Upcoming Events:

Will Corporate Security Models Move Toward the EDU Security Model?

By Randy Marchany
Virginia Tech CISO 

No network is impenetrable, a reality that business executives and security professionals alike must accept. The traditional perimeter focused approach to cybersecurity has often failed to prevent intrusions, especially in an application-focused paradigm.

While prevention is crucial, timely incident detection of anomalous behaviors for data ex-filtration are key. Continuous monitoring assumes the attackers are already inside of the network and using the right tools, data, and strategies to interrupt the attackers communication channels are needed to mount a successful breach.

                                                                Read More 

Making Insurance Part of Your Enterprise Risk Management Program

By Grace Crickett

San Francisco State University Interim AVP of Business Operations

In this series, Grace Crickette provides C-Level executives a comprehensive overview of cyber insurance, while addressing business impacts and offering best practices for implementing a risk-management strategy that includes a cyber-liability policy.

Risk Management and Insurance Basics - Part Three

Insurance is just one tool in the Risk Managers belt, but sometimes it is their favorite tool. Why?  It is the easiest to wield when all the rest of risk management is quite difficult. The identification, understanding, and management of risk requires people to change their behavior, which is challenging. 

                                                                 Read more 

IBM Global CISO Cloud & SaaS Speaks with Suffolk County Police Department Technology Security Officer

IBM's David Cass and Suffolk County's William Okula, Discuss Threats and Best Practices

In the series brought to you by Security Current and Intersections IT Security ONE2ONE Summit you will hear CISOs discuss today’s most critical issues in IT Security.

This episode features David Cass, IBM Cloud & SaaS Global CISO, and William Okula, Executive Officer Police Technology Bureau at the Suffolk County Police Department, who discuss the most prevalent types of attack in the public sector.

In this podcast you’ll hear in particular about phishing and malware. They also discuss challenges facing security departments in the public sector, staffing and security best practices.

                                                                  Listen Now  

Hackers Are Not Afraid of Frameworks

By David Sheidlower

Global Media and Advertising CISO

Is that news?  No, of course it isn’t. In fact, deterrence (fear) may seem like an odd concept for cybersecurity. Arguably, except for highly visible physical access controls, virtually all other cybersecurity controls are designed to keep an incident from happening (i.e. protective/preventive) or detect and then respond/recover when it has.  

A guard with a gun.  That’s deterrence.  An armed guard standing next to a metal detector between the thief and the elevators to your office may convince the thief to try the building down the street. 

                                                                Read More 


 

 


Building Enterprise Security Through Trust and Visibility

 

By Pritesh Parekh

Zuora VP & CSO

Information is at the heart of today’s modern businesses, which is why now, more than ever, security professionals need to take a proactive approach to security to protect this valuable asset.

The first step to defining your security strategy is to determine how much your organization should be investing in security. To make this determination, evaluate your compliance requirements (legal, regulatory, and industry), your exposure to business risk and the financial impact of a breach, and your business and sales drivers (i.e. is a strong security program the kind of competitive advantage you need to win business). This is a collaborative effort, wherein you’re providing visibility into your security plans while accessing insight into all areas of your organization.

Once you’ve evaluated these criteria and calculated your security investment, you’re ready to define your security strategy, keeping in mind:

  • Business alignment. Your security vision, mission, and goals should be in alignment with your overall business objectives. Your goal is to support your business, not stand separate from it.
  • Phased approach. When it comes to building out your security program, start small. Set a foundation of a small set of security controls and then build out from there.
  • Defense-in-depth. If you have multiple security layers, then, even if one layer is compromised, your information will still be protected.

                                                                                           Read More 

 

10 CISOs Say Cyber Insurance is Growing and Evolving, but Adoption Comes with Caveats

Ten CISOs from across industries share insight on the future of cyber insurance and tips for success.

10 CISOs Say Passwords are Failing and Must be Augmented or Supplanted

Ten CISOs from across industries weigh in on the effectiveness of passwords, with most predicting that the days are numbered for the password as the sole authentication method.

Security Current eBook 

A CISOs Guide to Principles of Data Privacy and Security
By David Sheidlower

 

"The Internet of Cows"

By Randy Marchany 

Virginia Tech CISO

Glenn Fink, a security researcher at Pacific Northwest Labs, did a presentation called the “Internet of Cows” at a recent IEEE conference where he showed how dairy farming has become an automated, internet accessible business process.

He took the discussion one step further by saying that cows make great human surrogates in the privacy debates surrounding IoT. He showed how data from almost every single biological process of a cow (health, reproduction, location, sounds) is monitored by IoT.  

Analysis of herd data allows farmers to predict the health of a cow, the optimum time for reproduction and milk production. He maintained that cows don’t object to this type of management and therefore, this is why they are well suited to study the effects of intrusive monitoring. 

Read more!

 

 

About securitycurrent | Privacy Policy | Subscribe to our newsletter