Subscribe: - Employee Protection
Added By: Feedage Forager Feedage Grade B rated
Language: English
article full  article  click  cybersecurity skills  cybersecurity  full click  full  idg contributor  read article  read  security 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: - Employee Protection

CSO Online IT Leadership

Published: Sun, 17 Dec 2017 06:17:55 -0800

Last Build Date: Sun, 17 Dec 2017 06:17:55 -0800


What is identity management? IAM definition, uses, and solutions

Wed, 13 Dec 2017 02:52:00 -0800

Identity and access management, or IAM, in enterprise IT is about defining and managing the roles and access privileges of individual network users and the circumstances in which users are granted (or denied) those privileges. The core objective of IAM systems is one identity per individual. Once that digital identity has been established, it must be maintained, modified and monitored throughout each user’s “access lifecycle.” 

Media Files:

What defines job satisfaction for cybersecurity professionals?

Tue, 12 Dec 2017 07:50:00 -0800

Everyone is busy writing their cybersecurity predictions for 2018, and while I haven’t published my list yet, here’s an easy call — the cybersecurity skills shortage will continue to be an existential threat in 2018. 

As a review, here are a few data points that lead me to this conclusion:

  • Forty-five percent of organizations claim to have a problematic shortage of cybersecurity skills in 2017. By the way, 46 percent of organizations claimed to have a problematic shortage of cybersecurity skills in 2016, so things are not improving.
  • According to a recent survey of cybersecurity professionals conducted by ESG and the information systems security association (ISSA), 70 percent of organizations say they’ve been impacted by the global cybersecurity skills shortage. The ramifications of the skills shortage include increasing workloads for the security staff, the need to hire and train junior personnel, and most of cybersecurity staff time spent on emergencies.
  • As a function of the skills shortage, 49 percent of cybersecurity professionals are solicited to consider another cybersecurity job at least once per week.

Given the cybersecurity skills shortage and cut-throat recruiting going on, CISOs should do everything they can to make sure cybersecurity staff members remain happy and productive. This begs an obvious question: What type of work environment is most appealing to infosec professionals?

To read this article in full, please click here

Media Files:

IDG Contributor Network: How to avoid a crash landing in cyberspace

Tue, 12 Dec 2017 06:10:00 -0800

Humans are like snowflakes. No two are alike.

Yet we often behave in a way that is the exact opposite; assuming people think and act just like we do. In cybersecurity, treating something as a truth rather than belief can lead to a project’s crash landing. Cases in point:

Assuring alignment

Your code may be 100% spot on, but it turns out that the code’s function isn’t in alignment with the work of the other engineers It’s not your fault. Rather the various teams working on the project had different specs.

Sounds implausible?

Just think of the 1998 Mars Climate Orbiter disastrous disintegration upon entry into Mars atmosphere. The culprit was that NASA engineers had used software based on the widespread metric unit of measurement while their partner; Lockheed Martin engineers used calculations for the hardware using the English unit of measurement.

To read this article in full, please click here

Media Files:

IDG Contributor Network: Dear CEO, are you enabling your CISO?

Mon, 11 Dec 2017 06:54:00 -0800

What do we see?

Over the past 10 years there has been a dramatic increase in the number of security incidents. To give just one example; in just 10 years (2006-2015), the US government saw a 1300% increase of cyber security incidents. 2016 and 2017 have only confirmed this trend with a staggering number of data breaches, ransomware attacks, phishing incidents, etc. Not surprisingly, security risk has claimed a top spot in the top business risks in many, if not all, industries. Company boards and executive committees can no longer ignore the fact that just one serious security incident could significantly impact the bottom line and future growth of their company, and potentially even cost them their jobs.

To read this article in full, please click here

Media Files:

GDPR turbocharges identity and access management spending

Fri, 08 Dec 2017 05:46:00 -0800

Media Files:

CIO Leadership Live with Ron Guerrier, CIO at Farmers Insurance | Ep 2

Tue, 05 Dec 2017 21:00:00 -0800

In this episode, host Maryfran Johnson and Ron Guerrier, CIO at Farmers Insurance, discuss building an IT innovation ecosystem, and the impact of next-generation technologies on the insurance industry.

