Tag: risk management
I’ve mentioned before how important strong risk management is to a CISO1. When it comes to risk, the applications our users depend on are a big concern. In a 2016 security survey2 conducted by Ponemon Institute on behalf of F5, a majority of respondents cited security around applications as an area of great concern. It makes…
Read MoreCyber security has evolved in ways we never could have imagined. We have more specialized and powerful tools and services today than ever before, security budgets are slowly inching upward, and there are even glimmers of support from management. Yet, with the pace of technological change, the growing “professionalization” of cyber crime, and ever…
Read MoreAccording to a 2015 study by Georgia Tech Information Security Center, 40 percent of CISOs reported to the CIO or CTO rather than directly to upper leadership.1 A forthcoming F5 Ponemon CISO research report will show that the trend is shifting away from CISOs reporting into the IT organization. From a legacy point of view,…
Read MoreIn this blog series, I explore the challenges of the information security practitioner, discussing how technical evolution simultaneously contributes new issues but presents new techniques for solving these issues. I begin with an academic question: Can humans create a system so large that the problems surrounding it are not solvable at human scale? There are…
Read MoreDepending on third parties is inescapable. Every organization needs software, hardware, Internet connectivity, power, and buildings. It’s unlikely they’re going to do all those things themselves. That means that organizations must be dependent on others outside themselves. With that dependence comes risk. F5 recently partnered with Ponemon Institute to survey CISOs. In the report, The Evolving…
Read MoreIn part I of this series, I explored some of the issues surrounding the fact that we have managed to build networks so large and complex that it is essentially impossible to grasp any significant fraction of network activities without asking for help from… the network itself. In this installment, I delve into some actual techniques…
Read MoreFor years I wondered why business groups would move forward with technology initiatives before fully understanding their risk exposure. Focused on the business outcome, teams always wanted to implement first and figure out the risks later. Problem is, risks are intrinsic to business outcomes. A solution is only as valuable as the information flowing through…
Read MoreAccept that breaches are inevitable in today’s world, then take these steps to reduce the chances of a large-scale, headline-making compromise. Source link lol
Read MoreIf you’re not evaluating risk in terms of likelihood and impact, you could be focusing your security efforts in all the wrong places. Source link lol
Read MoreWhether it’s coming from the business units or the IT organization, every company wants to pull off new tech initiatives to create business impact. Thus, we see new functionality. We think it’s cool. We introduce it. …but then a user slips up because of some unforeseen slack in the system. When that happens, suddenly we’re…
Read More