Subscribe: - Employee Protection
Added By: Feedage Forager Feedage Grade B rated
Language: English
article full  article  click  contributor network  cybersecurity  full click  full  idg contributor  read article  read  security 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: - Employee Protection

CSO Online IT Leadership

Published: Sun, 22 Apr 2018 07:42:43 -0700

Last Build Date: Sun, 22 Apr 2018 07:42:43 -0700


Two incident response phases most organizations get wrong

Thu, 19 Apr 2018 03:00:00 -0700

Media Files:

Security Recruiter Directory

Wed, 18 Apr 2018 06:33:00 -0700

Looking for a qualified candidate or new job? CSO's security recruiter directory is your one-stop shop.

The recruiters listed below can help you find your next Chief Security Officer (CSO), Chief Information Security Officer (CISO), or VP of Security and fill hard-to-hire positions in risk management, security operations, security engineering, compliance, application security, penetration testers, and computer forensics, among many others.

If you're a security recruiting firm, we want your information! Our goal is to provide the most complete recruiter resource available, but to do that we need your assistance. Please send the name, contact info and a few sentences about your company and its specialties to Michael Nadeau.

To read this article in full, please click here

Media Files:

IDG Contributor Network: Do you know who the new Guardians of the Galaxy are? It’s the morally upright CISOs

Mon, 16 Apr 2018 05:24:00 -0700

If you have no clue what I am talking about I promise to make amends in a minute or less. Yes – I am referring to the amazing superheroes from the Marvel series who – and this is taken verbatim from Wikipedia – “form a team of interstellar heroes that will be proactive in protecting the galaxy, rather than reacting to crises as they happen.”

Well, the new galaxies in our digitized and artificially intelligent world are the Facebooks, Googles, Amazons and Alibabas of the world. And pay attention to that telling phrase “proactive in protecting rather than reacting to cries as they happen.

The image of a guardian conjures up images of celebrities or politicians with able-bodied musclemen scowling at everyone. But did you know that all of us consumers – anyone who uses Facebook – or any other app on a large platform – have a guardian as well? And this guardian may not be someone you have ever met (or ever will), you may even be surprised at the title she holds. And this bodyguard may not prevent bodily harm or injury, they will protect your most important asset – your data, which arguably may even be more important than your body in this digital age.

To read this article in full, please click here

Media Files:

6 hot digital transformation trends – and 4 going cold

Sun, 15 Apr 2018 22:00:00 -0700

Now considered essential to driving profits, digital transformations are shifting from platform-first strategies to initiatives that leverage emerging technologies in service of clear customer and operational goals.

CIO Leadership Live with Klara Jelinkova, CIO of Rice University | Ep 7

Wed, 11 Apr 2018 22:00:00 -0700

Maryfran Johnson talks with Klara Jelinkova, Rice University’s CIO, on a range of topics, including the responsibility of senior women in IT to mentor the next generation and how the university's GDPR project was an opportunity to talk with business unit leaders and stakeholders about data security and privacy.

IDG Contributor Network: Taking a bite-sized approach to security automation and orchestration

Mon, 09 Apr 2018 11:10:00 -0700

Knowing staffing resources are scarce but threats are more damaging than ever, there has been an increased interest in using automation and orchestration technology to solve for gaps in cybersecurity coverage and challenges in hiring and retaining top talent.

Automation and orchestration can enable a lean security team to prioritize and manage the manual, tedious, and time-consuming response of alerts coming in from detection and SIEM tools. Intelligent use of automation orchestration can control the inefficiencies that would otherwise set in when multiple resources and teams try to investigate and remediate incidents.

But there’s a common misconception out there for everyone from the CISO to a level 1 security analyst: Does everything that is going to be automated have be automated at once? And, does the full process need to be fully documented before there is a benefit to automation and orchestration. Even for the most zealous or uber-ambitious expert, automating every incident and every step in your incident response workflow is as realistic as trying to boil the ocean. It’s much more effective to walk before you run, especially if you’re part of an enterprise security team, where typically multiple cross-functional teams are involved across a variety of different technologies.

To read this article in full, please click here

Media Files:

IDG Contributor Network: 4 steps to creating a winning cybersecurity strategy in 2018

Mon, 09 Apr 2018 07:52:00 -0700

Most organizations are in the phase of rapidly gearing up to contain and manage cybersecurity threats. The question is how and where to begin?

In many ways the US Federal Government went through this same difficult phase in 2015 due to the OPM data breach. There are some worthwhile lessons to be learned­­. One of the key elements of the Federal response was to set cybersecurity at the forefront of a chief executive’s responsibility with clear assignment of accountability. The second element was to provide funding and investments to upgrade the cybersecurity posture.

