Manage

Information security program management

• Advance your security operations center with AI

  Powering a security operations center with AI systems not only automates tasks, but also complements admins' efforts to more effectively combat threats and transform processes. Continue Reading

• The state of cybersecurity risk: Detection and mitigation

  Hackers will always try to creep in, and many will succeed. That's why effective detection and mitigation are essential. How are enterprises faring? Continue Reading

• Employ AI for cybersecurity, reap strong defenses faster

  The cyber arms race is never-ending. Learn how to prevail over advanced attacks by putting the latest intelligent technology to service in your cybersecurity program. Continue Reading

• RSA Conference 2020 guide: Highlighting security's human element

  What's happening at the 2020 RSA Conference? Our team keeps you up to date with pre-conference coverage and breaking news from the infosec world's biggest event. Continue Reading

• Put application security testing at the top of your do-now list

  It's time to take a new attitude toward application security. Learn what must be tested and the specific steps that will take your apps from vulnerable to fortified. Continue Reading

• Craft an effective application security testing process

  For many reasons, only about half of all web apps get proper security evaluation and testing. Here's how to fix that stat and better protect your organization's systems and data.Continue Reading

• Zero trust is IT security's best hope for effective defense

  The material collected here provides not just an explanation of why you need to adopt the zero-trust model, it serves as detailed guide on moving from adoption to implementation.Continue Reading

• When cyberthreats are nebulous, how can you plan?

  Security planning is tough when you're short-staffed and hackers have smart tech too. You'll need solid skills and, most of all, a willingness to use your imagination.Continue Reading

• AI threats, understaffed defenses and other cyber nightmares

  Continue Reading

• CISOs, does your incident response plan cover all the bases?

  Security incidents, let's face it, are essentially inevitable. How do you cover the key bases -- education, inventory, and visibility -- in planning for incident response?Continue Reading

• A cybersecurity skills gap demands thinking outside the box

  Today's security team shortages can't be filled using yesterday's thinking. Learn what other IT security leaders are doing to plug the skills gap and keep their organization safe.Continue Reading

• AI for good or evil? AI dangers, advantages and decisions

  Good guys and bad guys both use AI, but the bad guys don't need to worry about complying with rules and regulations. What can security leaders do to level the playing field?Continue Reading

• Heed 5 security operations center best practices before outsourcing

  Understanding the five steps needed to ensure security operations center best practices will help organizations decide whether to outsource their SOC initiatives.Continue Reading

• The case for continuous security monitoring

  When done correctly, continuous security monitoring provides real-time visibility into an organization's IT environment. Here are the best practices for building a CSM program.Continue Reading

• Automating incident response with security orchestration

  Security orchestration, automation and response technology is now seen as a key aid to security pros attempting to thwart an onslaught of cyberattacks.Continue Reading

• Key steps to put your zero-trust security plan into action

  There are three key categories of vendor zero-trust products. Learn what they are, and how to evaluate and implement the one that's best for your company.Continue Reading

• What a proactive cybersecurity stance means in 2019

  Meeting cyberthreats head-on is no longer a choice but a necessity. Learn what dangers IT security teams may face in 2019 and why a proactive attitude is vital.Continue Reading

• Prepping your SIEM architecture for the future

  Is your SIEM ready to face the future? Or is it time for a major tune-up or at least some tweaks around the edges? Learn how to approach your SIEM assessment and updates.Continue Reading

• Why third-party access to data may come at a price

  Google and other platform companies dangled not only APIs but access to user data from unwitting customers to attract third-party developers and other partners.Continue Reading

• Continuous security monitoring advances automated scanning

  Battling threats in today's fast-paced cyberworld means shutting down vulnerabilities fast, which requires round-the-clock monitoring. Learn how to make it happen in your company.Continue Reading

• Automated patch management and the challenges from IoT

  From creating an inventory to scanning for IoT vulnerabilities, learn the key steps to take when it comes to automating patch management in your company.Continue Reading

• CISOs map out their cybersecurity plan for 2018

  What's on the short list for enterprise cybersecurity programs in the coming year? As attack vectors increase -- think IoT -- we ask information security leaders to discuss their plans.Continue Reading

• What GDPR requirements mean for U.S. companies

  The EU's General Data Protection Regulation legislation goes into effect in May 2018. Don't assume your European business is too insignificant to need to comply.Continue Reading

• As privacy requirements evolve, CISSPs must stay informed

  Just as technology constantly changes, so too do the laws and regulations that govern data privacy. CISSPs must remain aware of their organization's individual requirements.Continue Reading

• Dedicated security teams: The pros and cons of splitting focus areas

  Could using dedicated security teams that focus on one area of risk help reduce the attack surface for enterprises? Expert Steven Weil looks at the pros and cons of that approach.Continue Reading

• How to organize an enterprise cybersecurity team effectively

  The structure of an enterprise's cybersecurity team is important for ensuring it's as effective as possible. Expert Steven Weil outlines strategies for setting up a security group.Continue Reading

• Should CISOs share the responsibility for a cybersecurity incident?

