Information security program management

CISOs and information security programs are vital to protecting enterprises against today's cyber threats. In this resource centers, get the latest news and advice about CISO practices, infosec prrogram management and more.

Top Stories

Answer 19 Jul 2024
How to protect port 139 from SMB attacks

Keeping port 139 open is perfectly normal -- but only for good reason. Without the proper protections, it can present a major security risk. Continue Reading
By
- Michael Cobb
Tip 01 Jul 2024
Top 10 cybersecurity interview questions and answers

Interviewing for a job in cybersecurity? Memorizing security terms won't cut it. Here are the 10 interview questions you should be ready for -- and how to answer them. Continue Reading
By
- Steve Zurier, ZFeatures

Feature 06 Feb 2024
20 free cybersecurity tools you should know about

Cybersecurity products can get pricy but there are many excellent open source tools to help secure your systems and data. Here's a list of some of the most popular with cyber pros. Continue Reading
By
- Andy Patrizio
Tip 01 Feb 2024
10 cybersecurity best practices and tips for businesses

Looking to improve your business's cybersecurity program? Study these 10 cybersecurity best practices and tips. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
Tip 29 Jan 2024
What is attack surface management and why is it necessary?

Attack surface management approaches security from the attacker's perspective. Learn how ASM can help better secure your organization's assets and resources. Continue Reading
By
- Michael Cobb
Feature 23 Jan 2024
Top incident response service providers, vendors and software

Get help deciding between using in-house incident response software or outsourcing to an incident response service provider, and review a list of leading vendor options. Continue Reading
By
- Paul Kirvan
Definition 05 Jan 2024
Computer Emergency Response Team (CERT)

A Computer Emergency Response Team (CERT) is a group of information security experts responsible for the protection against, detection of and response to an organization’s cybersecurity incidents. Continue Reading
By
- Peter Sullivan
Definition 21 Nov 2023
CISO as a service (vCISO, virtual CISO, fractional CISO)

A CISO as a service (CISOaaS) is the outsourcing of CISO (chief information security officer) and information security leadership responsibilities to a third-party provider. Continue Reading
By
- Ben Lutkevich, Site Editor
Tip 28 Sep 2023
How to develop a cybersecurity strategy: Step-by-step guide

A cybersecurity strategy isn't meant to be perfect, but it must be proactive, effective, actively supported and evolving. Here are the four steps required to get there. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
Tip 01 Sep 2022
Cybersecurity budget breakdown and best practices

Once budget is secured, CISOs must figure out where it should be allocated -- as well as how to justify the costs. Get the lowdown on a cybersecurity budget breakdown here. Continue Reading
By
- Ashwin Krishnan, StandOutin90Sec
Tip 27 Oct 2021
5 IT security policy best practices

As businesses and technologies grow and evolve, it's important IT security policies do, too. Follow these five best practices to ensure policies are fresh and relevant. Continue Reading
By
- Diana Kelley, SecurityCurve
Feature 26 Oct 2021
5 cybersecurity personality traits for a successful career

In this excerpt of 'Confident Cyber Security,' author Jessica Barker outlines five cybersecurity personality traits employers look for in job candidates. Continue Reading
By
- Isabella Harford, TechTarget
- Kogan Page
Feature 26 Oct 2021
How to start a career in cybersecurity from the human side

Discover how the co-founder of an infosec consultancy and author of 'Confident Cyber Security' started her career and became a leader in the human nature side of security. Continue Reading
By
- Isabella Harford, TechTarget
News 24 Sep 2021
Cybersecurity leaders back law for critical infrastructure

In the wake of cyberattacks like Colonial Pipeline, U.S. senators want a national law requiring critical infrastructure companies to report cybersecurity incidents to CISA. Continue Reading
By
- Makenzie Holland, Senior News Writer
Feature 14 Sep 2021
Why companies should use AI for fraud management, detection

