Top News:

Security Talent Management: Leveraging the "Cool"

By Ed Moyle

I happened to watch the movie “The Duff” recently. If you haven’t seen it, it’s a 2015 teenage comedy film with a plot along the lines of “The Breakfast Club” meets “Mean Girls.”

What struck me about this movie (and the reason I’m alluding to it now) was the fact that one of the main characters, a young woman named Casey, is a hacker.  In fact, her hacking ability turns out to be a major plot point (no spoilers, I promise.) 

This fact struck me for two reasons: first, the movie didn’t need to explain it.  It was a given that everyone watching would understand what a hacker is, what it means that this character is one, and the potential impact of her skills. 

This means that information security (cybersecurity if you must) has become embedded into the collective social context.  

                                                                  Read More  

A CISO's Top 5 To Do's in the First 90 Days

By Roosevelt Reynolds  Lendmark Financial Services VP Information Security 

As many of you know, starting a new job can be challenging in and of itself. It involves learning a new culture, understanding company values, as well as basic things such as remembering names and faces, and who to eat lunch with.

With all of the stress and challenges experienced within that  first 90 days, which is just a small glimpse of what you will experience for the remainder of the year, it is imperative as a CISO to develop a plan to somehow balance the stress and challenges. 

Truly, the first 90 days amounts to a “drinking from the fire hose” reality, but we forget that those first 90 days can also determine your future within the company (whether it is voluntary or involuntary), and determine your credibility with your colleagues.

                                                                     Read More 

 

Transforming Sensitive Information Securely 

Vic Wheatman Speaks with Ross Morley of Datex, Inc.

It no longer is will an intruder will gain access to your network, it is just a matter of when they will gain access.

Cybersecurity company Datex, Inc. says employees will make mistakes, user credentials will be compromised, data theft will happen and compliance mandates will not be met.

Its DataStealth service addresses these and other issues by inspecting network traffic, extracting sensitive information and substituting spurious data for the original information, transforming that information into secure and usable fragments to allow applications to securely do their jobs.

In this sponsored podcast with Security Current's Vic Wheatman, Ross Morley of Datex, Inc. describes how the service works, its benefits and provides real-world use cases.

                                                                Listen Now  

 

Security Current eBook:  A CISOs Guide to Principles of Data Privacy and Security 

By David Sheidlower 

A CISOs Guide to Principles of Data Privacy and Security examines the key issues surrounding data privacy and security.

In this eBook, Sheidlower, currently CISO of an international media and advertising firm, provides his perspective on topics, which include privacy policies, big data, consent, governance and security.

According to the author: “The fundamental principles of privacy and security continue to evolve.  I’ve tried to look into each of them from the consent process, which most people find problematic, to the need for a framework for data protection, which is where an organization’s security program comes in.”

The eBook has been lauded by Sheidlower’s peers, with Larry Whiteside Jr., CISO of the Lower Colorado River Authority (LCRA), stating: “It provides thought provoking and actionable information on issues that are top of mind for us – data privacy and security. I highly recommend reading it.”

Download Now 

 The OPM Breach - Why Doing the Basics Is Not Enough

By Chris Carpenter 

Director of Security Operations, Secretary of Defense Communications

The recent Office of Personnel Management (OPM) breach may be the largest breach of Federal records ever. 

With the resignation of OPM Director Katherine Archuleta over the compromise of the newly disclosed number of 21.5 million records, the breach has gotten the attention of Congress and the nation as a whole since it was first revealed last month.  One of the key questions being asked is the one that is always asked, “How did you let this happen?" 

The answers currently being provided are not very satisfying to many but it’s really not an easy question.

There has been a lot of focus on why OPM did not have better protective measures in place to prevent a breach like this from happening.  The OPM response has been they don’t know if they could have prevented it. 

                                                                                                Read More 

 

CISOs - Maintaining the Vision

A practitioners tips on being a successful leader

 

My Parents Taught Me to Share So What's the Big Deal?

Sharing information on cyber threats 

 

Audited and Jaded 

Are technical audits effective? 

 

Risk Averse. Rule Averse.

How bias can impact how a security program works

Lawyers Gone Wild: Document Preservation Requests Are Out of Control

By Joel Rosenblatt

I don’t know how many of the readers out there have gotten to deal with the joy of document preservation, but let me tell you, it is not a lot of fun. 

The process at Columbia starts off with either the General Counsel’s (GC) office receiving a notice from a lawyer or the University deciding to enter into a lawsuit.  At that point, I usually get an email from one of the 30 or so lawyers in our GC office with a list of names of the people involved in the litigation. 

Sometimes, I receive a copy of a subpoena, if it is an outside party suing us; often it is a description of the case with a list of the things that need to be preserved. 

Read More 

Professor Daniel Solove: What is Privacy?

By Daniel Solove 

What is privacy? This is a central question to answer, because a conception of privacy underpins every attempt to address it and protect it. 

Every court that holds that something is or isn't privacy is basing its decision on a conception of privacy -- often unstated. 

Privacy laws are also based on a conception of privacy, which informs what things the laws protect.  Decisions involving privacy by design also involve a conception of privacy.  When privacy is "baked into" products and services, there must be some understanding of what is being baked in.

Read More 

 

About securitycurrent | Privacy Policy | Subscribe to our newsletter