  CISOs usually take the brunt of the blame when a cybersecurity incident occurs, but should they? Expert Mike O. Villegas details ways CISOs can share the responsibility.Continue Reading

• Is a cybersecurity expert necessary on a board of directors?

  Communicating cybersecurity issues to a board of directors can be challenging. Expert Mike O. Villegas discusses whether a cybersecurity expert on the board would ease the struggle.Continue Reading

• How to handle a problematic cybersecurity expert on your team

  Sometimes hiring a cybersecurity expert to help your security team isn't all it's cracked up to be. Expert Mike O. Villegas explains what CISOs should do when this happens.Continue Reading

• What's the best way to organize the CISO reporting structure?

  The importance of the CISO reporting structure continues to grow as the importance of the CISO grows. Expert Mike O. Villegas discusses who the CISO should report to.Continue Reading

• Want to avoid data breach lawsuits? Get legal on your side

  The CISO's role as the protector of an organization's data intersects with responsibilities of corporate counsel. Here's how to keep the communications flowing in sticky situations.Continue Reading

• Becoming a Global Chief Security Executive Officer

  In this excerpt of Becoming a Global Chief Security Executive Officer: A How to Guide for Next Generation Security Leaders, author Roland Cloutier discusses the primary role of the chief security officer.Continue Reading

• How can a vendor risk assessment help enterprise security?

  Third-party vendors are necessary for organizations, but with them come more security risks. Expert Mike O. Villegas discusses how vendor risk assessments can help.Continue Reading

• Information security culture: How enterprises can build and improve it

  Creating and fostering an information security culture isn't easy. Guest contributor Lance Hayden explains how to do it and how to identify signs of improvement.Continue Reading

• How do chief data officers affect the role of the CISO?

  Chief data officers are becoming more common in enterprises, but how does the presence of this c-level affect the CISO's role? Expert Mike O. Villegas discusses.Continue Reading

• Throwing money at the cybersecurity problem?

  According to market forecasts, more companies are investing in cybersecurity and that spending is likely to increase dramatically in the next few years. MarketsandMarkets has forecast cybersecurity ...Continue Reading

• Incident response procedures speed discovery-response time

  Many companies become aware of a security event but take hours or days to perform triage and finally remediate it. Incident response procedures can vary based on the organization, and the type of security incident, which could involve DDoS attacks, ...Continue Reading

• Cybersecurity products: When is it time to change them?

  Enterprises should assess their cybersecurity products to make sure they're as effective as possible. Expert Mike O. Villegas discusses how to evaluate cybersecurity tools.Continue Reading

• What should CISOs include in security reports?

  Security reports are a good way for CISOs to communicate with the board of directors. Here are specific topics that should be included in the reporting.Continue Reading

• What cybersecurity spending strategies will best help enterprises?

  Increased cybersecurity spending budgets don't happen very often, but when they do CISOs should take advantage of it. Here's how to strategize spending an increased security budget.Continue Reading

• Innovative security key to solving big picture enterprise security woes

  Innovative security should be on everyone's mind according to Eric Cole Ph.D. of the SANS Institute. Learn how to look beyond only day-to-day enterprise security.Continue Reading

• Managed security service providers: Weighing the pros and cons

  Using a managed security service provider can be an appealing option to enterprises, but there are many factors to consider before making the move to outsourcing.Continue Reading

• How can CISOs promote interdepartmental cooperation?

  CISOs should take on the responsibility of encouraging interdepartmental cooperation between the security team and IT operations. Here are five ways to accomplish this lofty task.Continue Reading

• State of the Network study: How security tasks are dominating IT staff

  The majority of networking teams are regularly involved in enterprise security tasks. Expert Kevin Beaver explains the phenomena and how to embrace it.Continue Reading

• Want to increase IT security budget dollars? Get in your CEO's head

  John Dickson, principal at Denim Group, talks to SearchSecurity at RSA Conference 2015 about tried and true ways security admins have been able to attain security dollars despite tight resources.Continue Reading

• How should we hire for specialized information security roles?

  A rise in specialized roles puts extra pressure on security hiring. Expert Mike O. Villegas explains how to meet this demand and find talented security professionals.Continue Reading

• What are the benefits of a having a CISO title in an organization?

  Is a CISO title really necessary in an organization? Expert Mike O. Villegas explains why the title matters, as well as the qualities CISOs need to have to assert their importance.Continue Reading

• The CEO refuses cybersecurity best practices: Now what?

  Some executives don't think cybersecurity best practices apply to them. Expert Mike O. Villegas explains how to handle that situation.Continue Reading

• Insider threat programs need people, not technology

  A panel discussion at RSA Conference 2015 outlined strategic methods enterprises can use to build and advocate for an insider threat program.Continue Reading

• Information security and lawyers: Three ways to be besties

  Legal teams play a key supporting role in successful information security programs. Expert Mike Chapple reviews three areas where infosec pros and lawyers should work together, and offers tips to foster effective collaboration.Continue Reading

• How should organizations make a cybersecurity policy a top priority?

