Showing Blog Posts: 1–10 of 71 tagged Business

  • How Much Will That Phishing Trip Cost You?

    by Tony Bradley on September 29, 2015

    Organizations spend a significant amount of money on security tools. All of the firewalls and antimalware solutions in the world, though, offer little protection against a phishing attack that tricks an authorized user into downloading malicious software or compromising credentials. Phishing attacks are becoming more effective and more costly as time goes on. The Ponemon Institute recently…

  • You Can’t Squeeze Blood From a Turnip

    by Tony Bradley on September 23, 2015

    You’ve probably heard the phrase “You can’t squeeze blood from a turnip,” before. The point is that no amount of begging, coercing, pushing, or otherwise coaxing something can yield results if those results simply aren’t possible. Many organizations, however, hand a proverbial turnip to the CISO and expect blood in return. Executive management or the company board have expectations for the CISO. …

  • What Do Companies Expect From a CISO?

    by Tony Bradley on September 15, 2015

    The role of CISO is an important one. It must be. It has Chief right in the title. The question, though, is what exactly does a company expect a CISO to do? You can’t meet or manage expectations if you don’t know what they are, and there’s a good chance you won’t keep your CISO job very long if you can’t meet expectations. A CISO is responsible for securing and protecting information assets but…

  • Taking Responsibility for Information Security

    by Tony Bradley on September 9, 2015

    It’s impossible for any one person to manage every aspect of securing the network, endpoints and data of an entire organization. The top of the security chain of command in most cases is the Chief Information Security Officer, though, so ultimately that responsibility falls on the shoulders of the CISO. Security is everyone’s job. Each and every employee within a company has to have some basic…

  • Criminals Use CEO Emails to Target Companies

    by RSAC Contributor on September 3, 2015

    That email from the CEO in your inbox may not be real. Stop and pick up the phone to make sure it's legitimate before you take action. The FBI said cybercriminals stole nearly $750 million from more than 7,000 companies in the United States between October 2013 and August 2015. When you include international victims, total losses from busness-to-email attacks exceed $1.2 billion. Attackers, …

  • Five Ways Security Metrics Do More Harm Than Good

    by Tony Bradley on August 31, 2015

    There is no shortage of data out there. Virtually everything with a power source is logging events and churning out data almost constantly—including all of your security tools. That data—your security metrics—can uncover valuable truths about your security posture if used and analyzed properly, but it can also be very misleading or completely useless. Aaron Levenstein is credited with this little …

  • Security Metrics to Drive Change

    by Tony Bradley on August 24, 2015

    What’s the point, really? You've dedicated terabytes of storage to capture insane volumes of log data, but for what? Yes, you can distill the highlights which make you look good and drop them in your reports. Be warned that those types of vanity metrics don’t provide any real value. Use the right security metrics in the right way, and you can clearly illustrate the issues. And that's how you…

  • If You Don't Know Where You Are, How Do You Know Where You Are Going?

    by Tony Bradley on August 21, 2015

    Business intelligence and big data analytics are valuable tools for organizations. Collecting and analyzing the right metrics related to current and past performance helps businesses develop effective plans for the future. This is especially true when it comes to securing your network and protecting your data. Think of it like making a trip to the grocery store. You can just walk in and shop. You…

  • What Black Hat and the NFL Have in Common: Strategy

    by Eric Cowperthwaite on August 19, 2015

    This time of year is a merging of two of my favorite things, Hacker Summer Camp aka BSidesLV, Black Hat and DefCon, and the beginning of the football season. On the surface it might not appear that these things have a lot in common. However, a bit deeper analysis tells us that the strategies employed by your security team and your favorite football team revolve around many of the same principles…

  • Security Awareness as the Front Line of Defense

    by Fahmida Y. Rashid on August 13, 2015

    People still fall for phishing scams, open up attachments on spam messages, and visit websites claiming to have exclusive video footage of the latest scandal du jour. The average person’s ability to stay safe online hasn’t really changed. We are bombarded almost daily about the latest data breaches. Many of us have had our credit cards replaced, not just once, but maybe even twice or three times, …

This document was retrieved from on Tue, 06 Oct 2015 14:36:30 -0400.
© 2015 EMC Corporation. All rights reserved.