AI is involved in many cybersecurity processes. Now it's making inroads in fraud management and detection. The benefits, however, are not without AI's nagging bias challenge. Continue Reading
By
- Isabella Harford, TechTarget
Feature 30 Aug 2021
Malware analysis for beginners: Getting started

With the cybersecurity industry struggling to fill open positions, now is the time to start in the field. Infosec expert Dylan Barker shares what you should know to be a malware analyst. Continue Reading
By
- Kyle Johnson, Technology Editor
Feature 30 Aug 2021
Top static malware analysis techniques for beginners

Malware will eventually get onto an endpoint, server or network. Using static analysis can help find known malware variants before they cause damage. Continue Reading
By
- Kyle Johnson, Technology Editor
- Packt Publishing
Feature 30 Jun 2021
What is the BISO role and is it necessary?

Relatively new and somewhat controversial, the business information security officer, or BISO, acts as the CISO's tactical and operations-level ambassador to the business units. Continue Reading
By
- Alissa Irei, Senior Site Editor
Feature 02 Jun 2021
Post-pandemic cybersecurity conferences not to miss

In the shadows of the pandemic, threat actors got even more brazen. Security pros can fight back with the aid of expert insights and training at these upcoming conferences. Continue Reading
By
- Rahul Awati
Feature 20 May 2021
4 ways to handle the cybersecurity skills shortage in 2021

More than half of cybersecurity pros say their organizations could do more to manage negative effects of the skills shortage, such as overwork and burnout. Find out how. Continue Reading
By
- Alissa Irei, Senior Site Editor
Feature 17 May 2021
Cyber Defense Matrix makes sense of chaotic security market

The Cyber Defense Matrix aims to help CISOs make strategic, informed security investments that weigh cyber risk mitigation in the context of business constraints and goals. Continue Reading
By
- Alissa Irei, Senior Site Editor
Feature 07 May 2021
Despite confusion, zero-trust journey underway for many

Zero trust is a catchy phrase with seemingly lofty goals. Uncover the reality behind one of infosec's hottest buzzphrases, and learn why it's within reach for many companies today. Continue Reading
By
- Sharon Shea, Executive Editor
Feature 06 May 2021
6 ways to spur cybersecurity board engagement

New research suggests corporate boards are paying closer attention to cybersecurity, but experts say progress is still modest and slow. Continue Reading
By
- Alissa Irei, Senior Site Editor
Definition 06 Apr 2021
dumpster diving

Dumpster diving is looking for treasure in someone else's trash. Continue Reading
By
- Gavin Wright
Feature 11 Feb 2021
4 tips for aligning security with business objectives

Today's most effective CISOs develop cybersecurity strategies that fit their organizations' risk appetites and support business growth. Learn how they do it. Continue Reading
By
- Alissa Irei, Senior Site Editor
Guest Post 19 Jan 2021
Combine ML with human intelligence for your security strategy

As hackers target the ever-increasing complexity of company networks, enterprises need to find a balance between machine learning and human intelligence when protecting systems and data. Continue Reading
By
- Rohit Dhamankar
Feature 04 Dec 2020
7 SecOps roles and responsibilities for the modern enterprise

Now hiring: As organizations increasingly favor proactive cyber threat hunting and detection over bare-bones prevention, SecOps roles and responsibilities are shifting, too. Continue Reading
By
- Alissa Irei, Senior Site Editor
Tip 04 Dec 2020
Counter threats with these top SecOps software options

SecOps tools offer many capabilities to address common threats enterprises face, including domain name services, network detection and response, and anti-phishing. Continue Reading
By
- Kevin Tolly, The Tolly Group
Tip 20 Nov 2020
Pair cyber insurance, risk mitigation to manage cyber-risk

The role of cyber insurance may come after a breach, but it remains a useful element in an organization's vulnerability management strategy. Continue Reading
By
- Paul Kirvan
Tip 20 Nov 2020
Cyber insurance explained, from selection to post-purchase

