Tag: CISO
Over the past 11 years, I’ve done hundreds of audits for organizations of all sizes around the world. I specialize in audits for SSAE 16/18 (SOC1 and SOC2),1 Sarbanes Oxley,2 and PCI DSS.3 I’ve seen a lot of audit failures, and there are some common themes to them from which other companies can learn. My work…
Read MoreAccording to a 2015 study by Georgia Tech Information Security Center, 40 percent of CISOs reported to the CIO or CTO rather than directly to upper leadership.1 A forthcoming F5 Ponemon CISO research report will show that the trend is shifting away from CISOs reporting into the IT organization. From a legacy point of view,…
Read MoreF5 Labs recently featured a CISO-to-CISO blog post by an experienced auditor, Kyle Robinson, discussing how most organizations fail audits. I’ve been through quite a few audits myself, including a number by the author of that blog. Here are six ways to avoid the common audit failures he spelled out. Get Prioritization from the Top Until…
Read MoreAs security professionals, whether we know it or not, we all have a role to play in protecting the critical infrastructure. We see almost daily in the news that ordinary people around the world are being targeted in cyberattacks by terrorist groups, nation states, and organized crime groups. These groups use cybercrime to advance their…
Read MoreCan Engineers Build Networks Too Complicated for Humans to Operate? Part I: Scope of the Problem
- by nlqip
In this blog series, I explore the challenges of the information security practitioner, discussing how technical evolution simultaneously contributes new issues but presents new techniques for solving these issues. I begin with an academic question: Can humans create a system so large that the problems surrounding it are not solvable at human scale? There are…
Read MoreIt seems earthshaking vulnerabilities are released weekly that leave vendors and system administrators scrambling to remediate. So, where are all these vulnerabilities coming from? A simple search on the National Vulnerability Database shows over 3,300 new vulnerabilities released in just the past 3 months.1 Granted that many of these vulnerabilities are esoteric and limited to…
Read MoreAchieving Multi-Dimensional Security Through Information Modeling—Executive Threat Modeling Part 3
- by nlqip
Internal and external threat landscapes are made up of the same system components. Differentials are based on implementation and technology choices. Hosting Resources The way a solution is deployed, the type of cloud service, and the tenant model make up an organization’s hosting resources and provide the basis for the threat landscape. Why? This…
Read MoreAccording to Verizon’s 2014 Data Breach Investigations Report,1 “Web applications remain the proverbial punching bag of the Internet.”2 Things haven’t improved much since then. What is it about web applications that makes them so precarious? There are three primary answers. First, since most web applications are configured or coded specifically for the organizations they serve,…
Read MoreImage by Eva Rinaldi / License Creative Commons 3. The Nation State One of the supposed benefits of bitcoin and other cryptocurrencies is that they aren’t tied to any particular nation state. This prevents bitcoin assets from being frozen by the state, and gives consumers the freedom to do anything they want with their money.10 State sponsorship of…
Read MoreSeveral surveys talk about CISO salaries and job prospects, but we felt that the industry as a whole needed to fully understand what goes into the day-to-day job of a CISO. F5 and research firm Ponemon teamed to survey CISOs to draw as complete a picture as we could on the modern security executive. In…
Read MoreRecent Posts
- Arm To Seek Retrial In Qualcomm Case After Mixed Verdict
- Jury Sides With Qualcomm Over Arm In Case Related To Snapdragon X PC Chips
- Equinix Makes Dell AI Factory With Nvidia Available Through Partners
- AMD’s EPYC CPU Boss Seeks To Push Into SMB, Midmarket With Partners
- Fortinet Releases Security Updates for FortiManager | CISA