Blog Posts Tagged with "CISO"

673de21f2652135087d940b7f65c4b5e

The Five Things CSOs Need to Know About Software-Defined Security

January 19, 2015 Added by:Carson Sweet

Software-defined security changes the game for the CISO and their teams. Security can now move to being an enabler for enterprises that are taking advantage of the business value offered by cloud services and infrastructure, without sacrificing security or compliance.

Comments  (2)

Ffc4103a877b409fd8d6da8f854f617e

CISOs Share Top 10 Tips for Managing IT Security Vendors

July 31, 2013 Added by:InfosecIsland News

Austin-based Wisegate has released a report that provides top 10 tips from leading CISOs to help IT professionals manage security vendors.

Comments  (0)

6d117b57d55f63febe392e40a478011f

Enter the CISO: Torchbearer of Security and Risk Management

April 06, 2013 Added by:Anthony M. Freed

In a convergence culture, accountability for risk is accepted across the organization, and when that happens, risk management becomes a priority to the business, informing strategy and objectives. By helping identify and mitigate risk across finance, operations and IT, the CISO puts security in context of what could affect profit.

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

CISO Challenges: The Build vs. Buy Problem (1:2)

January 21, 2013 Added by:Rafal Los

Change control, application security reviews, incident response, policy review, audit preparation, acquisition due-diligence... all of these require people, money and time - but you've got it all in short supply. Here's one way of looking at making the decision of what to build, and what to outsource...

Comments  (0)

65c1700fde3e9a94cc060a7e3777287c

Information Security: Why Bother?

December 09, 2012 Added by:Simon Moffatt

The question, often raised as a bargaining tool, is often focused on the, ‘well I understand what you propose and I know it will increase the security of scenario X, but why should I do it?’. In honesty, it is a good question...

Comments  (3)

0a8cae998f9c51e3b3c0ccbaddf521aa

The Security ROI "Death Spiral"

November 18, 2012 Added by:Rafal Los

The worst thing that can happen to a CISO is to get trapped in the ROI Death Spiral. I know, I know, we’ve all been told that we need to justify cost, manage expense, use the tools our companies provide us, etc. CISOs that don’t play by the rules won’t get anywhere...

Comments  (0)

1b061b1cec6b5898e5326992d9461610

Infosec’s Most Dangerous Game: Groupthink

November 07, 2012 Added by:Dave Shackleford

These days, I am very, very afraid for the future of CISOs. Over the past few years, and specifically the past 12 months, I have become increasingly alarmed at the level of “groupthink” and “synchronized nodding” going on with security executives. Here are some of the things I am seeing...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

CISO Concerns: Security vs. Usability, Affordability

October 25, 2012 Added by:Rafal Los

Recently in New York city we hosted a CISO-level event where we discussed various issues experienced during the life of an enterprise security program. CISOs brought up various topics from budgeting to being overwhelmed with constantly evolving threats - but one in particular caught my attention...

Comments  (2)

0a8cae998f9c51e3b3c0ccbaddf521aa

Your Next Critical Security Project May Not Be What You Think

October 23, 2012 Added by:Rafal Los

If we're honest with ourselves, we can look around the organization and find several projects that even though they are implementation-complete, are hardly "complete" as they sit. Too often after a catastrophic failure, or security incident we're pre-disposed to making hasty purchases to effectively stop the bleeding...

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

CISO Lessons Learned

October 11, 2012 Added by:Tripwire Inc

The lessons they learn are not just from traditional infosec forensics – they also look at other parts of the business who contributed to the issue, were impacted by the incidents, or who were involved in response – and their learnings can include virtually any aspect of the chain of event...

Comments  (0)

54a9b7b662bfb0f0445d1661d7ed180b

Chief Information Security Officer (CISO) Certified?

September 09, 2012 Added by:Jayson Wylie

The requirements involved with obtaining a certification past September 30th 2012 may not be beneficial for a CISO, andI do not know how applicants with this new certification will stand apart from those with graduate degrees in their understanding of security solutions...

Comments  (8)

1de705dde1cf97450678321cd77853d9

Blame the Silver Heads?

July 17, 2012 Added by:Ian Tibble

The idea that CEOs are responsible for all our problems is one of the sacred holy cows of the security industry. Security analysts, managers, self-proclaimed "Evangelists", "Subject Matter Experts", ad infinitum are responsible for the problems. Lets look at ourselves before blaming others...

Comments  (4)

0a8cae998f9c51e3b3c0ccbaddf521aa

Do You Really Need a CISO to Have Security?

June 17, 2012 Added by:Rafal Los

In the analysis of it, every organization needs to have someone responsible for the technology-based risk or security of the organization. Whether that's the Technology Manager, the CISO, or the "IT guy". I just want to see better security, more resiliency, and less technical risk....

Comments  (6)

296634767383f056e82787fcb3b94864

LinkedIn Failed to Meet Standards or Better Standards are Needed

June 10, 2012 Added by:Jeffrey Carr

LinkedIn doesn't have a CSO or CISO, which for a publicly traded company communicates that security is not a priority. Considering they still don't know how this breach occurred and the minimal attention payed to password security, I can't help but wonder how secure the credit card information is...

Comments  (0)

C787d4daae33f0e155e00c614f07b0ee

CISO 2.0: Enterprise Umpire or Wide Receiver?

May 21, 2012 Added by:Robb Reck

In security, our challenge to demonstrate to the business that the money they invest in us goes further than just keeping us out of the newspaper. Security can deliver tangible benefits out to the business. An effective security program can reduce the costs of creating products...

Comments  (2)

9f19bdb2d175ba86949c352b0cb85572

Manage Risk Before it Damages You - Part Two

April 01, 2012 Added by:Neira Jones

For a CISO to be successful, they need not only to be prepared to eliminate redundant services and controls (ouch!), but also to promote the elimination of redundant assets which they will invariably not own. Enter the political CISO...

Comments  (2)

Page « < 1 - 2 > »