Before you sign on the dotted line, make sure you understand what cyber insurance can and can't do -- and what type of policy will do the most for you. Continue Reading
By
- Sherri Davidoff, LMG Security
Tip 11 Nov 2020
Note these 5 security operations center best practices

Understanding the five steps needed to ensure security operations center best practices will help organizations decide whether to outsource their SOC initiatives. Continue Reading
By
- Johna Till Johnson, Nemertes Research
Opinion 02 Nov 2020
Cybersecurity for remote workers: Lessons from the front

Tackle the security challenges COVID-19 wrought by using this playbook from an experienced disaster-zone responder. Continue Reading
By
- Rich Mogull, Securosis
Tip 30 Oct 2020
Benefits of virtual SOCs: Enterprise-run vs. fully managed

A virtual security operations center, be it managed in-house or by a third party, is becoming an increasingly popular option to save money and improve reliability. Continue Reading
By
- Ashwin Krishnan, StandOutin90Sec
Tip 23 Sep 2020
5 key enterprise SOC team roles and responsibilities

Review the key players in the 2020 SOC and their specific responsibilities, as well as best practices to ensure effective teamwork for a secure organization. Continue Reading
By
- Ashwin Krishnan, StandOutin90Sec
Guest Post 13 Aug 2020
How security champions can help, despite working remotely

By effectively using collaboration tools, security champions can still spread a company's security message even as most offices stay closed and employees work remotely. Continue Reading
By
- Dan Cornell
Quiz 03 Aug 2020
Test your cybersecurity knowledge with this quick ISM quiz

Read our August 2020 e-zine, and then take this short quiz to test your knowledge of cybersecurity awareness training and other issues -- from types of CISOs to talent recruitment. Continue Reading
By
- Brenda L. Horrigan, Executive Managing Editor
Feature 03 Aug 2020
Which type of CISO are you? Company fit matters

Incompatibility between CISOs and their companies can lead to stress, frustration, burnout and rapid turnover. Identify your CISO style to target the ideal role and environment for you. Continue Reading
By
- Alissa Irei, Senior Site Editor
Opinion 03 Aug 2020
The case for cybersecurity by design in application software

Security must be part of IT from the start and then continue through the entire product lifecycle -- design, build, release and maintenance. Consumers now demand it. Continue Reading
By
- Michael Cobb
Feature 03 Aug 2020
10 tips for cybersecurity awareness programs in uncertain times

Explore the winning tactics and tools CISOs and other cybersecurity leaders are employing in their programs to raise employee security awareness -- and consider how they might work for you. Continue Reading
By
- Mary K. Pratt
Opinion 03 Aug 2020
Develop internal cybersecurity talent to build your dream team

Cybersecurity duties have changed, with cloud and coding being essential knowledge now. But CISOs can still build their dream cybersecurity team through internal talent development. Continue Reading
By
- Johna Till Johnson, Nemertes Research
Infographic 03 Aug 2020
7 security awareness statistics to keep you up at night

As if protecting corporate systems and data wasn't hard enough, beware of another potential foe: those well-meaning but woefully uninformed staff members. Continue Reading
By
- Jessica Scarpati
E-Zine 03 Aug 2020

Cybersecurity education for employees: Learn what works

Continue Reading
Opinion 03 Aug 2020
Importance of cybersecurity awareness never greater

Security awareness is more essential than ever, but in a world of increasingly sophisticated threats, making it a reality requires more than set-it-and-forget-it training. Continue Reading
By
- Ben Cole, Executive Editor
Feature 07 Jul 2020
Why COVID-19 won't stop cybersecurity jobs and recruitment

The economy is struggling, and many careers are taking hits, but cybersecurity jobs and careers will likely stay in demand as companies need to keep data and customers safe. Continue Reading
By
- Jonathan Meyers, Guest Contributor
Tip 30 Jun 2020
3 must-ask post-pandemic questions for CISOs