To read this article in full, please click here

Media Files:

Social engineering: It's time to patch the human

Mon, 09 Apr 2018 07:00:00 -0700

Jayson Street, the DEF CON Groups Global Ambassador, and VP of InfoSec for SphereNY, has likely forgotten more about social engineering than some of us have learned over the years working in security.

That's not fluff, he really does live for this stuff.

Our conversation with Street started passively, a simple question asking him about his conference plans this year.

Media Files:

IDG Contributor Network: Alternative communications planning and cybersecurity incident response

Mon, 09 Apr 2018 06:31:00 -0700

There seems to be no end in sight for ransomware and malware attacks after the spike in high-profile incidents last summer. This includes the Wannacry ransomware strike in May 2017; PetWrap/NotPetya attacks in June; the identification of “BlackOasis” through an Adobe Flash vulnerability in October; the explosive revelations of the Equifax breach; wireless security protocols that need to be patched; the Meltdown and Spectre bugs in processor chips; and most recently the Cisco Adaptive Security Appliance vulnerability, among others.

Many companies are now rightfully revisiting their incident response (IR) protocols to prepare themselves for future attacks. More and more regulatory requirements dictate that organizations must have a written IR plan. While an IR plan is just one piece of a larger, more complex cybersecurity program, it is nevertheless a critical component and one that many regulators are closely scrutinizing. Apart from the legal, reputational and regulatory risk, ransomware attacks can disable entire global businesses for several days making IR plans business critical.

To read this article in full, please click here

Media Files:

IDG Contributor Network: The database of dangerous assumptions

Mon, 09 Apr 2018 04:01:00 -0700

In “Algorithms don't have biases, and other dangerous cyber-assumptions,” I addressed dangerous beliefs that have consequential effects on protecting vulnerable assets and preventing malicious attacks. For example, assuming algorithms don’t make assumptions may result in depending on faulty data leading to a weak defense.

The video in this blog reinforces the concept that assumptions are part of your everyday decision-making process and that to deny making them is unproductive and potentially threatening.  Click here or on the embedded video below to watch:

To read this article in full, please click here

Media Files:

IDG Contributor Network: Half the world is female, so why do women only make up 1% of security leaders?

Fri, 06 Apr 2018 08:08:00 -0700

One is indeed a lonely number, particularly in my industry – cybersecurity. While gender diversity is slowly inching up in many industries, diversity is severely lagging in cybersecurity, where women make up only one percent of executives.

Diversity in cybersecurity is not a female-only issue. It should matter to everyone because cybersecurity is an immense global challenge that is gender agnostic. And to be effective, we need solutions to be as diverse as possible. Diversity drives adaptation and innovation, allowing companies to develop industry-leading technologies and solutions to face cyber terrorists, ransomware threats and every day hacks that are all part of the cybersecurity challenges the world faces today and the evolving attacks of tomorrow. 

To read this article in full, please click here

Media Files:

Technologies that will disrupt business in 2018

Tue, 03 Apr 2018 21:00:00 -0700

From artificial intelligence to augmented reality, these dozen disruptive technologies and trends will begin driving how business gets done at forward-thinking organizations this year.

RSA Conference: CISOs' top 4 cybersecurity priorities

Tue, 03 Apr 2018 09:55:00 -0700

I’ve spent a good amount of time talking to CISOs over the past few months to learn about their current priorities and how their jobs are changing. Of course, many of these security executives will be attending the RSA Conference in a few weeks.

What security executives are looking for

Based upon my meetings with security executives, here’s a sample of what CISOs will be looking for in San Francisco:

1. Executive-level threat intelligence

As business executives gain a better understanding about cyber risk, CISOs have been tasked with learning more about cyber adversaries and reporting what they learned to the board. To be clear, CISOs are not looking for deep technical intelligence on IoCs, exploits, or malware variants. Rather, they want to know who is attacking their organizations, for what purposes, and gather a high-level view of their tactics, techniques, and procedures (TTPs).

To read this article in full, please click here

Media Files:

8 essential sites for researching your next employer

Mon, 02 Apr 2018 21:00:00 -0700

Landing a job interview feels great, but how much do you know about your potential employer? Job listings often illicit more questions than provide answers. Knowing where to find inside information can mean the difference between getting a job from a great company and heading down the wrong path.

7 goals every project manager should aspire to achieve

Sun, 25 Mar 2018 22:00:00 -0700

Project managers must look beyond requirements, budgets and timelines to ensure they are executing high-impact, high-visibility projects with a direct line to the organization's overall strategic goals. Here's how to be recognized by executives and stakeholders as an indispensable strategic partner.