Cybersecurity professionals aren’t keeping up with training

Tue, 05 Dec 2017 07:41:00 -0800

I’ve written a lot about the cybersecurity skills shortage lately based upon data from a new research report titled, The Life and Times of Cybersecurity Professionals, a collaborative effort done by ESG and the information systems security association (ISSA). The report indicates that:

  • Seventy percent of cybersecurity professionals believe their organizations have been impacted by the cybersecurity skills shortage.
  • What type of impact? Sixty-three percent say the cybersecurity skills shortage has increased the workload on existing staff, 41 percent have had to hire junior personnel in lieu of more experienced staff, and 41 percent claim the cybersecurity staff spends a disproportional amount of time on incident response and limited time on planning and strategy.
  • The areas where the skills shortage is most acute include security investigations/analysis (31 percent), application security (31 percent), and cloud security (29 percent).

In aggregate, many organizations don’t have enough cybersecurity staff and lack some (or many) advanced skills. 

To read this article in full, please click here

Media Files:

IT help wanted, cybersecurity experience preferred

Mon, 04 Dec 2017 10:31:00 -0800

The numbers are in — and the world will face a shortfall of 3.5 million cybersecurity workers by 2021, according to this year’s Official Annual Cybersecurity Jobs Report.

A lack of experienced cyber defense workers poses the biggest threat to society and organizations globally — more so than ransomware and DDoS attacks and more than all conceivable cyber risks combined.

How to solve the cybersecurity labor shortage

To address the cybersecurity labor shortage, CIOs and CISOs may want to consider making every IT position a cybersecurity position now. Every IT worker, every technology worker, needs to be involved with protecting and defending apps, data, devices, infrastructure, and people.

To read this article in full, please click here

Media Files:

IDG Contributor Network: 3 common cybersecurity maturity failings

Mon, 04 Dec 2017 04:02:00 -0800

Anton Chuvakin from Gartner recently blogged about the overall low maturity in cyber security. He made some interesting points. Especially on how vendors, investors and the media rely on flawed statistics, surveys and a fair dose of wishful thinking in assessing the security maturity of the average enterprise, projecting market growth and product viability.

I had the same experience, at Gartner and as a penetration tester. For example, I never conducted a project where I needed more than off-the-shelf open source tools and known exploits to breach an organization. Never had to grab deep into the trick box. Basic approaches were sufficient.

To read this article in full, please click here

Media Files:

Security Recruiter Directory

Fri, 01 Dec 2017 12:48:00 -0800

Looking for a qualified candidate or new job? CSO's security recruiter directory is your one-stop shop.

The recruiters listed below can help you find your next Chief Security Officer (CSO), Chief Information Security Officer (CISO), or VP of Security and fill hard-to-hire positions in risk management, security operations, security engineering, compliance, application security, penetration testers, and computer forensics, among many others.

If you're a security recruiting firm, we want your information! Our goal is to provide the most complete recruiter resource available, but to do that we need your assistance. Please send the name, contact info and a few sentences about your company and its specialties to Michael Nadeau.

To read this article in full, please click here

Media Files:

IDG Contributor Network: How to spend your cybersecurity budget increase

Thu, 30 Nov 2017 06:30:00 -0800

In “How to sell cybersecurity to your executive team,” I discussed strategies to sell cybersecurity to your board of directors, executives, and business leaders using a standards-based approach. Ultimately, this strategy would lead to you receiving a larger cybersecurity budget. Ample security budgets are rare, but by speaking the executive team’s language, using metrics and visuals, and getting outside verification, you’re bound to get the occasional healthy budget increase.

So, you’ve followed those steps, and have been rewarded with a larger security budget. Because no good deed goes unpunished, this forces a difficult question: what should you do with the money? Your budget won’t increase every year, so it’s important to make the most of the opportunity. It’s vital that you use a standards-based approach to allocate the funds to measure your return on investment and get optimal improvement.

To read this article in full, please click here

Media Files:

IDG Contributor Network: Fortune favors the tech-savvy

Wed, 29 Nov 2017 06:29:00 -0800

Today’s digital economy sees established enterprises competing against start-ups, enterprises worrying about risk, and smart enterprises deploying digital technologies capable of transforming their enterprise and enabling better business-to-customer interactions and relationships.

