Risk Management

Security

How to Be a Risk-Ready CISO

Today’s information security leaders are quickly maturing into strategic business thinkers, growing beyond the traditional technical purpose of initiatives like implementing the latest firewalls or malware detection tools. The days of the CISO who is exclusively a highly-qualified network engineer have come to an end. Instead, the effective modern-day CISO has that strong technology foundation, […]

01.31.2017

Business People Planning Strategy Analysis Office Concept

Security

Assumption of Breach Part III—Policy and Process

In my last blog entry, I discussed the first of three foundational elements for a security program: all of the people who interact with your organization’s systems and data. In this post we’ll tackle the next element of cyber security—policy and process. For the purposes of this post, I am going to use these two […]

01.30.2017

Security concept with businessman and hacker hands on laptop keyboard.

Security

Assumption of Breach, Part II—The People Element

In the first installment of this series I discussed the need for organizations to change their approach to cyber security to an “assumption of breach model,” or an understanding that in today’s threat landscape, it is unrealistic to thwart 100 percent of malicious attacks. That previous post also mentioned that this new approach should focus […]

01.16.2017

Security

Understanding Adversary Intent

In the spirit of the first Presidential debate, I would like discuss the topic of cybersecurity, which was one of only a few words NBC moderator Lester Holt was able to squeeze in. Even though at times the debate seemed less like a diplomatic dispute and more like a drunken quarrel between two sports fans […]

10.18.2016

Security

Aligning IT and School Administrators for Security Success in Higher Education

A decade, or even a few years ago, cyber security issues would not have been on most university and college presidents’ minds. In this new world, however, where major American political parties and government agencies are being compromised, these educational leaders must be focused on protecting their institutions from malicious actors. Like leaders of large […]

06.23.2016