March 30, 2018
It took a nation-state attack for Alan Levine to realize the importance of implementing a cyber awareness program. "I believed that cyber awareness training was useless because I believed my users ...
March 25, 2018
The position of Chief Information Security Officer (CISO) has become well established in recent years, but where is it heading next? For many it is often perceived as an inward directed role more ...
February 23, 2018
Bloggers delve into CISO information security objectives, Juniper's new product release and how self-sufficient networking teams should try to be in an area of increasing complexity.
February 22, 2018
With the EU's General Data Protection Regulation looming, Qualys' Darron Gibbard discusses GDPR data breach notifications, and more with the EU's new privacy law.
CISO Get Started
Bring yourself up to speed with our introductory content
For a cybersecurity program to be effective, CISOs must be viewed as business enablers. Kudelski Security's John Hellickson offers tips on how CISOs can make the transformation. Continue Reading
Omar F. Khawaja, CISO at Highmark Health, has five areas of focus on his cybersecurity roadmap, and technology is not at the top of the list. Instead, he is prioritizing organizational change management and building an effective decision-making framework for the security leaders of the national healthcare provider and insurer.
While Khawaja's cybersecurity roadmap may sound ambitious, his focus on risk management and team decision-making to align the security program with the healthcare organization's business strategy is far from unique. Studies show that executives increasingly recognize that a cyberattack could cripple their operations and mean millions in lost business and reputational damage as well as in cleanup costs.
"CISOs are now charged with defending this digital infrastructure, and that includes software everywhere and data as a resource, and that's a massive change at a time when the attack surface keeps expanding," says Jeff Pollard, an analyst at Forrester Research.
In this issue of Information Security magazine, security professionals detail the process of developing effective one-year plans. Why do companies struggle to strengthen their cybersecurity roadmap? We look at effective planning, what could go wrong and how to get support for your strategy.Continue Reading
The failure to detect insider threats and a growing need to store and sort through massive amounts of data have drawn attention to user behavior analytics, sometimes called user and entity behavior analytics. According to Gartner, UBA tools deliver value for use cases such as compromised accounts, including stolen and phished credentials. They can also be used to find compromised systems and data exfiltration.
Security platforms like data loss prevention, endpoint security and cloud access security brokers will increasingly layer or incorporate UBA features to help analyze alerts and make underlying technology more useful, according to analysts. SIEM and UBA are also converging, with SIEM vendors adding UBA tools and UBA vendors building SIEM systems.
In this issue of Information Security magazine, we look at the dynamics around UBA and strategies for CISOs going forward. UBA vendors are releasing product suites targeted at security operations centers, today built around SIEM. What does the future hold for standalone UBA tools? We look at time to value and use cases, and help you sift through the noise.Continue Reading
Evaluate CISO Vendors & Products
Weigh the pros and cons of technologies, products and projects you are considering.
For Xerox CISO and former White House deputy CIO Alissa Johnson, cybersecurity lessons learned in the public sector are proving relevant in her current role. Continue Reading
Nexsan's Gary Watson explains that the GDPR right to be forgotten will be an important piece of the compliance picture and means deleting data securely, completely and provably when customers ask for it. Continue Reading
Most cloud access security brokers offer CISOs a way to set policy and gain better understanding of multiple cloud services and data in use across the enterprise. As CASBs have gained momentum in recent years, use cases for them have expanded. Do these tools fill the gaps around visibility and control of software as a service and other cloud services?
Although cloud service visibility and data leak protection continue to be the biggest drivers, cloud access security brokers can do more than just help with your shadow IT problem and unsanctioned application activity in the cloud.
Organizations are increasingly looking to use cloud access security brokers to identify anomalies in data movement between on-premises and cloud apps as well as multiple cloud services. Malware identification and encryption of data have become important. More enterprises are also beginning to use CASBs or similar intermediary security technologies to provide some level of security policy management for custom identity-as-a-service platforms.
In this issue of Information Security magazine, we look at cloud access security brokers and the best ways to evaluate new models, such as infrastructure as a service and platform security.Continue Reading
Learn to apply best practices and optimize your operations.
Consistent security for all data from cloud providers and third-party partners is what many consider the next evolution of cloud. The biggest cloud security threats for most companies, however, result from in-house staff mistakes, lack of patching and misconfiguration.
Even when the risks associated with cloud security threats are high, the cost benefits to organizations outweigh the risks. Enterprise spending for public cloud services worldwide is expected to reach $160 billion in 2018, according to the International Data Corporation. Software as a service still has the highest growth, followed by infrastructure as a service and platform as a service. Many technology platforms take advantage of public cloud security features, but large-scale clouds don't always mean large-scale threat protection. What cloud security threats should you watch out for in 2018?
"It seems like there's a lot of money to be made in cryptocurrency, and it is so much easier to attack [the internet of things] with Linux malware," said Mounir Hahad, head of threat research at Juniper Networks.
Botnets increasingly pose cloud security threats, powering distributed denial of service, ransomware and other crippling attacks. Ransomware remains one of the most lucrative for cybercriminals, who can easily find ransomware kits online. In this issue of Information Security magazine, we look at cloud security in 2018 and strategies to protect sensitive data from internal and external threats.Continue Reading
Cybersecurity and healthcare can get along, according to CISO Joey Johnson, who leads the security program at Premise Health, but it takes patience and attention to the details. Continue Reading
Equifax's CISO came under fire for having a music degree. David Shearer, CEO of (ISC)2, discusses what type of education infosec professionals should have. Continue Reading
Problem Solve CISO Issues
We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.
Speed-to-market strategies shouldn't be bogged down by IT security. Here are two steps that will help CISOs adapt governance practices to support IT speed. Continue Reading
The new CISO at Delta Air Lines earned her wings by sticking with security from the start. As the airline industry faces new challenges, Deborah Wheeler takes on a leadership role. Continue Reading
Security vendor hype is a problem CISOs often have to deal with. Expert Mike O. Villegas discusses some ways to cut through the hype and make smart purchasing decisions. Continue Reading