SamSam ransomware attacks have earned nearly $850,000

Fri, 23 Mar 2018 15:01:00 -0700

First emerging in late 2015, the group believed to be responsible for the SamSam ransomware family has targeted small and large businesses, healthcare, governments and education.

Over time, the ransom prices set by this group have changed some, but they've remained consistent when it comes to general affordability, which is why many victims have paid. To date, the group has made nearly $850,000 USD.

Media Files:

IDG Contributor Network: Overcoming today's risks and tomorrow's threats with confidence

Fri, 23 Mar 2018 04:43:00 -0700

As any cybersecurity professional knows, the biggest threat to an organization is the one that hasn’t been launched yet.

Attackers have become so adept at the element of surprise that they send their targets into a tailspin whenever a new threat is unleashed – not only because of the damage that the threat inflicts, but also because no one saw it coming. This ability to ambush an organization’s cyber defenses intensifies the effects of the threat and leaves cybersecurity practitioners scrambling to minimize the damage while continuously looking over their shoulders, scanning the horizon for the next surprise.

There’s no question that cyber threats have become among the greatest risks to industry and governments today. That reality is putting an immense amount of pressure on cybersecurity professionals. From addressing privacy concerns and keeping up with new data-protection regulations to dealing with existing vulnerabilities and anticipating coming ones, these professionals have never had more on their plate, or more at stake.

To read this article in full, please click here

Media Files:

12 reasons why digital transformation fails in the enterprise

Thu, 22 Mar 2018 22:00:00 -0700

Lack of CEO sponsorship, talent deficiency, resistance to change — if you’ve encountered any of the following issues, you may want to rethink your digital transformation before it grinds to a standstill.

IDG Contributor Network: You’re too busy to get your security right

Tue, 20 Mar 2018 10:50:00 -0700

Every now and then the topic of being a security generalist comes up in a conversation. Almost every organization has a person who deals with a wide variety of security matters. Security isn’t just one thing, it’s a term that describes a very large number of activities and spheres of knowledge. I consider myself a security generalist to a degree, I suspect many people reading this are also one. Rather than being very good at one topic, like cryptography for example, many of us have dealt with a large number of topics over the years.

I do like being a generalist and all the freedom and challenges that come with it, but the winds that drive the industry are starting to shift. The idea of having a few people who can a little bit of everything isn’t really working for most organizations. We’re all too busy to be effective much of the time.

To read this article in full, please click here

Media Files:

10 tips for making your self-evaluation more meaningful

Tue, 20 Mar 2018 07:47:00 -0700

Whether you think your company uses the information or not, self-evaluations are a necessary device for professional development. Here’s how to make the most of the dreaded self-evaluation process.

3 areas in which CISOs are becoming more proactive

Tue, 13 Mar 2018 07:50:00 -0700

I’ve spent a good amount of time speaking with CISOs over the past month and plan to write up a report about what I’m learning sometime after the RSA Security Conference.

In the meantime, it’s become crystal clear to me that CISOs are becoming more and more proactive in their jobs in a few areas, including the following:

1. Threat intelligence

In the distant past, most organizations really didn’t believe they were potential targets for cyber attacks. Yes, CISOs were responsible for building adequate defenses, but this job was seen as a purely technical endeavor. At that time, hackers were hackers — outside of Ft. Mead, few cybersecurity pros distinguished between cyber criminals and state-sponsored actors.

To read this article in full, please click here

Media Files:

IDG Contributor Network: Having a boardroom conversation about cybersecurity and material risk

Mon, 12 Mar 2018 11:51:00 -0700

I know a lot of persuasive folks in the cybersecurity community who can easily conjure up a dozen different cyberattack scenarios detailed enough to scare the socks off any board member. Many of us have been hearing about these hypothetical disasters for a decade or longer.

Senior leaders are nervous – and spending copiously. Yet, even as the defense of enterprise data has grown into a steadily expanding $93 billion a year global industry, cyberthreats, by and large, remain an abstract, catch-all notion in many board rooms.

Encouragingly, that’s beginning to change. A confluence of developments makes this so. Mainly, the disclosures of actual nightmare breaches, which climbed to new heights in 2016 and 2017, show no signs of slowing. This pattern has prompted newly minted state regulations in New York and Colorado, mandating improved data protection practices – a harbinger of more such regulations to come. Meanwhile in Europe, come May, the EU will implement its revised General Data Protection Regulation. GDPR carries stiffer data privacy rules that generally elevate consumers' rights, and levies steep penalties against corporate violators.