The worldwide health pandemic has created multiple challenges for today's CISOs and their security teams. Ask these three questions to stay safe in a post-pandemic workplace. Continue Reading
By
- Jessica Groopman, Kaleido Insights
Tip 10 Jun 2020
How security teams can prevent island-hopping cyberattacks

Learn how to prevent island-hopping cyberattacks to keep hackers from gaining the confidence of a phishing victim who could then accidentally commit corporate financial fraud. Continue Reading
By
- Nick Cavalancia, Techvangelism
Quiz 06 May 2020
Test your cyber-smarts with this network security quiz

Show what you know about the topics covered in the May 2020 issue of Information Security magazine. If you get nine of 10 answers right, you'll also receive CPE credit! Continue Reading
By
- Brenda L. Horrigan, Executive Managing Editor
Infographic 01 May 2020
The state of cybersecurity risk: Detection and mitigation

Hackers will always try to creep in, and many will succeed. That's why effective detection and mitigation are essential. How are enterprises faring? Continue Reading
By
- Jessica Scarpati
Tip 07 Apr 2020
AI pen testing promises, delivers both speed and accuracy

AI is making many essential cybersecurity tasks more effective and efficient. AI-enabled penetration testing, or BAS, technologies are a case in point. Continue Reading
By
- Andrew Froehlich, West Gate Networks
Tip 26 Feb 2020
Stop business email compromise with three key approaches

Why is BEC such a popular attack? Because it works, unfortunately, tempting hackers with huge potential payouts. Learn how to keep them from lining their pockets with your assets. Continue Reading
By
- Nick Cavalancia, Techvangelism
Quiz 06 Feb 2020
Try this cybersecurity quiz to test your (threat) intelligence

Check out our latest issue, and then test your understanding of the material. By passing this quiz, you'll solidify your knowledge and earn CPE credit, too. Continue Reading
By
- Brenda L. Horrigan, Executive Managing Editor
Feature 03 Feb 2020
Cisco CISO says today's enterprise must take chances

Cisco CISO Steve Martino talks about taking chances, threats, how the security leader's role is changing and what really works when it comes to keeping the company secure. Continue Reading
By
- Alissa Irei, Senior Site Editor
Tip 16 Jan 2020
Craft an effective application security testing process

For many reasons, only about half of all web apps get proper security evaluation and testing. Here's how to fix that stat and better protect your organization's systems and data. Continue Reading
By
- Kevin Beaver, Principle Logic, LLC
News 08 Nov 2019
Microsoft cybersecurity training to become mandatory for its workers

Microsoft's cybersecurity training program, which uses AI-powered tools to reinforce learning, is mandated for all employees. It will also be launched in a version for customers. Continue Reading
By
- Chris Kanaracus
Feature 06 Nov 2019
4 innovative ways to remedy the cybersecurity skills gap

Learn how companies should adapt to hire, recruit and retain top-notch employees during the current cybersecurity workforce shortage. Continue Reading
By
- Sharon Shea, Executive Editor
Quiz 04 Nov 2019
Test your grasp of AI threats, privacy regulations and more

Test your grasp of current security topics like AI in cybersecurity and what privacy regulations require. Then receive CPE credit by passing this quiz. Continue Reading
By
- Brenda L. Horrigan, Executive Managing Editor
Opinion 01 Nov 2019
When cyberthreats are nebulous, how can you plan?

Security planning is tough when you're short-staffed and hackers have smart tech too. You'll need solid skills and, most of all, a willingness to use your imagination. Continue Reading
By
- Brenda L. Horrigan, Executive Managing Editor
E-Zine 01 Nov 2019

AI threats, understaffed defenses and other cyber nightmares

Continue Reading
Opinion 01 Nov 2019
CISOs, does your incident response plan cover all the bases?

