Manage

Information security program management

• Employ AI for cybersecurity, reap strong defenses faster

  The cyber arms race is never-ending. Learn how to prevail over advanced attacks by putting the latest intelligent technology to service in your cybersecurity program. Continue Reading

• RSA Conference 2020 guide: Highlighting security's human element

  What's happening at the 2020 RSA Conference? Our team keeps you up to date with pre-conference coverage and breaking news from the infosec world's biggest event. Continue Reading

• Put application security testing at the top of your do-now list

  It's time to take a new attitude toward application security. Learn what must be tested and the specific steps that will take your apps from vulnerable to fortified. Continue Reading

• Craft an effective application security testing process

  For many reasons, only about half of all web apps get proper security evaluation and testing. Here's how to fix that stat and better protect your organization's systems and data. Continue Reading

• Zero trust is IT security's best hope for effective defense

  The material collected here provides not just an explanation of why you need to adopt the zero-trust model, it serves as detailed guide on moving from adoption to implementation. Continue Reading

• When cyberthreats are nebulous, how can you plan?

  Security planning is tough when you're short-staffed and hackers have smart tech too. You'll need solid skills and, most of all, a willingness to use your imagination.Continue Reading

• AI threats, understaffed defenses and other cyber nightmares

  Continue Reading

• CISOs, does your incident response plan cover all the bases?

  Security incidents, let's face it, are essentially inevitable. How do you cover the key bases -- education, inventory, and visibility -- in planning for incident response?Continue Reading

• A cybersecurity skills gap demands thinking outside the box

  Today's security team shortages can't be filled using yesterday's thinking. Learn what other IT security leaders are doing to plug the skills gap and keep their organization safe.Continue Reading

• AI for good or evil? AI dangers, advantages and decisions

  Good guys and bad guys both use AI, but the bad guys don't need to worry about complying with rules and regulations. What can security leaders do to level the playing field?Continue Reading

• Heed 5 security operations center best practices before outsourcing

  Understanding the five steps needed to ensure security operations center best practices will help organizations decide whether to outsource their SOC initiatives.Continue Reading

• The case for continuous security monitoring

  When done correctly, continuous security monitoring provides real-time visibility into an organization's IT environment. Here are the best practices for building a CSM program.Continue Reading

• Automating incident response with security orchestration

  Security orchestration, automation and response technology is now seen as a key aid to security pros attempting to thwart an onslaught of cyberattacks.Continue Reading

• Key steps to put your zero-trust security plan into action

  There are three key categories of vendor zero-trust products. Learn what they are, and how to evaluate and implement the one that's best for your company.Continue Reading

• What a proactive cybersecurity stance means in 2019

  Meeting cyberthreats head-on is no longer a choice but a necessity. Learn what dangers IT security teams may face in 2019 and why a proactive attitude is vital.Continue Reading

• Prepping your SIEM architecture for the future

  Is your SIEM ready to face the future? Or is it time for a major tune-up or at least some tweaks around the edges? Learn how to approach your SIEM assessment and updates.Continue Reading

• Why third-party access to data may come at a price

  Google and other platform companies dangled not only APIs but access to user data from unwitting customers to attract third-party developers and other partners.Continue Reading

• Continuous security monitoring advances automated scanning

  Battling threats in today's fast-paced cyberworld means shutting down vulnerabilities fast, which requires round-the-clock monitoring. Learn how to make it happen in your company.Continue Reading

• Automated patch management and the challenges from IoT

  From creating an inventory to scanning for IoT vulnerabilities, learn the key steps to take when it comes to automating patch management in your company.Continue Reading

• CISOs map out their cybersecurity plan for 2018

  What's on the short list for enterprise cybersecurity programs in the coming year? As attack vectors increase -- think IoT -- we ask information security leaders to discuss their plans.Continue Reading

• What GDPR requirements mean for U.S. companies

  The EU's General Data Protection Regulation legislation goes into effect in May 2018. Don't assume your European business is too insignificant to need to comply.Continue Reading

• As privacy requirements evolve, CISSPs must stay informed

  Just as technology constantly changes, so too do the laws and regulations that govern data privacy. CISSPs must remain aware of their organization's individual requirements.Continue Reading

• Dedicated security teams: The pros and cons of splitting focus areas

  Could using dedicated security teams that focus on one area of risk help reduce the attack surface for enterprises? Expert Steven Weil looks at the pros and cons of that approach.Continue Reading

• How to organize an enterprise cybersecurity team effectively

  The structure of an enterprise's cybersecurity team is important for ensuring it's as effective as possible. Expert Steven Weil outlines strategies for setting up a security group.Continue Reading

• Should CISOs share the responsibility for a cybersecurity incident?

