View All News

CISO Get Started

Bring yourself up to speed with our introductory content

  • How can the CISO become a business enabler?

    For a cybersecurity program to be effective, CISOs must be viewed as business enablers. Kudelski Security's John Hellickson offers tips on how CISOs can make the transformation. Continue Reading

  • Cybersecurity roadmap: What's driving CISOs' agendas for 2018

    Omar F. Khawaja, CISO at Highmark Health, has five areas of focus on his cybersecurity roadmap, and technology is not at the top of the list. Instead, he is prioritizing organizational change management and building an effective decision-making framework for the security leaders of the national healthcare provider and insurer.

    While Khawaja's cybersecurity roadmap may sound ambitious, his focus on risk management and team decision-making to align the security program with the healthcare organization's business strategy is far from unique. Studies show that executives increasingly recognize that a cyberattack could cripple their operations and mean millions in lost business and reputational damage as well as in cleanup costs.

    "CISOs are now charged with defending this digital infrastructure, and that includes software everywhere and data as a resource, and that's a massive change at a time when the attack surface keeps expanding," says Jeff Pollard, an analyst at Forrester Research.

    In this issue of Information Security magazine, security professionals detail the process of developing effective one-year plans. Why do companies struggle to strengthen their cybersecurity roadmap? We look at effective planning, what could go wrong and how to get support for your strategy.

     Continue Reading

  • Will it last? The marriage between UBA tools and SIEM

    The failure to detect insider threats and a growing need to store and sort through massive amounts of data have drawn attention to user behavior analytics, sometimes called user and entity behavior analytics. According to Gartner, UBA tools deliver value for use cases such as compromised accounts, including stolen and phished credentials. They can also be used to find compromised systems and data exfiltration.

    Security platforms like data loss prevention, endpoint security and cloud access security brokers will increasingly layer or incorporate UBA features to help analyze alerts and make underlying technology more useful, according to analysts. SIEM and UBA are also converging, with SIEM vendors adding UBA tools and UBA vendors building SIEM systems.

    In this issue of Information Security magazine, we look at the dynamics around UBA and strategies for CISOs going forward. UBA vendors are releasing product suites targeted at security operations centers, today built around SIEM. What does the future hold for standalone UBA tools? We look at time to value and use cases, and help you sift through the noise.

     Continue Reading

View All Get Started

Evaluate CISO Vendors & Products

Weigh the pros and cons of technologies, products and projects you are considering.

  • Cybersecurity methods, threats similar across public and private sectors

    For Xerox CISO and former White House deputy CIO Alissa Johnson, cybersecurity lessons learned in the public sector are proving relevant in her current role. Continue Reading

  • The GDPR right to be forgotten: Don't forget it

    Nexsan's Gary Watson explains that the GDPR right to be forgotten will be an important piece of the compliance picture and means deleting data securely, completely and provably when customers ask for it. Continue Reading

  • Cloud access security brokers: Hard to tell what's real

    Most cloud access security brokers offer CISOs a way to set policy and gain better understanding of multiple cloud services and data in use across the enterprise. As CASBs have gained momentum in recent years, use cases for them have expanded. Do these tools fill the gaps around visibility and control of software as a service and other cloud services?

    Although cloud service visibility and data leak protection continue to be the biggest drivers, cloud access security brokers can do more than just help with your shadow IT problem and unsanctioned application activity in the cloud.

    Organizations are increasingly looking to use cloud access security brokers to identify anomalies in data movement between on-premises and cloud apps as well as multiple cloud services. Malware identification and encryption of data have become important. More enterprises are also beginning to use CASBs or similar intermediary security technologies to provide some level of security policy management for custom identity-as-a-service platforms.

    In this issue of Information Security magazine, we look at cloud access security brokers and the best ways to evaluate new models, such as infrastructure as a service and platform security.

     Continue Reading

View All Evaluate

Manage CISO

Learn to apply best practices and optimize your operations.

  • Cloud security threats in 2018: Get ahead of the storm

    Consistent security for all data from cloud providers and third-party partners is what many consider the next evolution of cloud. The biggest cloud security threats for most companies, however, result from in-house staff mistakes, lack of patching and misconfiguration.

    Even when the risks associated with cloud security threats are high, the cost benefits to organizations outweigh the risks. Enterprise spending for public cloud services worldwide is expected to reach $160 billion in 2018, according to the International Data Corporation. Software as a service still has the highest growth, followed by infrastructure as a service and platform as a service. Many technology platforms take advantage of public cloud security features, but large-scale clouds don't always mean large-scale threat protection. What cloud security threats should you watch out for in 2018?

    "It seems like there's a lot of money to be made in cryptocurrency, and it is so much easier to attack [the internet of things] with Linux malware," said Mounir Hahad, head of threat research at Juniper Networks.

    Botnets increasingly pose cloud security threats, powering distributed denial of service, ransomware and other crippling attacks. Ransomware remains one of the most lucrative for cybercriminals, who can easily find ransomware kits online. In this issue of Information Security magazine, we look at cloud security in 2018 and strategies to protect sensitive data from internal and external threats.

     Continue Reading

  • Healthcare CISO: 'Hygiene and patching take you a long way'

    Cybersecurity and healthcare can get along, according to CISO Joey Johnson, who leads the security program at Premise Health, but it takes patience and attention to the details. Continue Reading

  • Do CISOs need computer science degrees?

    Equifax's CISO came under fire for having a music degree. David Shearer, CEO of (ISC)2, discusses what type of education infosec professionals should have. Continue Reading

View All Manage

Problem Solve CISO Issues

We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.

View All Problem Solve