By Gary Hayslip
As a CISO, you will find your job requires you to have experience in many areas.
As the leading cyber security executive for your organization you will be expected to manage your organizations cyber security suite and lead your team in protecting its assets. In this position you will also work with your organizations departments and in the process meet many of your critical stakeholders.
As you build your human network in your organization, remember these stakeholders are your customers and it is important that you understand what issues they are presently having with your organization’s enterprise network and its current application portfolio.
By Joel Rosenblatt
There have been articles on how Samsung’s smart TV may be “recording” your conversations and sending them off to a “third party.”
We are living in a world where organizations like the NSA may or may not be recording our phone conversations and reading our email. We know that Google and others track our online presence “to provide a better experience” and target advertising.
So, if your smart TV can listen to you and follow your commands – it is not that big of a stretch to imagine the rest of your appliances doing the same thing (I know that I have yelled at a few of them over the years.)
I can see the new version of wiretapping including TVs, toasters, refrigerators, washers, and any other smart device.
By David Sheidlower
A CISOs Guide to Principles of Data Privacy and Security examines the key issues surrounding data privacy and security.
In this eBook, Sheidlower, currently CISO of an international media and advertising firm, provides his perspective on topics, which include privacy policies, big data, consent, governance and security.
According to the author: “The fundamental principles of privacy and security continue to evolve. I’ve tried to look into each of them from the consent process, which most people find problematic, to the need for a framework for data protection, which is where an organization’s security program comes in.”
The eBook has been lauded by Sheidlower’s peers, with Larry Whiteside Jr., CISO of the Lower Colorado River Authority (LCRA), stating: “It provides thought provoking and actionable information on issues that are top of mind for us – data privacy and security. I highly recommend reading it.”
By John J. Masserini
I read an article recently about how a CISO talked his way out of having an internal auditor write up a finding about weak passwords – which eventually lead to a significant and highly publicized breach.
The CISO’s argument was that, by implementing strong passwords, users would end up just writing them down, thereby, weakening the overall security of the company. This article started a healthy debate amongst some colleagues about what risk we’re truly trying to address.
During the discussion, I questioned what ultimately is the bigger risk – the chance that a colleague would steal a password written on a sticky note, or an adversary would toss a rainbow table full of common words at a weak password and crack it in seconds.
I would certainly never second-guess a fellow CISO - and this is simply just something to think about - but at the end of the day, whom are we actually trying to protect ourselves from?
Sure, there could be the rogue cleaning person who steals the sticky note, but at the end of the day, isn’t the electronic threat far more worrisome then the physical one these days?
3 Things to look for in 2015
The President's cybersecurity legal proposals
By David Cass
Security and Privacy are essential in today’s digital economy. 2014 was a year of large-scale security and privacy breaches, leaving everyone asking themselves how much should we trust companies with our sensitive information.
Currently, there are more than 80 countries with privacy laws. Violating these laws may result in fines, brand damage, and/or loss of revenue.
LabMD processes medical specimens. One day, a security services company emailed them advising that its patented searching software, which looks for problems caused by peer-to-peer applications, found a file with sensitive information.
LabMD refused to pay, choosing to mitigate the problem themselves. The security company turned over its finding to the Federal Trade Commission leading to a multi-year, resource-draining battle by LabMD to try to prove they did nothing wrong.