12 Posts

Brian Evans

Senior Managing Consultant, IBM

    Brian Evans, CISSP, CISM, CISA, CGEIT is a Senior Managing Consultant for IBM Security Services and assists clients in building regulatory compliant information security programs. With over 20 years of combined experience in IT management, consulting and information security, Brian has served in the role of Chief Information Security Officer for a variety of organizations and worked in various industries. He has led the Incident Response and Computer Forensic Investigations teams for Nationwide Insurance and was Vice President, IT Risk Management at KeyBank and JPMorgan Chase. Brian held director level positions with CynergisTek and Computer Task Group consultancy firms and started his career in the U.S. Air Force. He has earned a Master’s in Public Administration from the University of Cincinnati and a B.S. in Business Management from the University of Maryland.

    Written By Brian Evans

    CTRL-ALT-DELETE Before You Leave Your Seat! Security Awareness and Training Through Positive Reinforcement

    Security leaders should infuse positive reinforcement into their security awareness and training programs to encourage users to adopt best practices.

    The Time for IT Asset Management Is Now

    Due to the rapidly shifting technology landscape, a robust, dynamic and well-funded IT asset management program is a prerequisite to success in business.

    Shrink Your Enterprise Cloud Computing Security Concerns With a Cloud Vendor Risk Management Program

    Security professionals need a layered, end-to-end life cycle approach to managing the security risks associated with enterprise cloud computing.

    Assessing Risks and Remediating Threats With a Layered Approach to Vulnerability Management

    For many companies, vulnerability management still amounts to an ongoing game of whack-a-mole to identify and remediate threats.

    Make Attorney-Client Privilege Part of Your Incident Response Strategy

    Attorney-client privilege can be a key asset to an organization's incident response strategy in the event of a security breach.

    The Importance of Building an Information Security Strategic Plan: Part 2

    The CISO should be the central figure responsible for defining an organization's information security strategic plan and aligning it with business goals.

    Business Continuity Management: Crisis Leadership

    Effective business continuity management depends on a strong leader who must implement recovery processes, guide employees and proactively build plans.

    A Business Case for Data Loss Prevention

    Making the business case for data loss prevention solutions can help get executives on board with the investment, but it's not an easy task.

    The Importance of Building an Information Security Strategic Plan

    When developing an information security strategic plan, your business must implement initiatives and measures that reflect its long-term goals.

    Key Components of a High-Performing Information Risk Management Program

    Establishing a high-performing information risk management program requires efforts focused on risk identification, data protection and user behavior.