To read this article in full, please click here

Media Files:

IDG Contributor Network: How managers can best communicate the importance of cybersecurity to employees

Fri, 09 Mar 2018 04:18:00 -0800

A recent Kaspersky Lab survey of nearly 8,000 full-time employees found that 12% claim to be fully aware of their organization's IT security policies and rules.

Based on this finding, it sounds like current communication tactics aren’t making much of an impact today. More communication is part of the answer. But, as the old saying goes, repeatedly doing the same thing and expecting different outcomes…well, it isn’t a rational approach. A combination of more – and different – communication is the answer.

To read this article in full, please click here

Media Files:

CIO Leadership Live with Mojgan Lefebvre, CIO of Global Risk Services at Liberty Mutual | Ep 6

Thu, 08 Mar 2018 21:00:00 -0800

Host Maryfran Johnson talks with Mojgan Lefebvre, CIO for Liberty Mutual's Global Specialty business, about how the insurance firm is leveraging the cloud, creating business-specific data strategy and getting the best from its acquisitions.

IDG Contributor Network: Corporate boards will face the spotlight in cybersecurity incidents

Thu, 08 Mar 2018 07:30:00 -0800

In my last article, I noted that corporate boards, especially those of public companies, are facing increased scrutiny and liability exposure in relation to cybersecurity and data privacy. While companies continue to gather and store large amounts of data, they are also more and more likely to be subject to a damaging cyberattack or data breach. The actions and composition of boards will be closely watched in the court of public opinion as well as by the courts themselves and by lawmakers.

The impact of a data breach should not be underestimated. A breach can lead to regulatory investigations by a number of agencies, including the Federal Bureau of Investigation, Secret Service, Immigration and Customs Enforcement as well as through enforcement actions by regulators including State Attorneys General, the Federal Trade Commission (FTC) and the Securities and Exchange Commission (SEC), among many others.

To read this article in full, please click here

Media Files:

IDG Contributor Network: Making the most of your time at the RSA 2018 conference

Thu, 08 Mar 2018 06:31:00 -0800

Last year, I wrote about how to plan your trip to the RSA 2017 conference. While it’s normally in February or March, this year’s conference is April 16-20, a little more than 5 weeks away.

Attending the conference requires a significant time and monetary investment. With a little more time to prepare, here are some tips for 2018 to consider ensuring your time and money are well spent.

Book your hotel ASAP

San Francisco is a small city and for large conferences, there’s often a dearth of hotel rooms. If you didn’t book yet, do that now at the conference hotel page. The number of available hotels rooms in San Francisco has not increased, but the number of RSA attendees has. To which I have noticed that hotel prices are significantly more expensive this year. Many rooms in the immediate area are 2-3 times above their normal price, given the amount of RSA attendees.

To read this article in full, please click here

Media Files:

IDG Contributor Network: The time is now for a comprehensive, risk-based approach to build cyber resilience

Fri, 23 Feb 2018 05:09:00 -0800

As one who attends many industry conferences, it’s almost a guarantee that you will hear the cliché question “What issue keeps you up at night?” posed to enterprise security executives on stage.

While the question may be monotonous, the responses can trigger lively exchanges, especially in today’s cybersecurity landscape. Contending with the proliferation of connected devices, ransomware attacks, insufficiently trained security teams, a shortage of security personnel, rapid changes to the threat landscape and responding to board concerns are just some of the many relevant issues that emerge from those who answer that seemingly “routine” question.

To read this article in full, please click here

Media Files:

IDG Contributor Network: Building a cybersecurity strategic plan

Wed, 21 Feb 2018 10:10:00 -0800

Today, technology changes at a rate most businesses can’t keep pace with, and it’s this lag that introduces risk into organizations’ business operations. To manage risk, many security leaders must implement controls across this ever-increasing, turbulent network landscape. These same security executives also apply best-practice approaches to diverse risk portfolios using traditional concepts such as defense in depth and layered security technologies. I believe traditional methods need to be changed since they were initially envisioned for centralized, managed networks that CISOs first started our careers with years ago.

Now networks typically don’t have fully defined perimeters; they’re designed for the mobile worker and geo-dispersed teams with numerous third-party connections to vendors and trusted partners. It’s these new network infrastructures that exist in the cloud, shared data centers and on mobile devices that force CISOs to revisit their strategic plans. In essence, these plans are cybersecurity roadmaps that establish pathways an organization can follow to improve its overall risk management approach. These plans should describe how the security program will protect and share information, counter new and evolving threats, and support the integration of cybersecurity as a best practice for everyday business operations.

To read this article in full, please click here

Media Files: