Menu

Blogs

Showing Blog Posts: 1–10 of 31 tagged CISO

  • PRAGMATIC Security Metrics - Applying Metametrics to Information Security

    by Ben Rothke on January 27, 2015

    Like all books on metrics, early in PRAGMATIC Security Metrics: Applying Metametrics to Information Security authors Krag Brotby and Gary Hinson state that “you can't manage what you can't measure”. The authors claim that other books on information security metrics discuss number theory and statistics in academic terms. This title promises to be light on mathematics and heavy on utility and is…

  • CISOs Need a Board Coach

    by Rook Security on January 23, 2015

    Boards are concerned about cybersecurity, specifically about how it impacts their reputation and securities (stock). The CISO is capable of assisting the organization in selecting, deploying, and managing the capabilities to address risks identified by the board. What sounds like a perfect match is often not, as many CISOs don't have the business acumen required to be an active participant in…

  • A Guide for CISOs Concerned About Data Collection

    by Fahmida Y. Rashid on January 22, 2015

    In A CISOs Guide to Principles of Data Privacy and Security, David Sheidlower, a CISO of an international media and advertising firm examines the key issues surrounding data privacy and security. The eBook is currently publicly available on Security Current . The Guide addresses privacy policies, Big Data, consent, governance, and security. In the introduction, Sheidlower quotes Ed Mierzwinski, …

  • State of the Union Puts Cybersecurity on National Agenda

    by Fahmida Y. Rashid on January 21, 2015

    Buried among the slew of national issues such as equal pay, immigration reform, climate change and Ebola, President Barack Obama spent a few seconds talking about net neutrality and cybersecurity in his State of the Union speech Tuesday evening. While it's nice to see security on the general agenda, it's still too early to know the government's plans. The full paragraph from the State of the Union…

  • InfoSec Needs to Work With Government to Shape New Laws

    by Todd Inskeep on January 21, 2015

    The President’s State of The Union address Tuesday night addressed Information Security for the second time in three years. Two years ago, in 112 words, the President announced the NIST Framework, increased information sharing through executive action, and called for the nation to “face the rapidly growing threat from cyber-attacks.” The threat then was theft of corporate secrets and “real threats…

  • Inquiring Minds Want to Know: How Do You Implement Business Security?

    by Christopher Burgess on January 16, 2015

    Business security is not a new concept. Storeowners have alarms, video, and guards to keep the ne'er-do-wells of the world at bay. Corporations that handle money have to worry about embezzlers (does the fact that it is “white-collar crime” mean it is more sanitary as a crime?). And all who handle data must address the business of securing their data. Never Assume The number of data breaches and…

  • Enterprise Software Security: A Confluence of Disciplines

    by Ben Rothke on January 15, 2015

    To date, most software security books have focused solely on writing secure code and educating developers on how to do that. In Enterprise Software Security: A Confluence of Disciplines, authors Kenneth van Wyk, Mark Graff, Dan Peters and Diana Burley take a different, and ultimately necessary approach. Their tactic is that treating software security as an autonomous discipline doesn’t work. With…

  • Lockdown: Information Security Threats on the Edge of 2015

    by John Linkous on December 26, 2014

    As we look forward to 2015, this is a good time to take stock of how the information security threats and attack landscape have been changing. Let’s see: major data breaches at global, brand-name organizations, state-sponsored hacking activity, revelations of our own government's attempts to access personal data. It would be easy to proclaim 2014 as the "Year of the Security Threat," but that's…

  • Three Reasons Why Employees Chafe at Security Policies

    by Christopher Burgess on December 12, 2014

    How often have you heard someone say, "We can't do it that way, because our security policies prohibit . . . " Perhaps they were discussing customer data security and the means to achieve frictionless engagement. Variants of this conversation occur every day, and if you are the chief information security officer (CISO), you need to maintain these policies. Here are three reasons why employees…

  • Your End-of-the-Year Security Checklist

    by Fahmida Y. Rashid on December 5, 2014

    Let's talk about checklists! Specifically, checklists of things information security professionals should complete between now and the end of the year. Slow period? What slow period? The end-of-the-year is a very busy time for IT security. Last minute modifications and additions to next-year's budget are underway, as well as looking at this year's budget and figuring out what else needs to be…

This document was retrieved from http://www.rsaconference.com/blogs on Fri, 30 Jan 2015 01:20:48 -0500.
© 2015 EMC Corporation. All rights reserved.