Security Management Strategies for the CIO
Mike Rothman is President of independent research firm Securosis. His bold perspectives and
irreverent style are invaluable as companies determine effective strategies to grapple with the
dynamic security threatscape. Mike specializes in the "sexy" aspects of security, like protecting
networks and endpoints, security management, and compliance. After 20 years in and around security,
he’s one of the guys who “knows where the bodies are buried” in the security space. Mike published
“The Pragmatic CSO” in 2007 to introduce technically oriented security professionals to the nuances
of what is required to be a senior security professional. Securosis Blog
Contributions from Mike Rothman, Contributor
- Why you shouldn't wager the house on risk management mo
- Is it a violation of HIPAA to collect consumer Social Security numbers?
- How can a corporation assess the costs of whole-disk encryption?
- Who is responsible for handling security program development in an IT infrastructure?
- What are the security risks of a corporate divestiture?
- Industry experience vs. security certification credentials
- Protecting consumer data with a fraud and risk assessment policy
- How can I get my CISSP certification?
- What types of software can help a company perform a security risk assessment?
- Is encrypting cookies a PCI DSS requirement?
- Can a vendor be convinced to add security to its application development process?
- What are the proper procedures for handling a potential insider threat?
- Are senior level executives a target for social engineering attacks?
- How to migrate from SAS 70 to ISO 27001
- Defining your security certification objective
- How to prevent audit-logging system from storing passwords?
- COSO and COBIT: The value of compliance frameworks for
- Should PCI DSS auditors be subjective?
- Should all members of a security staff be involved in the risk assessment process?
- Best practices for implementing a retention policy