  CISOs usually take the brunt of the blame when a cybersecurity incident occurs, but should they? Expert Mike O. Villegas details ways CISOs can share the responsibility.Continue Reading

• Is a cybersecurity expert necessary on a board of directors?

  Communicating cybersecurity issues to a board of directors can be challenging. Expert Mike O. Villegas discusses whether a cybersecurity expert on the board would ease the struggle.Continue Reading

• How to handle a problematic cybersecurity expert on your team

  Sometimes hiring a cybersecurity expert to help your security team isn't all it's cracked up to be. Expert Mike O. Villegas explains what CISOs should do when this happens.Continue Reading

• What's the best way to organize the CISO reporting structure?

  The importance of the CISO reporting structure continues to grow as the importance of the CISO grows. Expert Mike O. Villegas discusses who the CISO should report to.Continue Reading

• Want to avoid data breach lawsuits? Get legal on your side

  The CISO's role as the protector of an organization's data intersects with responsibilities of corporate counsel. Here's how to keep the communications flowing in sticky situations.Continue Reading

• Becoming a Global Chief Security Executive Officer

  In this excerpt of Becoming a Global Chief Security Executive Officer: A How to Guide for Next Generation Security Leaders, author Roland Cloutier discusses the primary role of the chief security officer.Continue Reading

• How can a vendor risk assessment help enterprise security?

  Third-party vendors are necessary for organizations, but with them come more security risks. Expert Mike O. Villegas discusses how vendor risk assessments can help.Continue Reading

• Information security culture: How enterprises can build and improve it

  Creating and fostering an information security culture isn't easy. Guest contributor Lance Hayden explains how to do it and how to identify signs of improvement.Continue Reading

• How do chief data officers affect the role of the CISO?

  Chief data officers are becoming more common in enterprises, but how does the presence of this c-level affect the CISO's role? Expert Mike O. Villegas discusses.Continue Reading

• Throwing money at the cybersecurity problem?

  According to market forecasts, more companies are investing in cybersecurity and that spending is likely to increase dramatically in the next few years. MarketsandMarkets has forecast cybersecurity ...Continue Reading

• Incident response procedures speed discovery-response time

  Many companies become aware of a security event but take hours or days to perform triage and finally remediate it. Incident response procedures can vary based on the organization, and the type of security incident, which could involve DDoS attacks, ...Continue Reading

• Cybersecurity products: When is it time to change them?

  Enterprises should assess their cybersecurity products to make sure they're as effective as possible. Expert Mike O. Villegas discusses how to evaluate cybersecurity tools.Continue Reading

• What should CISOs include in security reports?

  Security reports are a good way for CISOs to communicate with the board of directors. Here are specific topics that should be included in the reporting.Continue Reading

• What cybersecurity spending strategies will best help enterprises?

  Increased cybersecurity spending budgets don't happen very often, but when they do CISOs should take advantage of it. Here's how to strategize spending an increased security budget.Continue Reading

• Innovative security key to solving big picture enterprise security woes

  Innovative security should be on everyone's mind according to Eric Cole Ph.D. of the SANS Institute. Learn how to look beyond only day-to-day enterprise security.Continue Reading

• Managed security service providers: Weighing the pros and cons

  Using a managed security service provider can be an appealing option to enterprises, but there are many factors to consider before making the move to outsourcing.Continue Reading

• How can CISOs promote interdepartmental cooperation?

  CISOs should take on the responsibility of encouraging interdepartmental cooperation between the security team and IT operations. Here are five ways to accomplish this lofty task.Continue Reading

• State of the Network study: How security tasks are dominating IT staff

  The majority of networking teams are regularly involved in enterprise security tasks. Expert Kevin Beaver explains the phenomena and how to embrace it.Continue Reading

• Want to increase IT security budget dollars? Get in your CEO's head

  John Dickson, principal at Denim Group, talks to SearchSecurity at RSA Conference 2015 about tried and true ways security admins have been able to attain security dollars despite tight resources.Continue Reading

• How should we hire for specialized information security roles?

  A rise in specialized roles puts extra pressure on security hiring. Expert Mike O. Villegas explains how to meet this demand and find talented security professionals.Continue Reading

• What are the benefits of a having a CISO title in an organization?

  Is a CISO title really necessary in an organization? Expert Mike O. Villegas explains why the title matters, as well as the qualities CISOs need to have to assert their importance.Continue Reading

• The CEO refuses cybersecurity best practices: Now what?

  Some executives don't think cybersecurity best practices apply to them. Expert Mike O. Villegas explains how to handle that situation.Continue Reading

• Insider threat programs need people, not technology

  A panel discussion at RSA Conference 2015 outlined strategic methods enterprises can use to build and advocate for an insider threat program.Continue Reading

• Information security and lawyers: Three ways to be besties

  Legal teams play a key supporting role in successful information security programs. Expert Mike Chapple reviews three areas where infosec pros and lawyers should work together, and offers tips to foster effective collaboration.Continue Reading

• How should organizations make a cybersecurity policy a top priority?

