Blog Posts Tagged with "CISO"


Do You Really Need a CISO to Have Security?

June 17, 2012 Added by:Rafal Los

In the analysis of it, every organization needs to have someone responsible for the technology-based risk or security of the organization. Whether that's the Technology Manager, the CISO, or the "IT guy". I just want to see better security, more resiliency, and less technical risk....

Comments  (6)


LinkedIn Failed to Meet Standards or Better Standards are Needed

June 10, 2012 Added by:Jeffrey Carr

LinkedIn doesn't have a CSO or CISO, which for a publicly traded company communicates that security is not a priority. Considering they still don't know how this breach occurred and the minimal attention payed to password security, I can't help but wonder how secure the credit card information is...

Comments  (0)


CISO 2.0: Enterprise Umpire or Wide Receiver?

May 21, 2012 Added by:Robb Reck

In security, our challenge to demonstrate to the business that the money they invest in us goes further than just keeping us out of the newspaper. Security can deliver tangible benefits out to the business. An effective security program can reduce the costs of creating products...

Comments  (2)


Manage Risk Before it Damages You - Part Two

April 01, 2012 Added by:Neira Jones

For a CISO to be successful, they need not only to be prepared to eliminate redundant services and controls (ouch!), but also to promote the elimination of redundant assets which they will invariably not own. Enter the political CISO...

Comments  (2)


Eating the Security Dog Food

March 23, 2012 Added by:Wendy Nather

It's harder to be accused of nefarious activities if you are completely above-board, show you're willing to be subject to appropriate limits, and make a point of relinquishing any powers you might have. Call it CYA, call it leading by example, whatever. It's ethically important...

Comments  (0)


Changing of the Guard: A Perspective on the Changing CISO Role

March 19, 2012 Added by:Rafal Los

Security means different things to different people - but by and large we can agree on the need to defend our organizations against those bad guys who wish to do it harm whether it's from a purely destructive perspective or something more sinister...

Comments  (0)


Is it Time to Reinvent the CISO?

March 13, 2012 Added by:Rafal Los

Is the CISO willing to take on more business-focused responsibilities, and look at information security from a less technical solution-oriented perspective - and if so is that sustainable? If you're looking for advice I have a little bit here for you...

Comments  (1)


The CISO as a Capable Catalyst

February 22, 2012 Added by:Rafal Los

"If a CISO initially receives any capability when starting the position, that was capability that was left over from their predecessor. It is now the CISO's responsibility to earn more capability and solidify what may already exist..."

Comments  (2)


Responsibility vs Capability in the CISO Role

February 17, 2012 Added by:Rafal Los

Capability is often seen as the ability to enforce - whether its corporate politics, budget, or a top-down reporting structure. If you don't have the capability to force people to follow organization-wide decisions it is difficult to have a solid organization...

Comments  (0)


Time for a Change in our Attitude Around Risk

February 05, 2012 Added by:Norman Marks

When is the last time you saw an audit report that said management had too many controls or was not taking sufficient risk? When did you last hear a risk officer urging planners to move into a new market more quickly? The same thing applies to information security personnel...

Comments  (2)


Security: Three Tips When Speaking to the Board of Directors

December 16, 2011 Added by:Jason Clark

Many CISOs are getting questions specifically about whether they are protected from targeted attacks, malware, and data breaches. And many of these questions are coming from people who don’t really know what terms like “targeted attack” or “malware” actually mean - the Board of Directors...

Comments  (4)


Ineffective CISOs Foster Shady Vendor Practices

November 23, 2011 Added by:Boris Sverdlik

The question remains how much faith is too much to put in the hands of your vendors? Without a thorough analysis of the inner workings of your organization, it is impossible for any external entity to make recommendations on where your reactionary dollars are best spent...

Comments  (0)


Challenge for CISOs - Getting Beyond the Shiny Features

November 02, 2011 Added by:Rafal Los

From a CISO perspective, listen to the pitches the vendors give you... listen to the basis for the solutions you're being asked to spend money on. Lately it has been about 2 things: FUD primarily (that's Fear, Uncertainty, Doubt) and features secondarily. What's wrong with that?

Comments  (1)


Be An Information Security Green Beret

November 01, 2011 Added by:Chris Clymer

In Infosec, we have a lot of Rambos. We’re used to being looked to for answers, and we’re also used to being in the minority. There will always be more users, more IT staf, more “natives” who do not speak our language and who do not have a strong understanding of information security...

Comments  (0)


A CISO's Security Vendor Bill of Rights

October 20, 2011 Added by:Ron Baklarz

Current economic times are tough, budgets are tight and security spending is either down or flat. Security vendors still have to make a buck, however here is a top ten list of annoyances I personally have with security vendors, now codified in my Ciso's Security Vendor Bill of Rights...

Comments  (4)


Sony Corporation Taps Philip Reitinger as First CISO

September 06, 2011 Added by:Headlines

The Sony breach saga began in April when the PlayStation network servers had been hacked, exposing the records of more than 70 million customers. Sony then discovered that the Online Entertainment network had also been compromised, exposing another 25 million records...

Comments  (0)

Page « < 1 - 2 - 3 > »