Events:

Live Webinar: Healthcare Security in a Cloud First World

With Joey Johnson, CISO Premise Health

When: June 1, 2 PM EDT

Healthcare security requirements become even more complicated with the move to the cloud. Competing internal priorities, along with numerous cloud apps to control, increase strain on already under-resourced teams. Visibility and control over data can seem almost impossible when it is being stored in locations you do not own or manage.

In this Bitglass-sponsored webinar led by Premise Health CISO Joey Johnson you will learn about how to avoid console overload by consolidating controls with a cloud access security broker platform.

Key topics include:

  • Overcoming security dashboard overload when trying to manage authentication, access controls, devices, threats, compliance, malware, DLP, etc
  • Healthcare security options to control data in the cloud
  • CASB platform and solution overview

                                                             Register Now 

Live Webinar: Put a Fence Around Your Linux User Privileges 

With Mike Molinaro, CISO BioReference Labs

When: May 25th, 1 PM EDT

The pervasiveness of Linux systems in the enterprise today means that being able to identify root, specify access controls for Linux users and monitor privileged user activity is now a requirement. As environments become increasingly heterogeneous and complex, centralizing identity and acess across teh enterprise grows more problematic, while being more critical than ever. 
 
Join CISO Mike Molinaro, who will provide attendees with an educational overview of his identity, access and provisioning business model. In this Beyond Trust sponsored webinar Mike will walk you step-by-stp on how to centralize identity and provision critical security controls on Linux systems.

                                                             Register Now 

Maxim Integrated CISO Speaks with Sophos Enduser Security Group SVP & GM on Ransomware, IoT and Hacking as a Business

CISO Matt Hollcraft Interviews Dan Schiappa of Sophos

In this podcast Matt Hollcraft, Maxim Integrated CISO, discusses common threat vectors – what is old and what is new – with Dan Schiappa, SVP & GM, Sophos Enduser Security Group. They talk about ransomware, the mobile workforce, Internet of things and hacking as a business.

In this sponsored podcast, you’ll also hear about approaches that enterprises can take to reduce threats, which are increasingly sophisticated and continuous. 

                                                                 Listen Now 

Is Your Next Security Failure One Fat Finger Away

By Joel Rosenblatt

Columbia University Director of Computer and Network Security

Last month will be remembered as the time that AWS (Amazon Web Services) failed. The actual failure was in the Amazon Simple Storage Service (S3), but to the world in general, if your stuff was running in the Amazon cloud, it was not working.

Amazon provided a very complete write up of what happened, which basically boiled down to someone made a mistake, which caused a cascading failure that required several systems to be restarted in order to get the S3 system back up and running.  Amazon is making some changes (read sanity checks) in their systems to prevent this type of problem in the future. 

Within 24 hours, I started receiving advertising emails from companies asking if we suffered from the Amazon outage and would we like to look at them to prevent this from ever happening again. In Yiddish, we would call this chutzpa (audacity). 

                                                                Read More 


 

 


Security Metrics Can Make or Break a Security Program; How to Present to the Board

By Roota Almeida
Head of Information Security - Delta Dental NJ and CT

CISOs are often in a situation where the CEO or a Board member asks them, “Just how secure are we?” Or “Are we secure enough?”

These questions sound simple, but are quite difficult to answer accurately. The quick answer to the question would be, “We are more secure today than we were before and are constantly striving to be better and one step ahead of the bad guys.”

However, an answer like this may stave off other questions it will not paint a complete picture. It will not show the efforts involved in trying to be a step ahead of the attackers. 

In today’s world no one can assure 100% protection. It’s not a matter of “if you will be breached, but when you will be breached?” Prevention is critical. However, focusing on faster and better detection and mitigation is equally and sometimes even more important.

A key component when moving forward in a security program and then presenting to the Board is to tie security initiatives to the company’s overall business goals and subsequent initiatives. If the goal is to expand the business and garner more clients, a CISO should focus on building a security program that meets these needs while reducing risks and mitigating threats.

Shifting the way security is perceived to that of supporting and enabling the company’s objectives is crucial for today’s CISOs. Security needs to move from a cost center to a business enabler.

Being successful in portraying this will provide CISOs the support and partnership needed to build a successful Security Program. Talking the language of business is what will get you there! Security metrics, which are more granular, should be a part of other business metrics that matter in making business decisions.

 A definitive strategy for a successful Security Program consists of four parts:

  1. What are the company (Boards) objectives
  2. How does the CISO further these objectives
  3. Where was the security program in relation to these objective until now
  4. Based on the current threats and associated risks what is our strategy going forward

                                                                                            Read more

 

10 CISOs Say Cyber Insurance is Growing and Evolving, but Adoption Comes with Caveats

Ten CISOs from across industries share insight on the future of cyber insurance and tips for success.

10 CISOs Say Passwords are Failing and Must be Augmented or Supplanted

Ten CISOs from across industries weigh in on the effectiveness of passwords, with most predicting that the days are numbered for the password as the sole authentication method.

Security Current eBook 

A CISOs Guide to Principles of Data Privacy and Security
By David Sheidlower

 

The Benefits of Tokenization: A Podcast with Jason Witty, US Bancorp EVP and CISO

Jason Witty, US Bancorp EVP and CISO 

Tokenization is helping render data theft obsolete. Jason Witty, US Bancorp EVP and CISO, is in the midst of completing a multi-year tokenization integration project, for which his team won the recent ISE North America Project of the Year Award in the Financial Services category.  

He discussed the many benefits of tokenization with David Cass, Global CISO IBM Cloud & SaaS, including fraud prevention and the reduction of risk and the attack surface. They discuss how it is a complex process, which is “simple” to implement but difficult to adopt. Witty also touches on the many unintended business benefits.

Listen Now!

How to Unlock Cybersecurity Talent

By Daniel Conroy
Synchrony Financial Chief Information Security Officer

Today the cybersecurity sector is fraught with the challenge of a diminished talent pool. Cisco’s report, “MitigatiListng the Cybersecurity Skills Shortage,” highlights the worldwide shortage of one million information security professionals. It sends out a disturbing warning to the cybersecurity industry to bridge this gap immediately or face consequences with significant costs.

There is no doubt that the number, scale, and sophistication of operational technology attacks will continue to increase thereby putting connected transportation, health, energy and financial systems at risk.

Read more!

 

 

About Security Current | Privacy Policy | Subscribe to our newsletter