Opportunity abounds; our global digital economy presents new possibilities almost daily. The problem is, not every enterprise is taking advantage of those opportunities. ISACA’s recently released Digital Transformation Barometer research shows that slightly less than a third of enterprises are making it a priority to evaluate the opportunities emerging digital technologies might bring on a frequent basis. That means more than two-thirds of enterprises aren’t realizing their full potential in the digital economy.

To read this article in full, please click here

Media Files:

Did Uber throw its CSO under the bus?

Tue, 28 Nov 2017 08:56:00 -0800

Uber's CSO has been fired, according to a story in The New York Times.

That begs the question — did Uber throw Sullivan under the bus, turning him into a scapegoat for the recently disclosed year-old hack?

Sullivan's reputation may suffer irreparable harm as a result of the high-profile termination, which is receiving widespread media attention.

Media Files:

IDG Contributor Network: The CIO should report to the CISO

Mon, 20 Nov 2017 09:15:00 -0800

Since the role of CISO was invented by Citibank in 1995 there have been frequent debates on reporting structure. The most common shape for that debate is: should the Chief Information Security Officer report to the CIO or the CEO?  As someone who lived through the great quality revolution in automotive, I have long advocated for the CISO to report directly to the CEO.  In recent months I have come to the further realization that it is time for the CIO to report to the CISO.

Let’s review quickly the early 1980s when Japan was at the top of its miraculous growth in manufacturing. In only a few decades it had moved from the world’s supplier of shoddily made trinkets to the top producer of quality automobiles. US manufacturers were churning out clunky rattle traps with tolerances measured in inches while new Toyotas and Hondas had tolerances measured in millimeters.

To read this article in full, please click here

Media Files:

IDG Contributor Network: The true cost of a data breach

Mon, 20 Nov 2017 07:00:00 -0800

We have all read the headlines and know that data breaches are costly incidents for businesses and organizations to deal with.

And GDPR has been ‘done to death’ with the headlines warning about potential fines of up to €20 million or 4 per cent of a company’s global revenue once the EU General Data Protection regulation comes into force next May.

However, the true cost of a data breach is much greater, and is something that is neither widely discussed or documented.

According to the 12th annual Cost of Data Breach Study, carried out by IBM’s Ponemon Institute, the average total cost of a data breach in the UK in 2017 is £2.48 million, with the average cost per lost or stolen record £98.  

To read this article in full, please click here

Media Files:

IDG Contributor Network: How to hire top cybersecurity talent for your company

Mon, 20 Nov 2017 06:45:00 -0800

Cyber threats continue to grow in volume and intensity. Seemingly every month, another massive security breach dominates the headlines. In an effort to combat these threats, society as a whole is putting a greater emphasis on cybersecurity awareness and training.

Universities in the U.S. are unveiling new cybersecurity programs designed to prepare students for jobs in this booming field. Startups that provide vocational courses in cybersecurity are attracting venture funding. Even the U.S. military is now training active-duty military personnel who, after they leave the service, quickly find positions in the cybersecurity industry.

Media Files:

The scrum master role explained

Mon, 20 Nov 2017 03:00:00 -0800

Watch this instructional video to understand how a scrum master can help a team learn agile development and follow a scrum process to develop new applications

Acute cybersecurity skills shortage areas

Thu, 16 Nov 2017 07:27:00 -0800

In my last blog, I reviewed some new research from ESG and the Information Systems Security Association (ISSA), revealing that 70% of cybersecurity pros say that the global cybersecurity skills shortage has impacted their organizations.  Based upon this and other similar research, I’m convinced that the cybersecurity skills shortage represents an existential risk to our data, businesses, and national security.

