Events:

Robert Herjavec to Host Security Current Signature Event Security Shark Tank® in San Francisco During RSA

IT Entrepreneur and Herjavec Group Founder & CEO to Moderate Rapid-fire Q&A Between CISOs and Security Vendors 

Security Current today announced that Robert Herjavec, dynamic IT entrepreneur, Founder and CEO of leading global MSSP Herjavec Group, will serve as the host and moderator for Security Current’s signature event, the Security Shark Tank. The event will take place February 14, 2017 in San Francisco during the week of RSA Conference 2017.

Herjavec’s extensive experience in the field of information security, along with his wisdom and expertise in the world of startups, makes him an ideal host and moderator for this event, which is known for bringing together CISO buyers and interesting vendors in a lively exchange.

“The Security Shark Tank has grown to become the premier forum for CISOs and industry leaders to learn about innovative technology. I look forward to the rapid-fire exchange with my peers, the participating vendors and host Robert Herjavec during one of the most anticipated events during the week of RSA,” said Hearst CISO David Hahn, a former moderator and participant.

                                                                 Read More 

Payment Card Processor Monext Discusses Continuous Compliance, Reducing Complexity and Heightening Security

Monext's Laurent Klefstad Speaks With Security Current  

Ensuring continuous compliance while reducing complexity is essential to bolstering security for many organizations, in particular, those that process credit card data.


In this Tufin-sponsored podcast, IBM’s David Cass talks with Monext’s Laurent Klefstad, Leader for Systems, Network and Telecom, about automated security policy orchestration and how it allows the French company to save time and money by reducing the complexity of its networks and firewalls.

Klefstad explains how Monext’s implementation of the Tufin solution provided Monext continuous compliance and the ability to reduce its firewall rules, of which there were about 3,000, by upwards of 20 percent.  He also talks ROI, staffing implications and business enablement.

                                                                Listen Now 

Maxim Integrated CISO Speaks with Sophos Enduser Security Group SVP & GM on Ransomware, IoT and Hacking as a Business

CISO Matt Hollcraft Interviews Dan Schiappa of Sophos

In this podcast Matt Hollcraft, Maxim Integrated CISO, discusses common threat vectors – what is old and what is new – with Dan Schiappa, SVP & GM, Sophos Enduser Security Group. They talk about ransomware, the mobile workforce, Internet of things and hacking as a business.

In this sponsored podcast, you’ll also hear about approaches that enterprises can take to reduce threats, which are increasingly sophisticated and continuous. 

                                                                 Listen Now 

Data Breach Information You Can Chew On

By Farhaad Nero

Bank of Tokyo-Mitsubishi UFJ, Ltd., VP Enterprise Security

We live in a time when data breaches are the norm. As information security and risk professionals we are tasked with trying to mitigate the risks posed by these impending breaches. We constantly are learning and striving to locate and fill gaps in our processes and architecture. But it is only a matter of time before an attack occurs.

Before we proceed let’s review how Verizon defines a breach versus an incident in its 2015 Data Breach Investigations Report (DBIR).

                                                                 Read more 


 

 


Ransomware in Healthcare - Strategies for Protecting the Enterprise - Part Three

By Mitch Parker
Academic Health Care CISO

In this three-part series, Academic Health Care CISO Mitch Parker shares his insights on ransomware, incident response and best practices for building a world class prevention program. Read parts one and two.

As I mentioned in my previous articles on ransomware, I have spoken at numerous industry conferences and discussed the growing threat of ransomware with many of my peers. Through this ongoing dialogue, I have identified a number of key considerations and best practices for addressing what has become a serious issue in healthcare. I covered points 1-4 in the second installment of this series and will now cover the remaining points and summarize.

Fifth, healthcare organizations need to have a comprehensive educational plan.  This should not just be a one-time email you send to the user community.  This needs to be in your organization’s security awareness and training program, which should be updated at least yearly. 

Security awareness and training are required under the HIPAA Security Rule.  If you are audited due to a security incident, one of the first items that the auditor will ask for is your training program and evidence of completion by staff members.  This plan should include at least one competency-based training section, and a training presentation for departments and organizations that covers core policies and procedures.

Sixth, your security strategy needs to include organizational integration.  Although there have been a lot of arguments over the reporting structure of the senior information security executive in the organization, the key measure of their success should be their ability to work across traditional boundaries with stakeholders outside of IT. 

                                                                                           Read More 

 

10 CISOs Say Cyber Insurance is Growing and Evolving, but Adoption Comes with Caveats

Ten CISOs from across industries share insight on the future of cyber insurance and tips for success.

10 CISOs Say Passwords are Failing and Must be Augmented or Supplanted

Ten CISOs from across industries weigh in on the effectiveness of passwords, with most predicting that the days are numbered for the password as the sole authentication method.

Security Current eBook 

A CISOs Guide to Principles of Data Privacy and Security
By David Sheidlower

 

The Human Element of Incident Response -- Part Three

By Vanessa Pegueros
DocuSign Chief Information Security Officer

There is an extraordinary amount of money and time spent on detection and response relative to cybersecurity, and much of this conversation is technology focused.

In this series of articles, DocuSign CISO Vanessa Pegueros explores a different aspect of incident response - the human being. She asserts that people ultimately orchestrate incident response and th care and development of employees should be at least as important as the development of technology, and she offers items to consider relative to developing the human elements of incident response.

Read Part One

Read Part Two

In my previous article, I discussed the human response to dangerous and life threatening situations.  As a part of researching this topic, I have read numerous books and articles related to human trauma and how humans respond to trauma, authoring a paper published in sans.org entitled, “Lessons Learned from the Treatment of Trauma in Individuals and Organizations Under Repeated Cyber Attacks.” 

Read more!

 

 

About Security Current | Privacy Policy | Subscribe to our newsletter