Security incidents, let's face it, are essentially inevitable. How do you cover the key bases -- education, inventory, and visibility -- in planning for incident response? Continue Reading
By
- Kevin Beaver, Principle Logic, LLC
Feature 01 Nov 2019
A cybersecurity skills gap demands thinking outside the box

Today's security team shortages can't be filled using yesterday's thinking. Learn what other IT security leaders are doing to plug the skills gap and keep their organization safe. Continue Reading
By
- Alissa Irei, Senior Site Editor
Infographic 01 Nov 2019
Enterprises feel the pain of cybersecurity staff shortages

It's hard enough keeping up with today's threats on a good day. But when your IT organization is spread thin, especially in terms of cybersecurity staff, the challenges mount. Continue Reading
By
- Jessica Scarpati
01 Nov 2019

AI for good or evil? AI dangers, advantages and decisions

Continue Reading
Answer 29 Oct 2019
What are the roles and responsibilities of a liaison officer?

While liaison officer responsibilities vary depending on the company they work for, their strong organizational and communications skills make them critical to incident response. Continue Reading
By
- Sharon Shea, Executive Editor
- Mike Rothman, Securosis
Tip 29 Aug 2019
How to navigate the often challenging CISO career path

There's no clear-cut path to becoming a CISO. However, the right security certifications, an ever-questioning attitude and a strong network of CISO peers can help prepare you for the journey. Continue Reading
By
- Ernie Hayden, 443 Consulting LLC
Conference Coverage 14 Aug 2019
Latest news from the Black Hat 2019 conference

Learn the latest from this year's Black Hat conference, Aug. 3 to 8. Our team is in Las Vegas to report on what's new in information security risks, trends and defense tactics. Continue Reading
By
- Brenda L. Horrigan, Executive Managing Editor
Opinion 01 Aug 2019
The must-have skills for cybersecurity aren't what you think

The most critical skills that cybersecurity lacks -- like leadership buy-in, people skills and the ability to communicate -- are not the ones you hear about. That needs to change. Continue Reading
By
- Kevin Beaver, Principle Logic, LLC
Tip 25 Jun 2019
What identity governance tools can do for your organization

Learn how to evaluate available security tools that manage the governance of your users' identity and access to company systems and data. Continue Reading
By
- Johna Till Johnson, Nemertes Research
Guide 30 May 2019
How best to secure cloud computing in this critical era

Achieving cloud security today demands you continually update your strategy, policy, tactics and tools. This collection of expert advice helps keep your cloud defenses well-tuned. Continue Reading
By
- Brenda L. Horrigan, Executive Managing Editor
Feature 01 May 2019
Huawei ban highlights 5G security issues CISOs must tackle

Why worry over Huawei? A U.S. ban of this Chinese company's products should remind CISOs that now is the time to consider security issues related to the rollout of the 5G network. Continue Reading
By
- Mary K. Pratt
Tip 20 Mar 2019
How automated patch management using SOAR can slash risk

Learn how to use security orchestration, automation and response, also known as SOAR, to ease the hassle of mundane tasks related to patch management. Continue Reading
By
- Mike Chapple, University of Notre Dame
Tip 20 Mar 2019
Automating incident response with security orchestration

Security orchestration, automation and response technology is now seen as a key aid to security pros attempting to thwart an onslaught of cyberattacks. Continue Reading
By
- Mike Chapple, University of Notre Dame
Tip 20 Mar 2019
Plugging the cybersecurity skills gap with security automation

Security automation and response promises to help alleviate the shortage of qualified cybersecurity pros. Learn how SOAR helps security teams work smarter, not harder. Continue Reading
By
- Mike Chapple, University of Notre Dame
Conference Coverage 07 Mar 2019
RSAC 2019: Coverage of the premiere security gathering

Find out what's happening at the at the 2019 RSA Conference in San Francisco, the information security industry's biggest event, with breaking news and analysis by the SearchSecurity team. Continue Reading
By
- Madelyn Bacon, TechTarget
Tip 20 Feb 2019
Key steps to put your zero-trust security plan into action

