CISO Journal


January 27, 2017

By David Cass
Global CISO IBM Cloud & SaaS Operational Services

Each year brings more large-scale security and privacy breaches, leaving the general public questioning to what extent companies could be trusted with their sensitive information. Retail, health care, banking, entertainment, governments – no industry is left untouched. Security and privacy must remain top of mind within every organization as both are essential in safeguarding data, protecting brand image, and avoiding hefty fines and financial losses.


January 24, 2017

By David Sheidlower
Global Media and Advertising CISO

In this series I take a close look at the Framework for Improving Critical Infrastructure Cybersecurity which NIST first published in February of 2014. Read Part One 'All Infrastructure and the NIST Framework' and Part Two 'Hackers Are Not Afraid of Frameworks.'

There I was preparing part 3 of my close reading of the 2014 Framework for Improving Critical Infrastructure Cybersecurity from NIST and then I realized it was almost three years old. Soon, it will be under a new administration and version 1.1 is due for release anytime. 


January 18, 2017

By Vanessa Pegueros
DocuSign Chief Information Security Officer

Part Four – The Board’s Role in Preventing Level-One Response

As I mentioned in article one of this four-part series, the typical response to a security threat, incident or breach is the Four D’s: Denial, Damage Control, Defend and Deflect. 

I contend that executives/board members are not immune to this response and may in fact be operating at a Level One response (reptilian response mode) when the company encounters a crisis situation. In this final article, I will explore the impact of a breach on Executives/Board members and offer recommendations for CISOs/CIOs who communicate with them.


December 5, 2016

By Daniel Conroy
Synchrony Financial CISO

Today the cybersecurity sector is fraught with the challenge of a diminished talent pool. Cisco’s report, “Mitigating the Cybersecurity Skills Shortage,” highlights the worldwide shortage of one million information security professionals. It sends out a disturbing warning to the cybersecurity industry to bridge this gap immediately or face consequences with significant costs.


November 29, 2016

By Mitch Parker
Academic Health Care CISO

In this three-part series, Academic Health Care CISO Mitch Parker shares his insights on ransomware, incident response and best practices for building a world class prevention program. Read parts one and two.

As I mentioned in my previous articles on ransomware, I have spoken at numerous industry conferences and discussed the growing threat of ransomware with many of my peers. 


November 14, 2016

By Vanessa Pegueros
DocuSign Chief Information Security Officer

Part Three - Preventing Level One Trauma During Incident Response

In my previous article, I discussed the human response to dangerous and life threatening situations.  As a part of researching this topic, I have read numerous books and articles related to human trauma and how humans respond to trauma, authoring a paper published in sans.org entitled, “Lessons Learned from the Treatment of Trauma in Individuals and Organizations Under Repeated Cyber Attacks.” 


October 31, 2016

By Joel Rosenblatt
Columbia University Director of Computer and Network Security

Normally, I would never talk about politics, and this story will not be an exception.  However, the analogy here is too good for me to pass up.

Let’s say that we are going into an election. One of the candidates Mr. T (I pity the fool), has continuously stated that everything has been rigged against him.  The problem I see with this is that whether this is true or not, the seed of doubt has been sown. The people who choose to believe that “someone” is out to get them are now primed and ready for the claim that “The election has been hacked.”


October 17, 2016

By Vanessa Pegueros
DocuSign Chief Information Security Officer

Part Two – Recognizing Level One Trauma Within Your Organization

In my previous article, I discussed the need to focus more on the people-related aspects of incident response.  In this piece, I will focus on how the human body responds to dangerous situations and the impacts of long term trauma.

The human body is an incredible incident response system organized to achieve one very critical goal: survival.   The brain is the orchestrator of this survival system and is composed of three key parts. 


October 17, 2016

By Farhaad Nero
Bank of Tokyo-Mitsubishi UFJ, Ltd., VP Enterprise Security

We live in a time when data breaches are the norm. As information security and risk professionals we are tasked with trying to mitigate the risks posed by these impending breaches. We constantly are learning and striving to locate and fill gaps in our processes and architecture. But it is only a matter of time before an attack occurs.


September 28, 2016

By John J. Masserini
CSO MIAX Options 

By now, you’re probably well aware of the fate recently befallen on the Brian Krebs site KrebsOnSecurity.com.  A Distributed Denial of Service (DDoS) attack in excess of 620/Gbps caused such a strain on one of the world's largest DDoS protection services, that Krebs asked that his site fundamentally be black-holed until the storm passed.


Page 1 of 22 : First   1 2 3 4 5 6 7 8 9 10 Last

The Human Factor: Gain new insight into the ways attackers exploit end-users' psychology​​

About Security Current | Privacy Policy | Subscribe to our newsletter