  Supporting a cybersecurity policy should be a priority for executive boards. Expert Joseph Granneman explains how CISOs can effectively communicate its importance.Continue Reading

• What are the best approaches for security budgeting?

  Finding dollars for information security in the enterprise can be challenging. Expert Joseph Granneman offers advice on strategic security budgeting.Continue Reading

• How to increase the importance of information security in enterprises

  Expert Mike Villegas explains how to use the Three C's to emphasize the importance of information security within an organization.Continue Reading

• Is your information security spending in line with the risks?

  IT security spending requires 75% of the budget be spent on risk planning. Expert Joseph Granneman explains how to realign a security budget.Continue Reading

• How can enterprises improve security hiring?

  Security hiring is tough and hiring a CISO is tougher. Expert Joseph Granneman reviews how CIOs can attract talented CISOs to an organization.Continue Reading

• How important is a security staff retention strategy?

  Developing a staff retention strategy for your security team is a good idea. Expert Joseph Granneman explains some techniques for keeping security talent.Continue Reading

• What's the best way to sell security strategies to executives?

  Selling security strategies to C-levels isn't always an easy task. Expert Joseph Granneman gives some advice on convincing execs of the importance of security.Continue Reading

• To prevent breaches, change security hierarchy and use better metrics

  The security management hierarchy in most organizations isn't conducive to breach prevention, says Dr. Eric Cole. He explains the critical changes needed to empower CISOs in this month's Security That Works column.Continue Reading

• The importance of an IT security governance body

  An IT security governance board is a key feature in security budgeting, but who makes up this body? Expert Joseph Granneman outlines the best structure for security governance boards.Continue Reading

• How to survive a cybersecurity staff shortage

  Despite today's enterprise cybersecurity staffing crisis, management expert Joseph Granneman says InfoSec success is possible with a sharpened focus.Continue Reading

• Important business skill sets for information security professionals

  Expert Joseph Granneman explains important business skills information security pros need -- and how to acquire them -- as the discipline matures.Continue Reading

• How to explain information security concepts to business executives

  Conveying complex information security models to business executives isn't easy. Here's how IT pros can improve their communication skills.Continue Reading

• Seven Techniques for More Proactive Risk and Security Management

  In this report, you’ll uncover the techniques you need to improve your ability to deal effectively with unforeseen risks.Continue Reading

• Security and Risk Management Program Maturity Assessment

  Good security and risk management requires a wide range of ingredients: Mature business continuity management, compliance, identity and access management, information security management, privacy, and risk management practices. This guide addresses ...Continue Reading

• Three ways to raise infosec awareness among non-security executives

  Low infosec awareness among C-level execs can hurt security funding. Expert Joseph Granneman details three ways that CISOs can raise that awareness.Continue Reading

• Why marketing principles can help a security awareness program succeed

  Veteran CISO Ernie Hayden offers ideas from the realm of marketing to help spread security awareness like a virus -- but in a good way.Continue Reading

• What attributes are necessary to have success in the CISO role?

  With the CISO role being a new addition for many executive teams, expert Joe Granneman says there are several challenges facing security execs.Continue Reading

• How to Define SIEM Strategy, Management and Success in the Enterprise

  Security information and event management technology has traveled a long and winding road, but today enterprise SIEM technology is as functional, manageable and affordable as it's ever been. Yet many enterprises haven't implemented a modern SIEM ...Continue Reading

• Download The Expert's How-to on Vulnerability Management

  This expert guide explores the steps your business can take to develop a data breach incident response plan and prevent data loss incidents. Also discover the five common Web application vulnerabilities and how to prevent against them.Continue Reading

• Information security policy management for emerging technologies

  Veteran CISO Ernie Hayden discusses how to foster infosec policies that secure emerging technologies without being perceived as a business roadblock.Continue Reading

• Why a security conscience is key among CISO responsibilities

  Every firm needs a security conscience, according to expert Ernie Hayden, who says it is critical among key CISO responsibilities.Continue Reading

• Best practices for security report writing

  Continue Reading

• Aligning enterprise identity and access management with CIO priorities

  Randall Gamby says aligning enterprise identity and access management with business and CIO priorities demands a more strategic approach to IAM.Continue Reading

• Information security steering committee best practices

  Continue Reading

• Expert urges security pros to speak out, educate upper management

  Security expert Jayson E. Street explains why security pros must learn to communicate effectively to gain trust from management and empower employees.Continue Reading

• For Target, retailer's risk management program hinged on executive buy-in

  To get executive buy-in, the retailer's risk management program architect had to define success and make sure everyone could speak the same language.Continue Reading

