Gideon Rasmussen

Gideon Rasmussen, CISSP, CRISC, CISA, CISM, CIPP is an Information Security and Operational Risk Manager. He has written over 25 articles and was awarded the Microsoft Most Valuable Professional award in 2007.

[edit] Sourced

• A risk model brings to light calculations, thresholds, assumptions, exceptions, etc. Risk model gaps result in wasted resources, control weaknesses and security findings.
  • Information Security Risk Model: Switch Lenses, Enterprise CIO Forum, April 2012

• Threats, vulnerabilities and business practices evolve over time. Focus personnel and budget where there is the greatest return on risk mitigation.
  • 10 Golden Rules of Information Security, (IN)SECURE Magazine, June, 2011

• Have a focus on the data itself; where it is stored, processed and transmitted. Information protection controls are necessary to protect data the company depends upon for revenue.
  • Cyber Security Risk: The Threat Landscape is Changing, RiskCenter, June, 2011

• When charged with protecting something extremely valuable like the secret recipe for Coke or pipeline drug formulas, conduct multiple risk assessments and implement controls as necessary. … Defense-in-depth controls are the best way to defend against an Advanced Persistent Threat.
  • Cyber Security Risk: The Threat Landscape is Changing, RiskCenter, June, 2011

• Management should be aware of inherent risk to make informed decisions before feasibility and cost decisions are made without their knowledge.
  • Payment Card Security: Risk and Control Assessments, (IN)SECURE Magazine, September, 2010

• Operational Risk Management fills the gap between information security and business administration. Have at least one person dedicated to Operational Risk.
  • Gulf Oil Spill, an Operational Risk Disaster, RiskCenter, June, 2010.

• Risk can be mitigated, accepted or transitioned. If left with a black swan in your midst, develop appropriate countermeasures and transition a portion of the risk by way of insurance. Insurance companies apply the same technique through policies with reinsurance companies.
  • Gulf Oil Spill, an Operational Risk Disaster, RiskCenter, June, 2010.

• Reporting is the pursuit of simple truth. Like many technical challenges, the underlying complexity can be daunting.
  • Enterprise Risk and Compliance Reporting, (IN)SECURE Magazine, June, 2009.

• Business acumen is quickly becoming the eleventh domain of information security. To adapt, security professionals must align with business management and develop depth and breadth within business.
  • Security Acumen: Business First, Microsoft Technet, May 9, 2007.

• Risk is the Rosetta Stone between security professionals and business management. Business people think and speak in terms of it.
  • Security Acumen: Business First, Microsoft Technet, May 9, 2007.

• The potential for a cyber pearl harbor exists. Security professionals and the U.S. government have predicted it. The question is, will businesses take the threat of cyber warfare seriously and make it a priority in their budgets? Fair warning...
  • Cyberwar - A Threat to Business, TechTarget (SearchSecurity.com), February, 2007.