantage: Value-Added Security”, what I hope is an entertaining and thought provoking session on creating and sustaining competitive advantage by leveraging the regulatory landscape your organization is operating within.

After the day’s session, JJ and I will head down Westheimer to Smith & Wollensky’s for follow-up discussions over cocktails and dinner graciously provided by Agiliance. If you are interested in joining us, just drop me a line or grab me at the event that day and I’ll be sure to save you a seat.

I look forward to connecting or reconnecting with you in either city so feel free to reach out. As always, be it coffee or beer, the first round is on me.

Harmonizing Controls to Reduce Your Cost of Compliance

bsdunlap — Wed, 28 Oct 2009 19:21:16 +0000

This webinar, moderated by Brightfly Managing Director of Research, Brandon Dunlap, examines the Unified Compliance Framework and how it can be leveraged to harmonize controls across multiple regulations such as PCI, SOX, HIPAA, NERC and more. The presentations and conversations discuss how to eliminate overlapping control requirements and ensure a more efficient and less costly approach to compliance.

Reducing Your Audit Tax Part 4

newsdesk — Tue, 27 Oct 2009 02:02:52 +0000

Brightfly’s Managing Director of Research, Brandon Dunlap and Jeff Hughes, Director of Solution Marketing at Lumension, continue their discussion on the role of compliance activities in creating and sustaining competitive advantage with C. Edward Brice, Lumension’s SVP of Worldwide Marketing.

Reducing Your Audit Tax Part 3

newsdesk — Tue, 27 Oct 2009 01:55:28 +0000

Lumension’s SVP of Worldwide Marketing, C. Edward Brice continues his discussion with Brightfly’s Managing Director of Research, Brandon Dunlap and Jeff Hughes, Director of Solution Marketing at Lumension around how companies can leverage compliance into a competitive advantage.

Reducing Your Audit Tax Part 2

newsdesk — Tue, 27 Oct 2009 01:51:43 +0000

Lumension’s SVP of Worldwide Marketing, C. Edward Brice continues his interview with Jeff Hughes and Brandon Dunlap in part 2 of a 4 part series on Reducing Your Audit Tax while creating and sustaining competitive advantage through sound complaince practices.

Reducing Your Audit Tax Part 1

newsdesk — Tue, 27 Oct 2009 01:39:55 +0000

Lumension’s SVP of Worldwide Marketing, C. Edward Brice interviews Jeff Hughes and Brandon Dunlap in part 1 of a 4 part series on Reducing Your Audit Tax.

Brightfly’s New Site Has Arrived

newsdesk — Fri, 23 Oct 2009 14:33:04 +0000

Thank you all for your continued patience as we have worked to bring you a new, fresh and more user friendly web presence. We welcome your feedback on this new site design and look forward to continuing the great conversations that make this site such a valuable resource for all of us.

ISC2 SecureHouston2009

newsdesk — Fri, 23 Oct 2009 14:26:51 +0000

Join us at ISC2’s Secure Leadership Series on November 12th in Houston, TX for:

“Compliance As Competitive Advantage: Value-Added Security”

Click here for event details and registration information.

This event is free to ISC2 members and is fantastic opportunity for you to connect with your peers from around the greater Houston area.

PCI DSS Becoming the Standard of Due Care

bsdunlap — Tue, 07 Jul 2009 11:46:14 +0000

Nevada just passed new legislation that in effect, mandates the provisions of PCI DSS for businesses and other entities that handle non-public personal information. You can read it yourself here, or see additional details and commentary can be found at BankInfoSecurity.com.

Since my trip to London earlier this year, I have actively pondered what the future brings for the standard of due care. Specifically, what frameworks and practices will emerge as being the minimum standard to which we are judged in our efforts to protect data. In my post on US vs. UK perspectives for choosing a controls framework I mentioned how the people I talked to in the UK were focused on becoming ISO compliant with regards to their security programs and that they felt this was a competitive differentiator for their businesses. They also stressed the outside validation provided by BSI on a recurring basis as an independent audit and how it helped establish confidence in their ability to protect sensitive customer information.

With the absolutlely phenomenal reach of PCI DSS, and the move by Nevada to legislate its adoption, I think we are entering into an era where this standard becomes the minimum. After all, with it being so widely enforced it soon becomes what a reasonable person in similar circumstances must do.
The real trick for practitioners then becomes not the controls being applied, but the effectiveness and efficiency that the organization can expect on a per dollar basis. In summary, it isn’t what you are controlling, or even how, it is how well that matters.