There are three key categories of vendor zero-trust products. Learn what they are, and how to evaluate and implement the one that's best for your company. Continue Reading
By
- Dave Shackleford, Voodoo Security
Feature 01 Feb 2019
Top 10 CISO concerns for 2019 span a wide range of issues

From dealing with data and staffing shortages to adapting to an ever-expanding set of job responsibilities, CISOs face an array of serious issues in 2019. Continue Reading
By
- Mary K. Pratt
Feature 01 Feb 2019
Battling nation-state cyberattacks in a federal leadership vacuum

Nation-state cyberattacks could be better fought with a united front. But the U.S. government has failed to find a reliable way to deter or stop attackers. Continue Reading
By
- Robert Lemos
Opinion 01 Feb 2019
What a proactive cybersecurity stance means in 2019

Meeting cyberthreats head-on is no longer a choice but a necessity. Learn what dangers IT security teams may face in 2019 and why a proactive attitude is vital. Continue Reading
By
- Brenda L. Horrigan, Executive Managing Editor
Tip 10 Dec 2018
5 actionable deception-tech steps to take to fight hackers

Consider taking these five 'deceptive' steps to make your detection and response capabilities speedier, more effective and to improve your company's security posture. Continue Reading
By
- Dave Shackleford, Voodoo Security
Podcast 08 Nov 2018
Risk & Repeat: MIT CSAIL discusses securing the enterprise

This week's Risk & Repeat podcast discusses the MIT CSAIL Securing the Enterprise conference and how experts there advocated for new strategies and approaches to infosec. Continue Reading
By
- Rob Wright, Senior News Director
Tip 10 Oct 2018
Give your SIEM system a power boost with machine learning

The enterprise SIEM is still essential to IT defenses, but the addition of AI, in the form of machine learning capabilities, gives it even more potential power. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
Tip 10 Oct 2018
The time to consider SIEM as a service has arrived

Now even your SIEM comes in the as-a-service model. Assess whether it's time to consider outsourcing this fundamental tool in your defense lineup. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
Tip 10 Oct 2018
Prepping your SIEM architecture for the future

Is your SIEM ready to face the future? Or is it time for a major tune-up or at least some tweaks around the edges? Learn how to approach your SIEM assessment and updates. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
Opinion 01 Aug 2018
Why third-party access to data may come at a price

Google and other platform companies dangled not only APIs but access to user data from unwitting customers to attract third-party developers and other partners. Continue Reading
By
- Kathleen Richards
27 Jul 2018

Why third-party access to data may come at a price

Continue Reading
Feature 24 Jul 2018
McAfee CISO: The importance of a strong cybersecurity culture

For McAfee CISO Grant Bourzikas, building a strong cyberdefense culture is essential because employees are the first line of defense to avoid rapidly evolving cybersecurity risks. Continue Reading
By
- Mary K. Pratt
Tip 16 Jul 2018
Fine-tuning incident response automation for optimal results

Wondering where to apply automation to incident response in order to achieve the best results? The variety of options might be greater than you imagine. Read on to learn more. Continue Reading
By
- Dave Shackleford, Voodoo Security
Tip 16 Jul 2018
How to integrate an incident response service provider

Adding a third-party incident response service to your cybersecurity program can bulk up enterprise defenses, but the provider must be integrated carefully to reap the benefits. Continue Reading
By
- Steven Weil, Point B
Feature 25 Jun 2018
Accenture's Tammy Moskites on the cybersecurity gender gap

Accenture's Tammy Moskites spoke with SearchSecurity at RSA Conference 2018 about the gender gap in the infosec industry and what can be done to close it. Continue Reading
By
- Rob Wright, Senior News Director
Tip 29 May 2018
Building an effective security program for beginners

