Events:

On-demand Webinar: Bracing for the Next Big Attack? How to Build an Effective Incident Response Plan

Presented by:
Zocdoc CISO Brian Lozada Exabeam CMO Rick Caccia

An incident response (IR) plan will either make or break your organization in 2017. History has shown that no organization is immune to cyber threats, increasing the need for effective response. Unfortunately, many IT professionals feel their organizations’ IR capabilities are ineffective.

How do you improve your IR plan?

In this webinar, Zocdoc CISO Brian Lozada, and Exabeam CMO Rick Caccia discuss the challenges faced as well as provide strategies to help you:

  • Automate response procedures with incident workflows and playbooks
  • Reduce response time and errors
  • Increase productivity of all IR and SOC staff
  • Connect and coordinate all of your security technologies with orchestration

                                                                Watch Now 

Broadband Privacy Rules - 5 Myths

By Mark Rasch
Attorney and Cybersecurity Expert 

With the repeal of the FCC rules on broadband privacy and security, there’s been a lot of misinformation floating around the web. Here’s my attempt to clarify some of the issues.

  1. The Rules Gave Preferential Treatment to Edge Providers Like Google
  2. Edge Providers Are No Different Than Broadband Providers
  3. Broadband Providers Will Now Sell Your Browser History
  4. Without These Rules, There’s No Privacy or Security
  5. There’s Nothing You Can Do

                                                                Read More 

Maxim Integrated CISO Speaks with Sophos Enduser Security Group SVP & GM on Ransomware, IoT and Hacking as a Business

CISO Matt Hollcraft Interviews Dan Schiappa of Sophos

In this podcast Matt Hollcraft, Maxim Integrated CISO, discusses common threat vectors – what is old and what is new – with Dan Schiappa, SVP & GM, Sophos Enduser Security Group. They talk about ransomware, the mobile workforce, Internet of things and hacking as a business.

In this sponsored podcast, you’ll also hear about approaches that enterprises can take to reduce threats, which are increasingly sophisticated and continuous. 

                                                                 Listen Now 

Is Your Next Security Failure One Fat Finger Away

By Joel Rosenblatt

Columbia University Director of Computer and Network Security

Last month will be remembered as the time that AWS (Amazon Web Services) failed. The actual failure was in the Amazon Simple Storage Service (S3), but to the world in general, if your stuff was running in the Amazon cloud, it was not working.

Amazon provided a very complete write up of what happened, which basically boiled down to someone made a mistake, which caused a cascading failure that required several systems to be restarted in order to get the S3 system back up and running.  Amazon is making some changes (read sanity checks) in their systems to prevent this type of problem in the future. 

Within 24 hours, I started receiving advertising emails from companies asking if we suffered from the Amazon outage and would we like to look at them to prevent this from ever happening again. In Yiddish, we would call this chutzpa (audacity). 

                                                                Read More 


 

 


Security Metrics Can Make or Break a Security Program; How to Present to the Board

By Roota Almeida
Head of Information Security - Delta Dental NJ and CT

CISOs are often in a situation where the CEO or a Board member asks them, “Just how secure are we?” Or “Are we secure enough?”

These questions sound simple, but are quite difficult to answer accurately. The quick answer to the question would be, “We are more secure today than we were before and are constantly striving to be better and one step ahead of the bad guys.”

However, an answer like this may stave off other questions it will not paint a complete picture. It will not show the efforts involved in trying to be a step ahead of the attackers. 

In today’s world no one can assure 100% protection. It’s not a matter of “if you will be breached, but when you will be breached?” Prevention is critical. However, focusing on faster and better detection and mitigation is equally and sometimes even more important.

A key component when moving forward in a security program and then presenting to the Board is to tie security initiatives to the company’s overall business goals and subsequent initiatives. If the goal is to expand the business and garner more clients, a CISO should focus on building a security program that meets these needs while reducing risks and mitigating threats.

Shifting the way security is perceived to that of supporting and enabling the company’s objectives is crucial for today’s CISOs. Security needs to move from a cost center to a business enabler.

Being successful in portraying this will provide CISOs the support and partnership needed to build a successful Security Program. Talking the language of business is what will get you there! Security metrics, which are more granular, should be a part of other business metrics that matter in making business decisions.

 A definitive strategy for a successful Security Program consists of four parts:

  1. What are the company (Boards) objectives
  2. How does the CISO further these objectives
  3. Where was the security program in relation to these objective until now
  4. Based on the current threats and associated risks what is our strategy going forward

                                                                                            Read more

 

10 CISOs Say Cyber Insurance is Growing and Evolving, but Adoption Comes with Caveats

Ten CISOs from across industries share insight on the future of cyber insurance and tips for success.

10 CISOs Say Passwords are Failing and Must be Augmented or Supplanted

Ten CISOs from across industries weigh in on the effectiveness of passwords, with most predicting that the days are numbered for the password as the sole authentication method.

Security Current eBook 

A CISOs Guide to Principles of Data Privacy and Security
By David Sheidlower

 

The Benefits of Tokenization: A Podcast with Jason Witty, US Bancorp EVP and CISO

Jason Witty, US Bancorp EVP and CISO 

Tokenization is helping render data theft obsolete. Jason Witty, US Bancorp EVP and CISO, is in the midst of completing a multi-year tokenization integration project, for which his team won the recent ISE North America Project of the Year Award in the Financial Services category.  

He discussed the many benefits of tokenization with David Cass, Global CISO IBM Cloud & SaaS, including fraud prevention and the reduction of risk and the attack surface. They discuss how it is a complex process, which is “simple” to implement but difficult to adopt. Witty also touches on the many unintended business benefits.

Listen Now!

How to Unlock Cybersecurity Talent

By Daniel Conroy
Synchrony Financial Chief Information Security Officer

Today the cybersecurity sector is fraught with the challenge of a diminished talent pool. Cisco’s report, “MitigatiListng the Cybersecurity Skills Shortage,” highlights the worldwide shortage of one million information security professionals. It sends out a disturbing warning to the cybersecurity industry to bridge this gap immediately or face consequences with significant costs.

There is no doubt that the number, scale, and sophistication of operational technology attacks will continue to increase thereby putting connected transportation, health, energy and financial systems at risk.

Read more!

 

 

About Security Current | Privacy Policy | Subscribe to our newsletter