Blog Posts Tagged with "CISO"

296634767383f056e82787fcb3b94864

LinkedIn Failed to Meet Standards or Better Standards are Needed

June 10, 2012 Added by:Jeffrey Carr

LinkedIn doesn't have a CSO or CISO, which for a publicly traded company communicates that security is not a priority. Considering they still don't know how this breach occurred and the minimal attention payed to password security, I can't help but wonder how secure the credit card information is...

Comments  (0)

C787d4daae33f0e155e00c614f07b0ee

CISO 2.0: Enterprise Umpire or Wide Receiver?

May 21, 2012 Added by:Robb Reck

In security, our challenge to demonstrate to the business that the money they invest in us goes further than just keeping us out of the newspaper. Security can deliver tangible benefits out to the business. An effective security program can reduce the costs of creating products...

Comments  (2)

9f19bdb2d175ba86949c352b0cb85572

Manage Risk Before it Damages You - Part Two

April 01, 2012 Added by:Neira Jones

For a CISO to be successful, they need not only to be prepared to eliminate redundant services and controls (ouch!), but also to promote the elimination of redundant assets which they will invariably not own. Enter the political CISO...

Comments  (2)

Ebe141392ea3ebf96ba918c780ea1ebe

Eating the Security Dog Food

March 23, 2012 Added by:Wendy Nather

It's harder to be accused of nefarious activities if you are completely above-board, show you're willing to be subject to appropriate limits, and make a point of relinquishing any powers you might have. Call it CYA, call it leading by example, whatever. It's ethically important...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Changing of the Guard: A Perspective on the Changing CISO Role

March 19, 2012 Added by:Rafal Los

Security means different things to different people - but by and large we can agree on the need to defend our organizations against those bad guys who wish to do it harm whether it's from a purely destructive perspective or something more sinister...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Is it Time to Reinvent the CISO?

March 13, 2012 Added by:Rafal Los

Is the CISO willing to take on more business-focused responsibilities, and look at information security from a less technical solution-oriented perspective - and if so is that sustainable? If you're looking for advice I have a little bit here for you...

Comments  (1)

0a8cae998f9c51e3b3c0ccbaddf521aa

The CISO as a Capable Catalyst

February 22, 2012 Added by:Rafal Los

"If a CISO initially receives any capability when starting the position, that was capability that was left over from their predecessor. It is now the CISO's responsibility to earn more capability and solidify what may already exist..."

Comments  (2)

0a8cae998f9c51e3b3c0ccbaddf521aa

Responsibility vs Capability in the CISO Role

February 17, 2012 Added by:Rafal Los

Capability is often seen as the ability to enforce - whether its corporate politics, budget, or a top-down reporting structure. If you don't have the capability to force people to follow organization-wide decisions it is difficult to have a solid organization...

Comments  (0)

2b5780ad1e088bd39b051f39f5058ff4

Time for a Change in our Attitude Around Risk

February 05, 2012 Added by:Norman Marks

When is the last time you saw an audit report that said management had too many controls or was not taking sufficient risk? When did you last hear a risk officer urging planners to move into a new market more quickly? The same thing applies to information security personnel...

Comments  (2)

54b393d8c5ad38d03c46d060fa365773

Security: Three Tips When Speaking to the Board of Directors

December 16, 2011 Added by:Jason Clark

Many CISOs are getting questions specifically about whether they are protected from targeted attacks, malware, and data breaches. And many of these questions are coming from people who don’t really know what terms like “targeted attack” or “malware” actually mean - the Board of Directors...

Comments  (4)

7c5c876d1933023ac375eead04302e1a

Ineffective CISOs Foster Shady Vendor Practices

November 23, 2011 Added by:Boris Sverdlik

The question remains how much faith is too much to put in the hands of your vendors? Without a thorough analysis of the inner workings of your organization, it is impossible for any external entity to make recommendations on where your reactionary dollars are best spent...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Challenge for CISOs - Getting Beyond the Shiny Features

November 02, 2011 Added by:Rafal Los

From a CISO perspective, listen to the pitches the vendors give you... listen to the basis for the solutions you're being asked to spend money on. Lately it has been about 2 things: FUD primarily (that's Fear, Uncertainty, Doubt) and features secondarily. What's wrong with that?

Comments  (1)

8d46625dfeb915129e6126132db8c08f

Be An Information Security Green Beret

November 01, 2011 Added by:Chris Clymer

In Infosec, we have a lot of Rambos. We’re used to being looked to for answers, and we’re also used to being in the minority. There will always be more users, more IT staf, more “natives” who do not speak our language and who do not have a strong understanding of information security...

Comments  (0)

91648658a3e987ddb81913b06dbdc57a

A CISO's Security Vendor Bill of Rights

October 20, 2011 Added by:Ron Baklarz

Current economic times are tough, budgets are tight and security spending is either down or flat. Security vendors still have to make a buck, however here is a top ten list of annoyances I personally have with security vendors, now codified in my Ciso's Security Vendor Bill of Rights...

Comments  (4)

69dafe8b58066478aea48f3d0f384820

Sony Corporation Taps Philip Reitinger as First CISO

September 06, 2011 Added by:Headlines

The Sony breach saga began in April when the PlayStation network servers had been hacked, exposing the records of more than 70 million customers. Sony then discovered that the Online Entertainment network had also been compromised, exposing another 25 million records...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

The (Almost) Budget-less CISO: Winning, Not Surviving

July 12, 2011 Added by:Rafal Los

As an enterprise-level security leader, your job is to secure the company. How does a huge budget help you achieve that? In reality, it doesn't. A huge budget is the signal that you've not understood your business well enough to apply the right controls in the right places...

Comments  (0)

Page « < 1 - 2 - 3 > »