Showing Blog Posts: 1–10 of 74 tagged Business

  • Think Security Is Expensive? Insecurity Costs Much More

    by Tony Bradley on October 23, 2015

    Security has come a long way over the past decade. It is still the red-headed step child of the business units but at least most organizations have some sort of CSO or CISO role in place and do a good job feigning support for security. Businesses that focus on squeaking by spending as little as possible on security, though, are bound to find out the hard way just how expensive a lack of security…

  • Why It Costs More to Protect Your Virtual Infrastructure

    by Tony Bradley on October 19, 2015

    Security incidents are expensive, but not all security incidents are created equally. A recent study found that businesses pay a significant premium for incident response and recovery affecting a virtual infrastructure. Respondents representing more than 5,500 different companies across 25 different countries participated in the survey. The purpose of the survey was to learn more about the cost of…

  • How Much Will That Phishing Trip Cost You?

    by Tony Bradley on September 29, 2015

    Organizations spend a significant amount of money on security tools. All of the firewalls and antimalware solutions in the world, though, offer little protection against a phishing attack that tricks an authorized user into downloading malicious software or compromising credentials. Phishing attacks are becoming more effective and more costly as time goes on. The Ponemon Institute recently…

  • You Can’t Squeeze Blood From a Turnip

    by Tony Bradley on September 23, 2015

    You’ve probably heard the phrase “You can’t squeeze blood from a turnip,” before. The point is that no amount of begging, coercing, pushing, or otherwise coaxing something can yield results if those results simply aren’t possible. Many organizations, however, hand a proverbial turnip to the CISO and expect blood in return. Executive management or the company board have expectations for the CISO. …

  • What Do Companies Expect From a CISO?

    by Tony Bradley on September 15, 2015

    The role of CISO is an important one. It must be. It has Chief right in the title. The question, though, is what exactly does a company expect a CISO to do? You can’t meet or manage expectations if you don’t know what they are, and there’s a good chance you won’t keep your CISO job very long if you can’t meet expectations. A CISO is responsible for securing and protecting information assets but…

  • Taking Responsibility for Information Security

    by Tony Bradley on September 9, 2015

    It’s impossible for any one person to manage every aspect of securing the network, endpoints and data of an entire organization. The top of the security chain of command in most cases is the Chief Information Security Officer, though, so ultimately that responsibility falls on the shoulders of the CISO. Security is everyone’s job. Each and every employee within a company has to have some basic…

  • Criminals Use CEO Emails to Target Companies

    by RSAC Contributor on September 3, 2015

    That email from the CEO in your inbox may not be real. Stop and pick up the phone to make sure it's legitimate before you take action. The FBI said cybercriminals stole nearly $750 million from more than 7,000 companies in the United States between October 2013 and August 2015. When you include international victims, total losses from busness-to-email attacks exceed $1.2 billion. Attackers, …

  • Five Ways Security Metrics Do More Harm Than Good

    by Tony Bradley on August 31, 2015

    There is no shortage of data out there. Virtually everything with a power source is logging events and churning out data almost constantly—including all of your security tools. That data—your security metrics—can uncover valuable truths about your security posture if used and analyzed properly, but it can also be very misleading or completely useless. Aaron Levenstein is credited with this little …

  • Security Metrics to Drive Change

    by Tony Bradley on August 24, 2015

    What’s the point, really? You've dedicated terabytes of storage to capture insane volumes of log data, but for what? Yes, you can distill the highlights which make you look good and drop them in your reports. Be warned that those types of vanity metrics don’t provide any real value. Use the right security metrics in the right way, and you can clearly illustrate the issues. And that's how you…

  • If You Don't Know Where You Are, How Do You Know Where You Are Going?

    by Tony Bradley on August 21, 2015

    Business intelligence and big data analytics are valuable tools for organizations. Collecting and analyzing the right metrics related to current and past performance helps businesses develop effective plans for the future. This is especially true when it comes to securing your network and protecting your data. Think of it like making a trip to the grocery store. You can just walk in and shop. You…

This document was retrieved from on Thu, 26 Nov 2015 19:56:59 -0500.
© 2015 EMC Corporation. All rights reserved.