• CISO responsibilities: Commit senior management to security governance

  A CISO’s responsibilities must include convincing executives to take an active role in security governance. Expert Ernie Hayden explains how.Continue Reading

• Division of CISO responsibilities may prevent burnout

  CISO responsibilities can be overwhelming, according to a new IBM survey. One solution may be to divide the role into two jobs.Continue Reading

• Book chapter: Obtain Buy-In from Stakeholders

  This is an excerpt from the book Security Metrics: A Beginner’s Guide . Author Caroline Wong discussing strategies for managing a team of stakeholdersContinue Reading

• Best practices: Gaining executive support for the software security lifecycle

  Recent BSIMM3 study results provide guidelines for why executive support for the software security lifecycle is so important. Michael Cobb explains.Continue Reading

• Modern security management strategy requires security separation of duties

  Contributor Matthew Pascucci argues that enterprises need security separation of duties to ensure an effective, modern security management strategy.Continue Reading

• Eye On: CISO Management Issues

  SearchSecurity.com's "Eye On" series examines a security topic each month. In June, the series explores cloud contracts, compliance demands, security awareness and risk-based decision making.Continue Reading

• Best practices for information security reward incentive programs

  While employee termination may be necessary in cases of insecure conduct, most employees are more encouraged by the carrot than the stick when it comes to security and compliance.Continue Reading

• Opinion: Security information sharing is a shared responsibility

  Senior Site Editor Eric B. Parizo says infosec pros need to participate in the public dialog for the good of the industry and offers harsh words for companies who silence their own security talent.Continue Reading

• Demystifying governance, risk and compliance

  GRC aims to bring together disparate compliance efforts in the enterprise, but the concept has been stymied by a lack of clarity. Developing a GRC program requires three key steps.Continue Reading

• Secure your remote users in 2010

  As companies shave operational costs by hiring more remote workers, IT security teams should plan to protect sensitive data being used by a highly mobile workforce in 2010.Continue Reading

• How to use Internet security threat reports

  Security threat reports help drive security vendor business, but they can also provide some useful information for IT security pros.Continue Reading

• New partnerships, creative thinking help security bust recession

  The economy is forcing organizations to be more resourceful and bury the hatchet. And that's a good thing.Continue Reading

• How to write a risk methodology that blends business, security needs

  One security professional describes a homegrown risk methodology currently being used by a large university and a private corporation.Continue Reading

• Service-focused security offers best value to organization

  A service-oriented approach is the best way to demonstrate security's value and win support for security initiatives.Continue Reading

• Mimic the IBM approach to security at RSA

  Columnist Eric Ogren says IBM's announcements at the 2009 RSA Conference should remind security pros that security should be built into business initiatives rather than layered on as an afterthought.Continue Reading

• Best practices for choosing an information security team new hire

  Hiring someone for your information security team? In this expert response, information security management expert David Mortman explains what relevant information security experience is.Continue Reading

• Security steering committee force CISOs to connect with the business

  Security steering committees provide a forum for security managers and business leaders to discuss security and privacy issues and explore compliance implications of new projects and technology purchases.Continue Reading

• Information security steering committee best practices

  Security steering committees bring HR, finance, legal, IT and audit to the same table, helping facilitate the integration of information security into lines of business.Continue Reading

• Maintaining a strong security program during a recession, layoffs

  Learn to maintain security during tough economic times and budget cuts when big corporations such as Merrill lynch, Wachovia and Chase, B of A are doing layoffs.Continue Reading

• Results Chain for Information Security and Assurance

  Continue Reading

• Information Security Blueprint

  Continue Reading

• What are the top five concepts or lessons on security management?

  Many security managers wish their company executives understood more about the importance of information security. Security management expert Mike Rothman lists the top five things every executive should be informed of.Continue Reading

• What are the pros and cons of outsourcing email security services?

  In this SearchSecurity.com Q&A, application security expert Michael Cobb explains whether it's right for your organization to hand off email security services to another provider.Continue Reading

• M&A: Merging network security policies

  Company mergers often call for the consolidation of two different network policies. But before making any final decisions on technology, the staff members of both organizations need to be on the same page. In this tip, contributor Mike Chapple ...Continue Reading

• Ensuring Web application security during a company merger

  When companies merge, so must their Web application infrastructures. Securing and integrating applications, however, can be a struggle without cooperation from all sides. In this tip, Michael Cobb explains how a merged organization can avoid turf ...Continue Reading

• Best practices for compliance during a merger

  Company mergers involve more than just aligning two different security infrastructures. When one vendor acquires another, it's the handling of compliance issues that can be an IT security staff's toughest task. In this tip, security expert Joel ...Continue Reading