February 22, 2017
One expert warned there can be a disconnect between what security remediation means to CISOs and what researchers announce because of divergent objectives.
January 20, 2017
Retired Brig. Gen. Gregory Touhill stepped down as the federal CISO, leaving questions surrounding the future of the position and the work he has done.
August 18, 2016
This week, bloggers explore antifragile network design and management, networking acquisitions and CISO portfolio management.
May 31, 2016
With the explosion of the Internet of Things, it's time to rethink the CISO role -- including who that role reports to. This was the consensus of a panel of security leaders at this month's MIT ...
CISO Get Started
Bring yourself up to speed with our introductory content
The CISO (chief information security officer) is a senior-level executive responsible for developing and implementing an information security program, which includes procedures and policies designed to protect enterprise communications, systems and assets from both internal and external threats. Continue Reading
CISOs may be unfamiliar with cloud service-level agreements, but they're still a necessary part of enterprise security. Expert Mike O. Villegas has some tips to build cloud SLAs. Continue Reading
The automation of development and operations processes, known as DevOps, is catching on in project teams and business units across industries. The missing component in many of these high-risk scenarios? Security. To make DevOps and security work together, CISOs need to have ongoing collaboration with developers, automating security checks early in the process and providing them with visibility and feedback. In this issue, early adopters of the DevOps and security model share tips on how to defend the cloud's continuous improvement model.
Retailers, led by Wal-Mart Stores, Home Depot and the National Retail Federation, contend that the two-factor authentication provided by chip and PIN card technology offers the highest level of security. Financial institutions, led by Visa, MasterCard and the American Bankers Association, say it's the microchip embedded in the card that matters because it combats counterfeit fraud. We look at both sides of the chip and PIN card debate.
The consequences of a company's failure to stay apprised of data protection laws and to implement best practices can be dire. Organizations may find themselves not only targets of post-breach lawsuits, but on the receiving end of the Federal Trade Commission's scrutiny. By pooling the collective knowledge of the legal and IT security organizations, and by staying on top of requirements and updating them as appropriate, CISOs can cover all of their bases in a comprehensive way. We tell you how to set up the swim lanes of a legal partnership.Continue Reading
Evaluate CISO Vendors & Products
Weigh the pros and cons of technologies, products and projects you are considering.
The brief tenure of a federal CISO in the U.S. government recently came to an end. Expert Mike O. Villegas discusses the effect this has on the U.S. cybersecurity posture. Continue Reading
A virtual CISO is a good option for smaller organizations that want stronger security leadership, but don't have the budget. Expert Mike O. Villegas discusses the pros and cons. Continue Reading
There can often be two types of CISOs: the builder and the stabilizer. Expert Mike O. Villegas discusses the pros and cons of each type and the roles they play. Continue Reading
Learn to apply best practices and optimize your operations.
Faced with the demands of derivatives trading, CSO John Masserini understands the value of aligning controls with business risk. We ask him how he does it. Continue Reading
Healthcare organizations need to connect procurement and cybersecurity to avoid common mistakes that could compromise medical device security, says a healthcare CISO. Continue Reading
As head of FICO's information security program, Vickie Miller's role is wide-ranging. Continue Reading
Problem Solve CISO Issues
We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.
Security vendor hype is a problem CISOs often have to deal with. Expert Mike O. Villegas discusses some ways to cut through the hype and make smart purchasing decisions. Continue Reading
Opting out of a vendor contract for security reasons can be a tough decision for CISOs. Expert Mike O. Villegas discusses how NASA handled the situation and what CISOs can do. Continue Reading
Security employee tenure is shorter than in most industries. Expert Mike O. Villegas outlines five budget-friendly steps CISOs can take to help lengthen it. Continue Reading