The data indicates that most organization don’t have enough cybersecurity staffers, don’t have some necessary cybersecurity skills, or both – a daunting situation.  ESG and ISSA also wanted to uncover areas where cybersecurity skills shortages are most acute.  The top three areas cited were as follows:

To read this article in full, please click here

Media Files:

IDG Contributor Network: The risk of okra

Tue, 07 Nov 2017 07:37:00 -0800

"IT Risk is well defined by the ISACA organization in the Risk IT Framework.  It says, “IT risk is business risk—specifically, the business risk associated with the use, ownership, operation, involvement, influence and adoption of IT within an enterprise.” This means that IT Risk is no longer relegated to some back office, but is part of how the company evaluates their place and permanence in the market.  I particularly like their line a bit further down, which states, “IT risk always exists, whether or not it is detected or recognized by an enterprise.”  This is the clarion call for risk management.  Either you understand and control your risks, or they will control your business.

To read this article in full, please click here

Media Files:

CIO Leadership Live with Bernie Gracy, Chief Digital Officer of Agero | Ep 1

Mon, 06 Nov 2017 03:00:00 -0800

In this lively hourlong discussion, Maryfran Johnson, executive director of CIO programs for CIO Events and the CIO Executive Council, talks with Bernie Gracy, Chief Digital Officer of Agero, the largest provider of roadside assistance services to car makers and insurance providers across North America. Johnson and Gracy talk about the sophisticated data analytics behind Agero’s services, the challenges he faces in digitizing the entire business and how the roles of CIOs and CDOs are changing and expanding in today’s digital business ecosystem.

IDG Contributor Network: How to sell cybersecurity to your executive team

Thu, 02 Nov 2017 08:58:00 -0700

Despite repeated major, high-profile breaches, most cybersecurity teams still struggle to get sufficient funding.

 “After this hack, cybersecurity budgets are bound to increase.”  We’ve all thought it. But, curiously, it may not always happen.

It’s a constant battle between profitable business investments and “unprofitable” security investments to protect the current bottom-line. Despite the headlines, growth-oriented executives tend to prioritize other expenses.

According to Russ Verbofsky, CIO and CISO at the New Mexico Department of Game and Fish, “You can pay me today or tomorrow. But tomorrow includes a press release describing that we weren’t proactive in protecting our data and systems.”

To read this article in full, please click here

Media Files:

CIO Leadership Live: Watch live on Thursday, Nov. 2

Sun, 29 Oct 2017 21:00:00 -0700

Join Maryfran Johnson, executive director of CIO programs for CIO Events and the CIO Executive Council, for the launch of a new video series -- CIO Leadership Live. This monthly show will feature an in-depth interview focused on leadership, innovation and business strategy. The first guest is Chief Digital Officer Bernie Gracy of Agero – the largest provider of roadside assistance services to car makers and insurance providers across North America. Watch the show live on Twitter and Facebook on Thursday, Nov. 2 at 2 p.m. eastern.

IDG Contributor Network: How information sharing in security and intelligence can benefit your organization

Wed, 25 Oct 2017 03:45:00 -0700

Throughout my career in security and intelligence, I’ve come to recognize that information sharing is, in many ways, like activities like exercise or flossing. We all know we should be doing it—regularly, properly, and with expert guidance, that is—but many of us don’t. Concerns over trust, privacy, and sometimes even value continue to limit or prevent many organizations from sharing information, yet these concerns—although legitimate—are not insurmountable.

As both an administrator and member of FPCollab, several ISACs, and various private communities, I’ve experienced firsthand that when conducted effectively, collaboratively, and securely, information sharing can be immensely beneficial. Here’s why your organization should be doing it:

To read this article in full, please click here

Media Files:

IDG Contributor Network: Measuring cyber resilience – a rising tide raises all ships

Tue, 24 Oct 2017 06:28:00 -0700

I admit it … I am one of the 143,000,000 people afflicted by the Equifax breach. For those of us who reside in the U.S., that number approaches 60% of all adults, based on recent numbers from the U.S. Census Bureau. Perhaps most unsettling is that failing to perform something as routine as a timely patch produced an event so catastrophic that it cost the CISO, CIO and CEO their jobs. Make no mistake about it, accountability for cyber resilience is in the boardroom and rests heavy on the shoulders of those in the C-suite. This is accentuated by the data from a recently completed study by ISACA and MIT which overwhelmingly confirmed that CEOs and boards are leading enterprise digital technology initiatives.

To read this article in full, please click here

Media Files: