Zocdoc CISO Brian Lozada Exabeam CMO Rick Caccia
An incident response (IR) plan will either make or break your organization in 2017. History has shown that no organization is immune to cyber threats, increasing the need for effective response. Unfortunately, many IT professionals feel their organizations’ IR capabilities are ineffective.
How do you improve your IR plan?
In this webinar, Zocdoc CISO Brian Lozada, and Exabeam CMO Rick Caccia discuss the challenges faced as well as provide strategies to help you:
By Mark Rasch
Attorney and Cybersecurity Expert
With the repeal of the FCC rules on broadband privacy and security, there’s been a lot of misinformation floating around the web. Here’s my attempt to clarify some of the issues.
CISO Matt Hollcraft Interviews Dan Schiappa of Sophos
In this podcast Matt Hollcraft, Maxim Integrated CISO, discusses common threat vectors – what is old and what is new – with Dan Schiappa, SVP & GM, Sophos Enduser Security Group. They talk about ransomware, the mobile workforce, Internet of things and hacking as a business.
In this sponsored podcast, you’ll also hear about approaches that enterprises can take to reduce threats, which are increasingly sophisticated and continuous.
By Joel Rosenblatt
Columbia University Director of Computer and Network Security
Last month will be remembered as the time that AWS (Amazon Web Services) failed. The actual failure was in the Amazon Simple Storage Service (S3), but to the world in general, if your stuff was running in the Amazon cloud, it was not working.
Amazon provided a very complete write up of what happened, which basically boiled down to someone made a mistake, which caused a cascading failure that required several systems to be restarted in order to get the S3 system back up and running. Amazon is making some changes (read sanity checks) in their systems to prevent this type of problem in the future.
Within 24 hours, I started receiving advertising emails from companies asking if we suffered from the Amazon outage and would we like to look at them to prevent this from ever happening again. In Yiddish, we would call this chutzpa (audacity).
By Roota Almeida
Head of Information Security - Delta Dental NJ and CT
CISOs are often in a situation where the CEO or a Board member asks them, “Just how secure are we?” Or “Are we secure enough?”
These questions sound simple, but are quite difficult to answer accurately. The quick answer to the question would be, “We are more secure today than we were before and are constantly striving to be better and one step ahead of the bad guys.”
However, an answer like this may stave off other questions it will not paint a complete picture. It will not show the efforts involved in trying to be a step ahead of the attackers.
In today’s world no one can assure 100% protection. It’s not a matter of “if you will be breached, but when you will be breached?” Prevention is critical. However, focusing on faster and better detection and mitigation is equally and sometimes even more important.
A key component when moving forward in a security program and then presenting to the Board is to tie security initiatives to the company’s overall business goals and subsequent initiatives. If the goal is to expand the business and garner more clients, a CISO should focus on building a security program that meets these needs while reducing risks and mitigating threats.
Shifting the way security is perceived to that of supporting and enabling the company’s objectives is crucial for today’s CISOs. Security needs to move from a cost center to a business enabler.
Being successful in portraying this will provide CISOs the support and partnership needed to build a successful Security Program. Talking the language of business is what will get you there! Security metrics, which are more granular, should be a part of other business metrics that matter in making business decisions.
A definitive strategy for a successful Security Program consists of four parts:
Ten CISOs from across industries share insight on the future of cyber insurance and tips for success.
Ten CISOs from across industries weigh in on the effectiveness of passwords, with most predicting that the days are numbered for the password as the sole authentication method.
A CISOs Guide to Principles of Data Privacy and Security
By David Sheidlower
Jason Witty, US Bancorp EVP and CISO
Tokenization is helping render data theft obsolete. Jason Witty, US Bancorp EVP and CISO, is in the midst of completing a multi-year tokenization integration project, for which his team won the recent ISE North America Project of the Year Award in the Financial Services category.
He discussed the many benefits of tokenization with David Cass, Global CISO IBM Cloud & SaaS, including fraud prevention and the reduction of risk and the attack surface. They discuss how it is a complex process, which is “simple” to implement but difficult to adopt. Witty also touches on the many unintended business benefits.
By Daniel Conroy
Synchrony Financial Chief Information Security Officer
Today the cybersecurity sector is fraught with the challenge of a diminished talent pool. Cisco’s report, “MitigatiListng the Cybersecurity Skills Shortage,” highlights the worldwide shortage of one million information security professionals. It sends out a disturbing warning to the cybersecurity industry to bridge this gap immediately or face consequences with significant costs.
There is no doubt that the number, scale, and sophistication of operational technology attacks will continue to increase thereby putting connected transportation, health, energy and financial systems at risk.