  Supporting a cybersecurity policy should be a priority for executive boards. Expert Joseph Granneman explains how CISOs can effectively communicate its importance.Continue Reading

• What are the best approaches for security budgeting?

  Finding dollars for information security in the enterprise can be challenging. Expert Joseph Granneman offers advice on strategic security budgeting.Continue Reading

• How to increase the importance of information security in enterprises

  Expert Mike Villegas explains how to use the Three C's to emphasize the importance of information security within an organization.Continue Reading

• What's the best way to sell security strategies to executives?

  Selling security strategies to C-levels isn't always an easy task. Expert Joseph Granneman gives some advice on convincing execs of the importance of security.Continue Reading

• The importance of an IT security governance body

  An IT security governance board is a key feature in security budgeting, but who makes up this body? Expert Joseph Granneman outlines the best structure for security governance boards.Continue Reading

• How to explain information security concepts to business executives

  Conveying complex information security models to business executives isn't easy. Here's how IT pros can improve their communication skills.Continue Reading

• Three ways to raise infosec awareness among non-security executives

  Low infosec awareness among C-level execs can hurt security funding. Expert Joseph Granneman details three ways that CISOs can raise that awareness.Continue Reading

• Aligning enterprise identity and access management with CIO priorities

  Randall Gamby says aligning enterprise identity and access management with business and CIO priorities demands a more strategic approach to IAM.Continue Reading

• Division of CISO responsibilities may prevent burnout

  CISO responsibilities can be overwhelming, according to a new IBM survey. One solution may be to divide the role into two jobs.Continue Reading

• Modern security management strategy requires security separation of duties

  Contributor Matthew Pascucci argues that enterprises need security separation of duties to ensure an effective, modern security management strategy.Continue Reading

• Best practices for information security reward incentive programs

  While employee termination may be necessary in cases of insecure conduct, most employees are more encouraged by the carrot than the stick when it comes to security and compliance.Continue Reading

• Opinion: Security information sharing is a shared responsibility

  Senior Site Editor Eric B. Parizo says infosec pros need to participate in the public dialog for the good of the industry and offers harsh words for companies who silence their own security talent.Continue Reading

• Demystifying governance, risk and compliance

  GRC aims to bring together disparate compliance efforts in the enterprise, but the concept has been stymied by a lack of clarity. Developing a GRC program requires three key steps.Continue Reading

• Aite Group: Take action now to manage remote deposit capture risks

  Fraud losses involving RDC technology have the potential to skyrocket if banks don't work proactively to deal with the risks, research firm says.Continue Reading

• Vendor risk management: process and documentation

  As part of the vendor risk management process, regulators expect information security officers will document vendor relationships and have proper vendor documentation.Continue Reading

• How to write a risk methodology that blends business, security needs

  One security professional describes a homegrown risk methodology currently being used by a large university and a private corporation.Continue Reading

• Security steering committee force CISOs to connect with the business

  Security steering committees provide a forum for security managers and business leaders to discuss security and privacy issues and explore compliance implications of new projects and technology purchases.Continue Reading

• Information security steering committee best practices

  Security steering committees bring HR, finance, legal, IT and audit to the same table, helping facilitate the integration of information security into lines of business.Continue Reading

• Results Chain for Information Security and Assurance

  Continue Reading

• Information Security Blueprint

  Continue Reading

• What are the top five concepts or lessons on security management?

  Many security managers wish their company executives understood more about the importance of information security. Security management expert Mike Rothman lists the top five things every executive should be informed of.Continue Reading

• What are the pros and cons of outsourcing email security services?

  In this SearchSecurity.com Q&A, application security expert Michael Cobb explains whether it's right for your organization to hand off email security services to another provider.Continue Reading

• M&A: Merging network security policies

  Company mergers often call for the consolidation of two different network policies. But before making any final decisions on technology, the staff members of both organizations need to be on the same page. In this tip, contributor Mike Chapple ...Continue Reading

• Best practices for compliance during a merger

  Company mergers involve more than just aligning two different security infrastructures. When one vendor acquires another, it's the handling of compliance issues that can be an IT security staff's toughest task. In this tip, security expert Joel ...Continue Reading

• Executive Security Management

  Continue Reading

• Best practices for security report writing

  Concise, targeted security reports command the attention of the executives who need to act on them. Learn best practices for security report writing.Continue Reading

• Four steps to ensure security deployment success

  Security deployment will go smoother if enterprises step back, ask questions, involve everyone and lower expectations.Continue Reading

• Employee privacy rights: When is it OK to spy on employees?

  Having a sound enterprise policy is everything if your organization wants to "spy" on employees -- otherwise it'll find itself violating employee privacy rights.Continue Reading

• Security survey results: Six information security myths dispelled

  A rose is a rose is a rose, but Information Security magazine and SearchSecurity surveys bust six security myths, proving infosec is maturing as a profession and a practice.Continue Reading

• Cybersecurity and boards of directors: Understanding corporate risk

  Learn how corporate risk can be capitalized on in order to maintain a high profile for cybersecurity among enterprise board of directors.Continue Reading

• Is it best to focus on the technical or business side for a management position?

  Continue Reading