Menu

Blogs

Showing Blog Posts: 1–10 of 52 tagged CISO

  • What Black Hat and the NFL Have in Common: Strategy

    by Eric Cowperthwaite on August 19, 2015

    This time of year is a merging of two of my favorite things, Hacker Summer Camp aka BSidesLV, Black Hat and DefCon, and the beginning of the football season. On the surface it might not appear that these things have a lot in common. However, a bit deeper analysis tells us that the strategies employed by your security team and your favorite football team revolve around many of the same principles…

  • A Note on #CISOProblems

    by Eric Cowperthwaite on August 11, 2015

    What is it about this time of year? In the past month or so I’ve noticed even more headlines and reports than usual about the problems plaguing today’s CSOs and CISOs. If you’ve somehow managed to dodge the onslaught of grim stats, I’ll sum it up for you: The “bad guys” are proliferating and becoming more sophisticated. Security managers are having a hard time getting enough “good guys” on their…

  • CISO Guide to Being an Effective Security Leader

    by Fahmida Y. Rashid on August 10, 2015

    With all the data breaches and security headlines of the past year, it was inevitable that the role of the CISO would become much more visible. Organizations are increasingly hiring CISOs or creating senior-level security positions, but there is still a lot of confusion about what a CISO actually does. The job description has changed from mitigating exposure and securing the perimeter, to one of…

  • Collecting Security Metrics and What They Mean

    by Fahmida Y. Rashid on July 1, 2015

    Perhaps you are in the middle of a security rollout, or have new security initiatives in place. How do you know your project is successful? How do you identify problem spots, the areas which need fine-tuning or modifications? Simply put, what metrics do you have in place to help you understand the project's effectiveness? Measurements aren't supposed to be easy. Threats change on a regular basis, …

  • Peers Share Tales of Cyber-Bullying and Revenge Porn in the Workplace

    by RSAC Contributor on June 19, 2015

    Peer-2-Peer sessions bring together like-minded security professionals into small groups to discuss topics important to them. Larry Dietz, general counsel and managing director of information security at TAL Global, facilitated a P2P discussion about cyber-bullying and revenge porn. In this post, Dietz continues the conversation. The Cyber Bullying and Revenge Porn in the Workplace session was…

  • SOC: To outsource or not to outsource?

    by RSAC Contributor on June 17, 2015

    This post comes from Greg Boison, director of homeland and cybersecurity at Lockheed Martin, who was part of the Transforming SOCs roundtable discussion at the recent Gartner Security & Risk Management Summit. The following is his summary of the discussion. While walking the floor and listening to the sessions at the Gartner Risk and Security Summit, a key issue crystallized for me around Security…

  • Growing Up: A Roadmap to Vulnerability Management Maturity

    by Eric Cowperthwaite on June 8, 2015

    At this year’s RSA Conference, there was strong focus on identifying where your company’s security posture is in terms of maturity. As Brian Krebs touched on in a recent post, there are many different maturity models outlining what your company is doing, and what it should be doing. Of course each company is different, and the path to reducing risk is never a straight line. It is, however, …

  • Security By Any Other Name

    by Wendy Nather on May 21, 2015

    If you went up to a pharmacist and said, “Hi, I need something to cure a case of the APTs,” what do you think she would recommend? A big issue with the security industry has to deal with the way we market and describe security technology. It used to be that products were described by functionality, with point features that were well understood: firewall, anti-virus, anti-spam, web filter, log…

  • CSA Guide to Cloud Computing: Implementing Cloud Privacy and Security

    by Ben Rothke on May 16, 2015

    Full disclosure: this book is sponsored by the Cloud Security Alliance of which I am a founding member. I am also friends with 2 of the authors. Even though cloud computing is mainstream such that even the Federal Government is on board; it’s not necessarily so that it will always make computing cheaper and faster. And all the more so when it comes to security and privacy. The challenge is how to…

  • Next Stop for the CISO: The Office of the CIRO?

    by Tony Kontzer on May 4, 2015

    As if CISOs didn't have enough to worry about already, now we are hearing they should be seriously considering acquiring the skills they need to become the chief information risk officer. Few organizations today have a CIRO, but if the scuttlebutt at the recently concluded RSA Conference is to be believed, they will soon, and CISOs are the logical choices to fill that role. It's reasonable to…

This document was retrieved from http://www.rsaconference.com/blogs on Wed, 02 Sep 2015 10:50:43 -0400.
© 2015 EMC Corporation. All rights reserved.