Tag: compliance
Like many organizations, yours is likely using AI – or at least thinking about deploying it soon. But how can you ensure you use it securely, responsibly, ethically and in compliance with regulations? Check out best practices, guidelines and tips in this special edition of the Tenable Cybersecurity Snapshot! If your organization is using artificial…
Read More
The constructs of a business model canvas are rooted in scientific modeling, business modeling, and system information modeling—all driven by logic. The business model canvased is modeled using the following: Inputs (This is what we want to do) What are our goals and objectives? (Value Proposition) Who and where do we need to engage…
Read MoreWhat better way to diagnose a failed security program than to point at an inferior assessment of risk? If an organization omits or misjudges a critical risk, then the decisions that flow from that finding will be incorrect. A problem with standardizing risk assessment is that the measurement of relevant risk is going to…
Read More
For the past 15 years, American organizations have lived in the shadow of breach disclosure. It all began in California under SB-13861 in 2002, which mandated written notification of victims of privacy breaches of unencrypted personal data. The law covers organizations located in or doing business in California. Because California is the most populous state…
Read MoreIn Part I of this blog series, we introduced information modeling as a method to reduce compliance gaps. In this blog, we create a master model of protection based on the business model of a fictitious company called Eclipse Cloud Services (ECS). The master protection model forms the basis of contextualizing access to the infrastructure,…
Read MoreOver the past 11 years, I’ve done hundreds of audits for organizations of all sizes around the world. I specialize in audits for SSAE 16/18 (SOC1 and SOC2),1 Sarbanes Oxley,2 and PCI DSS.3 I’ve seen a lot of audit failures, and there are some common themes to them from which other companies can learn. My work…
Read MoreAccording to a 2015 study by Georgia Tech Information Security Center, 40 percent of CISOs reported to the CIO or CTO rather than directly to upper leadership.1 A forthcoming F5 Ponemon CISO research report will show that the trend is shifting away from CISOs reporting into the IT organization. From a legacy point of view,…
Read MoreF5 Labs recently featured a CISO-to-CISO blog post by an experienced auditor, Kyle Robinson, discussing how most organizations fail audits. I’ve been through quite a few audits myself, including a number by the author of that blog. Here are six ways to avoid the common audit failures he spelled out. Get Prioritization from the Top Until…
Read MoreInternal and external threat landscapes are made up of the same system components. Differentials are based on implementation and technology choices. Hosting Resources The way a solution is deployed, the type of cloud service, and the tenant model make up an organization’s hosting resources and provide the basis for the threat landscape. Why? This…
Read MoreSeveral surveys talk about CISO salaries and job prospects, but we felt that the industry as a whole needed to fully understand what goes into the day-to-day job of a CISO. F5 and research firm Ponemon teamed to survey CISOs to draw as complete a picture as we could on the modern security executive. In…
Read More