Charles Kao explains why continuous learning, observation of merit and appreciation of others are key elements for an effective security program -- and for preventing cyberattacks. Continue Reading
By
- Charles Kao, Simply Auri
News 27 Apr 2018
Atlanta ransomware attack cost city more than $5 million

The bill for remediating the Atlanta ransomware attack that took some government systems offline in March was released, and totals more than $5 million and counting. Continue Reading
By
- Michael Heller, TechTarget
News 27 Mar 2018
Five days after Atlanta ransomware attack, recovery begins

After battling the fallout from an Atlanta ransomware attack for five days, Mayor Keisha Bottoms said City Hall has finally begun to recover and turn systems back on. Continue Reading
By
- Michael Heller, TechTarget
Tip 05 Mar 2018
Continuous security monitoring advances automated scanning

Battling threats in today's fast-paced cyberworld means shutting down vulnerabilities fast, which requires round-the-clock monitoring. Learn how to make it happen in your company. Continue Reading
By
- Mike Chapple, University of Notre Dame
Tip 05 Mar 2018
Automated patch management and the challenges from IoT

From creating an inventory to scanning for IoT vulnerabilities, learn the key steps to take when it comes to automating patch management in your company. Continue Reading
By
- Mike Chapple, University of Notre Dame
Feature 01 Feb 2018
CISOs map out their cybersecurity plan for 2018

What's on the short list for enterprise cybersecurity programs in the coming year? As attack vectors increase -- think IoT -- we ask information security leaders to discuss their plans. Continue Reading
By
- Mary K. Pratt
Tip 09 Oct 2017
Make your incident response policy a living document

Effective incident response policies must be detailed, comprehensive and regularly updated -- and then 'embedded in the hearts and minds' of infosec team members. Continue Reading
By
- Johna Till Johnson, Nemertes Research
Feature 13 Jun 2017
(ISC)2 CEO on cybersecurity workforce expansion and 2017 Congress

Recently, SearchSecurity editorial director Robert Richardson checked in with (ISC)2's CEO David Shearer as the organization prepares for its fall Security Congress. Continue Reading
By
- Robert Richardson
Tip 06 Apr 2017
Dedicated security teams: The pros and cons of splitting focus areas

Could using dedicated security teams that focus on one area of risk help reduce the attack surface for enterprises? Expert Steven Weil looks at the pros and cons of that approach. Continue Reading
By
- Steven Weil, Point B
Answer 15 Mar 2017
How can CISOs strengthen communications with cybersecurity staff?

Effective CISO communications are key to fostering a healthy relationship with the cybersecurity staff. Expert Mike O. Villegas reviews some ways to build that relationship. Continue Reading
By
- Mike O. Villegas, K3DES LLC
Answer 14 Mar 2017
What effect does a federal CISO have on government cybersecurity?

The brief tenure of a federal CISO in the U.S. government recently came to an end. Expert Mike O. Villegas discusses the effect this has on the U.S. cybersecurity posture. Continue Reading
By
- Mike O. Villegas, K3DES LLC
Answer 16 Feb 2017
How does a security portfolio help an enterprise security program?

A security portfolio shouldn't be used as an alternative to a reporting structure, but it can still be beneficial to enterprises. Expert Mike O. Villegas explains how. Continue Reading
By
- Mike O. Villegas, K3DES LLC
Answer 15 Feb 2017
What are the pros and cons of hiring a virtual CISO?

A virtual CISO is a good option for smaller organizations that want stronger security leadership, but don't have the budget. Expert Mike O. Villegas discusses the pros and cons. Continue Reading
By
- Mike O. Villegas, K3DES LLC
Tip 09 Feb 2017
How to organize an enterprise cybersecurity team effectively

The structure of an enterprise's cybersecurity team is important for ensuring it's as effective as possible. Expert Steven Weil outlines strategies for setting up a security group. Continue Reading
By
- Steven Weil, Point B