Zocdoc CISO Brian Lozada Exabeam CMO Rick Caccia
An incident response (IR) plan will either make or break your organization in 2017. History has shown that no organization is immune to cyber threats, increasing the need for effective response. Unfortunately, many IT professionals feel their organizations’ IR capabilities are ineffective.
How do you improve your IR plan?
In this webinar, Zocdoc CISO Brian Lozada, and Exabeam CMO Rick Caccia discuss the challenges faced as well as provide strategies to help you:
CISO Gary Hayslip Speaks with CISO David Cass
The city of San Diego is a $4 billion business and it doesn’t shut down. As you’ll hear in this discussion between Gary Hayslip, the city’s CISO, and David Cass, Global CISO IBM Cloud and SaaS, San Diego is a smart city which is continuously rolling out new technologies to facilitate 'the business' while bolstering its security.
In this podcast, recorded during the RSA Conference, Hayslip talks about joining the city as its first CISO some three years ago and how he established a five-year-plan which leveraged established frameworks like the National Institute of Standards and Technology (NIST) to increase the security of the city and its 24 networks and 40 departments.
The two also discuss ‘cloud first’ initiatives, resilient networks and the role of the CISO, which Hayslip provides practical guidance on with his book “A CISO Desk Reference Guide: A Practical Guide for CISOs.”
CISO Matt Hollcraft Interviews Dan Schiappa of Sophos
In this podcast Matt Hollcraft, Maxim Integrated CISO, discusses common threat vectors – what is old and what is new – with Dan Schiappa, SVP & GM, Sophos Enduser Security Group. They talk about ransomware, the mobile workforce, Internet of things and hacking as a business.
In this sponsored podcast, you’ll also hear about approaches that enterprises can take to reduce threats, which are increasingly sophisticated and continuous.
By Mark Rasch
Attorney and Cybersecurity Expert
Once again the United States Supreme Court steps into the thicket of how and when the States may regulate the content and actions of users or social media.
In oral arguments on February 27, the Supreme Court considered the constitutionality of a North Carolina law that prohibited the use of Facebook or other social media sites by registered sex offenders. The case presents the issue of whether social media and similar websites are essentially necessities in public life.
The North Carolina statute provides that it is a crime for a registered sex offender “to access a commercial social networking Web site where the sex offender knows that the site permits minor children to become members or to create or maintain personal Web pages on the commercial social networking Web site.”
By Henry Jiang
CISO and Managing Director at Oppenheimer & Co. Inc.
Recently, I posted a picture of a mind-map that I created just called "The Map of Cybersecurity Domains (v1.0)." The map was put together as a way to clear my head by fully immersing myself in the world of cybersecurity day-in and day-out for the past few years, and constant reminder that just how complex and vast the subject can be.
To the people outside of cybersecurity world, even to the people who are involved with cybersecurity, they often form their viewpoints that sometimes are limited by their understanding, and confined by the functions of their roles.
How many times a cyber security practitioner such as myself when mentioning to other people what I do, and other people would response by one of the followings:
a) oh, you are a hacker, can you break into my computer? haha,
b) ok, I got it, you are doing something with computers...
When you visit a new city, a new country, or a new place, you usually want to get a hold of a map to orient yourself. Why not a map for the world of cybersecurity? Over the years, as a trained network architect, I always liked to draw diagrams to convey complex designs or ideas to share with other people, so this skill comes pretty handy in the cyber world.
The map version 1.0 was first published on LinkedIn as a photo not as an article. Within days, the post went viral, with over 180,000 views in about a week of time and still counting. I received many constructive feedbacks from the LinkedIn community that I felt so compelled to publish an updated version of the map to:
- incorporate some really good advices from the people who had read my original post;
- correct misspelled words;
- properly explain what the map is about, and what it is not about;
- share the map in other file format (PDF, free mind-map app, etc.) so the information can be distributed and modified more easily.
The World of Cybersecurity Map Version 2.0
The map is about capturing key areas of cybersecurity practice in interconnected ways. The practice of cybersecurity is not just about "hacking." With the map, one should realize that hacking, perhaps a more appropriate definition of such activities should be "authorized penetration test" which is a sub-domain under "Risk Assessment," or under a another sub-domain called "Active Defense" under "Security Operation."
The map is not based on a particular standard or framework. However, being a CISSP myself, you can certainly see some of familiar components from ISC2. For example, Security Engineering and Security Operations.
Ten CISOs from across industries share insight on the future of cyber insurance and tips for success.
Ten CISOs from across industries weigh in on the effectiveness of passwords, with most predicting that the days are numbered for the password as the sole authentication method.
A CISOs Guide to Principles of Data Privacy and Security
By David Sheidlower
Jason Witty, US Bancorp EVP and CISO
Tokenization is helping render data theft obsolete. Jason Witty, US Bancorp EVP and CISO, is in the midst of completing a multi-year tokenization integration project, for which his team won the recent ISE North America Project of the Year Award in the Financial Services category.
He discussed the many benefits of tokenization with David Cass, Global CISO IBM Cloud & SaaS, including fraud prevention and the reduction of risk and the attack surface. They discuss how it is a complex process, which is “simple” to implement but difficult to adopt. Witty also touches on the many unintended business benefits.
By Daniel Conroy
Synchrony Financial Chief Information Security Officer
Today the cybersecurity sector is fraught with the challenge of a diminished talent pool. Cisco’s report, “MitigatiListng the Cybersecurity Skills Shortage,” highlights the worldwide shortage of one million information security professionals. It sends out a disturbing warning to the cybersecurity industry to bridge this gap immediately or face consequences with significant costs.
There is no doubt that the number, scale, and sophistication of operational technology attacks will continue to increase thereby putting connected transportation, health, energy and financial systems at risk.