Tag: CISO
CISOs have a lot on their plates. In addition to overseeing security operations and projects, they also lead and advise their organizations regarding risk. In short, a CISO must grapple with numerous obligations of varying size and complexity. The obvious obligations, such as compliance with regulations and laws, can take up a significant part of…
Read MoreThe CISO can use these techniques to adjust the appropriate subsystems to move and maintain interactions to the desired level. Let’s unpack an example of doing this. Here’s a common security problem: applications and data are spread around everywhere—on the local networks, on laptops at home, on personal machines, on mobile devices, and in…
Read MoreRecapping RSA 2017: Endpoint Protection, Threat Hunting, and Talent Searching Abound! Source link lol
Read MoreUnfortunately, the term “fake news” is now an everyday expression, especially in the political arena. However, accusations of fake news have been around for at least half a century, notably rising in prominence in tabloids. For decades, there has been a vigorous niche of print magazines specializing in embellished and often exaggerated articles and misleading…
Read MoreThis year at RSA, I saw many vendors offering “deceptive defense” solutions. Whether folks were buying them is another matter. The concept of using deception in warfare goes back to the dawn of time. Thousands of years ago, Sun Tzu wrote that “all warfare is based on deception.”1 IT deception as a hacking defense has…
Read MoreThird parties such as outsourced service providers and SaaS vendors are a fact of life in the IT world. It’s the nature of a hyper-connected world where hundreds (if not thousands) of applications are required to run even a modestly sized organization. There is no alternative but to trust a third party with access to…
Read MoreThose of us with experience in IT security know there are some risks we just can’t mitigate. In such cases, many of us seek out risk transference through cyber insurance. Case in point: When a well-financed mercenary hacking team overwhelms our defenses, we need a remedy to make us whole and keep the business afloat.…
Read MoreBeyond the overall status of the program, you need be able explain cyber risk in terms that executives can understand. Keep it simple and remember this important nuance: many people don’t realize that risk has two components: likelihood and impact. For example, some people tend to react to catastrophic impacts (what are we doing…
Read MoreBefore you can go beyond something, you have to get there first. The perimeter’s imminent demise has been forecast by any number of people and, to a certain extent, they have a point. Once you start placing lots of gates in your fence and move half your livestock outside of it, you start to wonder…
Read MoreStalking is an issue that many CISOs have faced, sometimes unexpectedly. Some stalking cases clearly fall within our job duties. For example, an employee using company IT resources to harass or spy on another individual, employee or not. In these kinds of cases, it is clear that the security team must reach out to the…
Read More