By Roota Almeida
CISOs are often in a situation where the CEO or a Board member asks them, “Just how secure are we?” Or “Are we secure enough?”
These questions sound simple, but are quite difficult to answer accurately. The quick answer to the question would be, “We are more secure today than we were before and are constantly striving to be better and one step ahead of the bad guys.”
By Henry Jiang
Recently, I posted a picture of a mind-map that I created just called "The Map of Cybersecurity Domains (v1.0)." The map was put together as a way to clear my head by fully immersing myself in the world of cybersecurity day-in and day-out for the past few years, and constant reminder that just how complex and vast the subject can be.
By Joel Rosenblatt
The first week of March in 2017 will be remembered as the time that AWS (Amazon Web Services) failed. The actual failure was in the Amazon Simple Storage Service (S3), but to the world in general, if your stuff was running in the Amazon cloud, it was not working.
By David Cass
Each year brings more large-scale security and privacy breaches, leaving the general public questioning to what extent companies could be trusted with their sensitive information. Retail, health care, banking, entertainment, governments – no industry is left untouched. Security and privacy must remain top of mind within every organization as both are essential in safeguarding data, protecting brand image, and avoiding hefty fines and financial losses.
By David Sheidlower
In this series I take a close look at the Framework for Improving Critical Infrastructure Cybersecurity which NIST first published in February of 2014. Read Part One 'All Infrastructure and the NIST Framework' and Part Two 'Hackers Are Not Afraid of Frameworks.'
There I was preparing part 3 of my close reading of the 2014 Framework for Improving Critical Infrastructure Cybersecurity from NIST and then I realized it was almost three years old. Soon, it will be under a new administration and version 1.1 is due for release anytime.
By Vanessa Pegueros
Part Four – The Board’s Role in Preventing Level-One Response
As I mentioned in article one of this four-part series, the typical response to a security threat, incident or breach is the Four D’s: Denial, Damage Control, Defend and Deflect.
I contend that executives/board members are not immune to this response and may in fact be operating at a Level One response (reptilian response mode) when the company encounters a crisis situation. In this final article, I will explore the impact of a breach on Executives/Board members and offer recommendations for CISOs/CIOs who communicate with them.
By Daniel Conroy
Today the cybersecurity sector is fraught with the challenge of a diminished talent pool. Cisco’s report, “Mitigating the Cybersecurity Skills Shortage,” highlights the worldwide shortage of one million information security professionals. It sends out a disturbing warning to the cybersecurity industry to bridge this gap immediately or face consequences with significant costs.
By Mitch Parker
In this three-part series, Academic Health Care CISO Mitch Parker shares his insights on ransomware, incident response and best practices for building a world class prevention program. Read parts one and two.
As I mentioned in my previous articles on ransomware, I have spoken at numerous industry conferences and discussed the growing threat of ransomware with many of my peers.
By Vanessa Pegueros
Part Three - Preventing Level One Trauma During Incident Response
In my previous article, I discussed the human response to dangerous and life threatening situations. As a part of researching this topic, I have read numerous books and articles related to human trauma and how humans respond to trauma, authoring a paper published in sans.org entitled, “Lessons Learned from the Treatment of Trauma in Individuals and Organizations Under Repeated Cyber Attacks.”