Events:

Robert Herjavec to Host Security Current Signature Event Security Shark Tank® in San Francisco During RSA

IT Entrepreneur and Herjavec Group Founder & CEO to Moderate Rapid-fire Q&A Between CISOs and Security Vendors 

Security Current today announced that Robert Herjavec, dynamic IT entrepreneur, Founder and CEO of leading global MSSP Herjavec Group, will serve as the host and moderator for Security Current’s signature event, the Security Shark Tank. The event will take place February 14, 2017 in San Francisco during the week of RSA Conference 2017.

Herjavec’s extensive experience in the field of information security, along with his wisdom and expertise in the world of startups, makes him an ideal host and moderator for this event, which is known for bringing together CISO buyers and interesting vendors in a lively exchange.

“The Security Shark Tank has grown to become the premier forum for CISOs and industry leaders to learn about innovative technology. I look forward to the rapid-fire exchange with my peers, the participating vendors and host Robert Herjavec during one of the most anticipated events during the week of RSA,” said Hearst CISO David Hahn, a former moderator and participant.

                                                                 Read More 

Russia, the DNC, Cyberwar and the Attribution Problem

By Mark Rasch
Attorney and Cybersecurity Expert

Was Russia responsible for hacking the DNC and John Podesta, and releasing their communications as part of a concerted effort to impact the US electoral result and get their favored candidate elected president?  Yes.  And no. And maybe.

This question, and the various questions subsumed by this question, have much broader implications for how we conduct forensic investigations, how we attribute activities, how we conduct foreign relations, and ultimately how we fight cyberwars in the future.

In the end, it all comes down to attribution. The good thing about the Internet is it allows people to be completely and totally anonymous. The other good thing about the Internet is that there is a record of everything, everyone does, at all times. 

                                                                Read more 

Maxim Integrated CISO Speaks with Sophos Enduser Security Group SVP & GM on Ransomware, IoT and Hacking as a Business

CISO Matt Hollcraft Interviews Dan Schiappa of Sophos

In this podcast Matt Hollcraft, Maxim Integrated CISO, discusses common threat vectors – what is old and what is new – with Dan Schiappa, SVP & GM, Sophos Enduser Security Group. They talk about ransomware, the mobile workforce, Internet of things and hacking as a business.

In this sponsored podcast, you’ll also hear about approaches that enterprises can take to reduce threats, which are increasingly sophisticated and continuous. 

                                                                 Listen Now 

Payment Card Processor Monext Discusses Continuous Compliance, Reducing Complexity and Heightening Security

Monext's Laurent Klefstad Speaks With Security Current 

Ensuring continuous compliance while reducing complexity is essential to bolstering security for many organizations, in particular, those that process credit card data.

In this Tufin-sponsored podcast, IBM’s David Cass talks with Monext’s Laurent Klefstad, Leader for Systems, Network and Telecom, about automated security policy orchestration and how it allows the French company to save time and money by reducing the complexity of its networks and firewalls.

Klefstad explains how Monext’s implementation of the Tufin solution provided Monext continuous compliance and the ability to reduce its firewall rules, of which there were about 3,000, by upwards of 20 percent.  He also talks ROI, staffing implications and business enablement.

                                                                Listen Now 


 

 


The Human Element of Incident Response - Part Four

By Vanessa Pegueros
DocuSign CISO

There is an extraordinary amount of money and time spent on detection and response relative to cybersecurity, and much of this conversation is technology focused.  In this series of articles, DocuSign CISO Vanessa Pegueros explores a different aspect of incident response — the human being. She asserts that people ultimately orchestrate incident response and the care and development of employees should be at least as important as the development of technology, and she offers items to consider relative to developing the human elements of incident response.

Part Four – The Board’s Role in Preventing Level-One Response

As I mentioned in article one of this four-part series, the typical response to a security threat, incident or breach is the Four D’s: Denial, Damage Control, Defend and Deflect. 

I contend that executives/board members are not immune to this response and may in fact be operating at a Level One response (reptilian response mode) when the company encounters a crisis situation. In this final article, I will explore the impact of a breach on Executives/Board members and offer recommendations for CISOs/CIOs who communicate with them.

In the current environment of cyber threats and corresponding breaches, a common response at the executive-level is a knee-jerk reaction to terminate the highest-ranking executive anointed to “take the fall.” With any high-profile breach, tension lurks while anticipating when the CISO/CIO or another executive is going to “quietly disappear.” 

Sometimes it is not such a quiet exit, as in the cases of Sony and Target. “In a Feb. 12, 2015 article from the Huffington Post, Amy Pascal, former CEO of Sony, openly admitted that she was fired as a direct result of the December 2014 breach.”  (http://www.csoonline.com/article/3040982/security/data-breaches-often-result-in-ceo-firing.html?page=2)

While dismissing an executive is possibly warranted, I don’t believe enough consideration is given to the grave impact this can have on an organization and the trauma it introduces. Employees now have the stress of responding to a security incident as well as worrying about their own job security. 

 

Read Part One

Read Part Two

Read Part Three

                                                                                           Read More 

 

10 CISOs Say Cyber Insurance is Growing and Evolving, but Adoption Comes with Caveats

Ten CISOs from across industries share insight on the future of cyber insurance and tips for success.

10 CISOs Say Passwords are Failing and Must be Augmented or Supplanted

Ten CISOs from across industries weigh in on the effectiveness of passwords, with most predicting that the days are numbered for the password as the sole authentication method.

Security Current eBook 

A CISOs Guide to Principles of Data Privacy and Security
By David Sheidlower

 

How to Unlock Cybersecurity Talent

By Daniel Conroy
Synchrony Financial Chief Information Security Officer

Today the cybersecurity sector is fraught with the challenge of a diminished talent pool. Cisco’s report, “Mitigating the Cybersecurity Skills Shortage,” highlights the worldwide shortage of one million information security professionals. It sends out a disturbing warning to the cybersecurity industry to bridge this gap immediately or face consequences with significant costs.

There is no doubt that the number, scale, and sophistication of operational technology attacks will continue to increase thereby putting connected transportation, health, energy and financial systems at risk.

Read more!

 

 

About Security Current | Privacy Policy | Subscribe to our newsletter