Showing Blog Posts: 1–10 of 58 tagged CISO

  • Security Operations Center: Building, Operating, and Maintaining your SOC

    by Ben Rothke on November 30, 2015

    Large enterprises have numerous information security challenges. Aside from the external threats; there’s the onslaught of security data from disparate systems, platforms and applications. Getting a handle on the security output from numerous point solutions, generating millions of messages and alerts daily is not a trivial endeavor. As attacks becoming more frequent and sophisticated and with…

  • Insuring Cyber the Same Way as Natural Disasters

    by Rook Security on September 30, 2015

    There is no doubt that cyberinsurance is a fast-growing product with an important role in our current landscape where security breaches are happening at a breakneck pace. And many claim the market is nowhere near fully saturated...lots of companies remain unprotected. Most every Risk Manager has a disaster plan for what we typically think of as natural disasters: hurricane, fire, even polar…

  • You Can’t Squeeze Blood From a Turnip

    by Tony Bradley on September 23, 2015

    You’ve probably heard the phrase “You can’t squeeze blood from a turnip,” before. The point is that no amount of begging, coercing, pushing, or otherwise coaxing something can yield results if those results simply aren’t possible. Many organizations, however, hand a proverbial turnip to the CISO and expect blood in return. Executive management or the company board have expectations for the CISO. …

  • What Do Companies Expect From a CISO?

    by Tony Bradley on September 15, 2015

    The role of CISO is an important one. It must be. It has Chief right in the title. The question, though, is what exactly does a company expect a CISO to do? You can’t meet or manage expectations if you don’t know what they are, and there’s a good chance you won’t keep your CISO job very long if you can’t meet expectations. A CISO is responsible for securing and protecting information assets but…

  • Taking Responsibility for Information Security

    by Tony Bradley on September 9, 2015

    It’s impossible for any one person to manage every aspect of securing the network, endpoints and data of an entire organization. The top of the security chain of command in most cases is the Chief Information Security Officer, though, so ultimately that responsibility falls on the shoulders of the CISO. Security is everyone’s job. Each and every employee within a company has to have some basic…

  • What Black Hat and the NFL Have in Common: Strategy

    by Eric Cowperthwaite on August 19, 2015

    This time of year is a merging of two of my favorite things, Hacker Summer Camp aka BSidesLV, Black Hat and DefCon, and the beginning of the football season. On the surface it might not appear that these things have a lot in common. However, a bit deeper analysis tells us that the strategies employed by your security team and your favorite football team revolve around many of the same principles…

  • A Note on #CISOProblems

    by Eric Cowperthwaite on August 11, 2015

    What is it about this time of year? In the past month or so I’ve noticed even more headlines and reports than usual about the problems plaguing today’s CSOs and CISOs. If you’ve somehow managed to dodge the onslaught of grim stats, I’ll sum it up for you: The “bad guys” are proliferating and becoming more sophisticated. Security managers are having a hard time getting enough “good guys” on their…

  • CISO Guide to Being an Effective Security Leader

    by Fahmida Y. Rashid on August 10, 2015

    With all the data breaches and security headlines of the past year, it was inevitable that the role of the CISO would become much more visible. Organizations are increasingly hiring CISOs or creating senior-level security positions, but there is still a lot of confusion about what a CISO actually does. The job description has changed from mitigating exposure and securing the perimeter, to one of…

  • Peers Talk About Mindfulness

    by RSAC Contributor on August 4, 2015

    Jennifer Minella, VP of Engineering at Carolina Advanced Digital, led security and risk professionals in a discussion about mindfulness and leadership as part of the Peer-to-Peer discussion at RSA Conference 2015 in San Francisco. Below is Minella's notes from the session. The idea of this P2P was that we can affect change in the workplace around us, and sharing ways to go about that. In the end…

  • Collecting Security Metrics and What They Mean

    by Fahmida Y. Rashid on July 1, 2015

    Perhaps you are in the middle of a security rollout, or have new security initiatives in place. How do you know your project is successful? How do you identify problem spots, the areas which need fine-tuning or modifications? Simply put, what metrics do you have in place to help you understand the project's effectiveness? Measurements aren't supposed to be easy. Threats change on a regular basis, …

This document was retrieved from on Tue, 01 Dec 2015 09:39:33 -0500.
© 2015 EMC Corporation. All rights reserved.