A Road Map for CISOs

by Todd Fitzgerald The role of the CISO has evolved greatly over the years. Over the past 20 years leading security practices across multiple industry verticals for large Fortune 500 organizations, I have observed first hand its various shifts. The natural next question is what the next phase would look like. More importantly, will the…

The post A Road Map for CISOs appeared first on SecurityCurrent.

Continue reading A Road Map for CISOs

Log-ical Benefits: Why Logs Are a Treasure Trove of Information

by Joel Rosenblatt Director for Network and Computer Security Columbia University (Beginning January 28, Joel Rosenblatt will be moderating a group discussion on CISOs Connect. The discussion will run for two weeks and is open to all CISOs Connect members. CISOs who want to sign up may send an email to arhodes@cisosconnect.com) There’s a familiar…

The post Log-ical Benefits: Why Logs Are a Treasure Trove of Information appeared first on SecurityCurrent.

Continue reading Log-ical Benefits: Why Logs Are a Treasure Trove of Information

A Modest Proposal to Eliminate (or Modify) Breach Disclosure Laws

by Mark Rasch Google recently disclosed the fact that a vulnerability in its Google Plus configuration could have been used by hackers to expose personal information about users of the Google Plus service. (https://www.nytimes.com/2018/10/08/technology/google-plus-security-disclosure.html) Indeed, Google announced that it was shutting down the service as a result of the hack. That’s not what outraged the…

The post A Modest Proposal to Eliminate (or Modify) Breach Disclosure Laws appeared first on SecurityCurrent.

Continue reading A Modest Proposal to Eliminate (or Modify) Breach Disclosure Laws

The attacks of the future

What might the most damaging attacks of the future look like? The answer to the question may lie somewhere between the known patterns that attackers have established over the years, and signs that we are starting to see today. A look back It started with the sun and the moon. Solar Sunrise was discovered in…

The post The attacks of the future appeared first on SecurityCurrent.

Continue reading The attacks of the future

How to Get Everyone Attuned to Cybersecurity: Ways to Raise Security Awareness

Your organization’s security stance must be supported by everyone in the company, every day, in all that they do. However, people are focused on their jobs, not necessarily on security. With attacks increasingly starting at the human level through social media or targeted emails, your organization needs to create and maintain a high level of…

The post How to Get Everyone Attuned to Cybersecurity: Ways to Raise Security Awareness appeared first on SecurityCurrent.

Continue reading How to Get Everyone Attuned to Cybersecurity: Ways to Raise Security Awareness

People, Process and Technology: Tips for Strengthening the Three Pillars of a Highly Effective Security Program

Did you know you need just three resources to build a highly effective security program? It’s true. Your success will be highly contingent upon how you leverage people, process and technology. Perhaps it is the rule of three which make this all gel, but if you take proper care of these three elements, everything else…

The post People, Process and Technology: Tips for Strengthening the Three Pillars of a Highly Effective Security Program appeared first on SecurityCurrent.

Continue reading People, Process and Technology: Tips for Strengthening the Three Pillars of a Highly Effective Security Program

Healthcare Ransomware Attacks – Don’t Be Part of the Statistics

In 2017, six of the top ten HIPAA breaches reported to the U.S. Department of Health and Human Services (HHS) stemmed from ransomware.[1] In a typical ransomware attack, important data is encrypted and “held for ransom” until the victim pays a designated amount in exchange for gaining access to the keys to decrypt the data…

The post Healthcare Ransomware Attacks – Don’t Be Part of the Statistics appeared first on SecurityCurrent.

Continue reading Healthcare Ransomware Attacks – Don’t Be Part of the Statistics

Using Metrics to Improve Your Security Program – Part 2

In my previous article, I tried to cover why metrics are an important part of your security program and some of my beliefs about how metrics should be created and used. I am often asked about what specific metrics I collect, what metrics are important to my trustees, and how I report on them. I…

The post Using Metrics to Improve Your Security Program – Part 2 appeared first on SecurityCurrent.

Continue reading Using Metrics to Improve Your Security Program – Part 2

Using Metrics to Improve Your Security Program

So…you are responsible for the computer security of your organization. You probably have many great ideas on how to do this. You start looking around for products and services to implement those plans of yours and figure out quickly there are no commercial solutions that fit into your budget. Now what do you do? Enter…

The post Using Metrics to Improve Your Security Program appeared first on SecurityCurrent.

Continue reading Using Metrics to Improve Your Security Program

Using Metrics to Improve Your Security Program

So…you are responsible for the computer security of your organization. You probably have many great ideas on how to do this. You start looking around for products and services to implement those plans of yours and figure out quickly there are no commercial solutions that fit into your budget. Now what do you do? Enter…

The post Using Metrics to Improve Your Security Program appeared first on SecurityCurrent.

Continue reading Using Metrics to Improve Your Security Program