Tag: ciso
-
CISO Conversations: Kevin Winter at Deloitte and Richard Marcus at AuditBoard
Tags: cisoSecurityWeek speaks with Kevin Winter, Global CISO at Deloitte, and Richard Marcus, CISO at AuditBoard. The post CISO Conversations: Kevin Winter at Deloitte and Richard Marcus at AuditBoard appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/ciso-conversations-kevin-winter-at-deloitte-and-richard-marcus-at-auditboard/
-
How to prevent AI-based data incidents
AI lowers the barriers for attackers: AI has made the days when attackers had to “hack” systems and slowly and carefully scout out the environment a thing of the past. Now they can simply ask an AI assistant for sensitive information or access data to move laterally within the environment.The biggest challenges for cybersecurity posed…
-
Think being CISO of a cybersecurity vendor is easy? Think again
Tags: access, business, ciso, compliance, control, cybersecurity, framework, infrastructure, phishing, strategy, tool, updateand that our product was securing us gave me a perspective I might never have gained elsewhere. I wasn’t just testing controls or rolling out new tools; I was immersed in a feedback loop between our product team, our security operations, and our customers.Every time we identified ways to improve the product internally, those insights…
-
How CISOs can rebuild trust after a security incident
Tags: attack, breach, business, cisco, ciso, cloud, communications, cybersecurity, data, firewall, group, incident response, jobs, linux, mobile, monitoring, risk, security-incident, service, software, strategy, vulnerabilityMaintaining sensitivity in accountability: Cisco’s Lidz emphasizes that transparency does not end at incident resolution.”Being transparent, internally in particular, by making sure stakeholders understand you and your team have learned from the incident, that there are things you would do better not just in terms of protections, but how you respond and react to incidents”…
-
New family of data-stealing malware leverages Microsoft Outlook
certutil application which handles certificates, to download files.Espionage seems to be the motive, says the report, and there are Windows and Linux versions of the malware. But fortunately the gang “exhibited poor campaign management and inconsistent evasion tactics,” it notes. Nevertheless, CISOs should be watching for signs of attack using this group’s techniques, because their…
-
CISO’s Expert Guide To CTEM And Why It Matters
Cyber threats evolve”, has your defense strategy kept up? A new free guide available here explains why Continuous Threat Exposure Management (CTEM) is the smart approach for proactive cybersecurity.This concise report makes a clear business case for why CTEM’s comprehensive approach is the best overall strategy for shoring up a business’s cyber defenses in the…
-
How to evaluate and mitigate risks to the global supply chain
Tags: access, business, ceo, ciso, communications, compliance, control, cyberattack, cybersecurity, data, framework, governance, government, intelligence, international, ISO-27001, kaspersky, microsoft, mitigation, monitoring, office, resilience, risk, risk-assessment, risk-management, russia, service, soc, software, supply-chain, technology, threat, tool, update, vulnerabilityMaintain a diversified supply chain: Organizations that source from international technology suppliers need to ensure they are not overly reliant on a single vendor, single region or even a single technology. Maintaining a diversified supply chain can mitigate costly disruptions from a cyberattack or vulnerability involving a key supplier, or from disruptions tied to regulatory…
-
How CISOs can balance security and business agility in the cloud
In this Help Net Security interview, Natalia Belaya, CISO at Cloudera, discusses common misconceptions about cloud security, the balance between protection and business … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/02/17/natalia-belaya-cloudera-enterprise-cloud-security/
-
CISOs struggling to balance security, business objectives
Only 14% of security leaders can ‘effectively secure organisational data assets while also enabling the use of data to achieve business objectives’, according to Gartner First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366619373/Gartner-CISOs-struggling-to-balance-security-business-objectives
-
CISO success story: How LA County trains (and retrains) workers to fight phishing
Tags: ai, awareness, breach, business, chatgpt, cio, ciso, cloud, compliance, computing, control, corporate, cybersecurity, data, dos, election, email, endpoint, government, hacker, healthcare, incident response, jobs, law, lessons-learned, malicious, marketplace, network, phishing, privacy, regulation, risk, risk-management, service, software, strategy, supply-chain, tactics, technology, threat, tool, training, vulnerability(The following interview has been edited for clarity and length.)At first glance, LA County’s reporting structure who reports to whom seems, well, fairly complex.We have a federated model: I report to the county CIO. Each department acts as an independent business and has its own department CIO and information security officer. Their job is to…
-
KI, Quantencomputing & neue Gesetze – Die 5 wichtigsten CISO-Trends 2025
First seen on security-insider.de Jump to article: www.security-insider.de/-trends-fuer-cisos-2025-ki-quantencomputing-a-08dc3df53f2eb82690aae1b15a5ea2f1/
-
What is anomaly detection? Behavior-based analysis for cyber threats
a priori the bad thing that you’re looking for,” Bruce Potter, CEO and founder of Turngate, tells CSO. “It’ll just show up because it doesn’t look like anything else or doesn’t look like it’s supposed to. People have been tilting at that windmill for a long time, since the 1980s, trying to figure out what…
-
Die besten IAM-Tools
Tags: access, ai, api, authentication, automation, business, ciso, cloud, compliance, endpoint, gartner, governance, iam, identity, infrastructure, login, mfa, microsoft, okta, password, risk, saas, service, tool, windows, zero-trustIdentity & Access Management ist für sicherheitsbewusste Unternehmen im Zero-Trust-Zeitalter Pflicht. Das sind die besten IAM-Anbieter und -Tools.Identität wird zum neuen Perimeter: Unternehmen verlassen sich immer seltener auf die traditionelle Perimeter-Verteidigung und forcieren den Umstieg auf Zero-Trust-Umgebungen. Sicherer Zugriff und Identity Management bilden die Grundlage jeder Cybersicherheitsstrategie. Gleichzeitig sorgt die Art und Weise, wie sich…
-
CISOs lavieren zwischen Datenschutz und Business-Support
Gar nicht so einfach, die richtige Balance zwischen Datenschutz und Business-Support zu finden.Die wenigsten Führungskräfte im Bereich Security & Risk Management (SRM) schaffen eine ausgewogene Balance zwischen Datenschutz und Business-Unterstützung. Das hat eine Umfrage von Gartner ergeben. Demzufolge priorisieren 35 Prozent der Befragten den Schutz von Datenbeständen, während gut jeder fünfte (21 Prozent) seinen Fokus…
-
How to Steer AI Adoption: A CISO Guide
CISOs are finding themselves more involved in AI teams, often leading the cross-functional effort and AI strategy. But there aren’t many resources to guide them on what their role should look like or what they should bring to these meetings. We’ve pulled together a framework for security leaders to help push AI teams and committees…
-
CISOs Brace for LLM-Powered Attacks: Key Strategies to Stay Ahead
For chief information security officers (CISOs), understanding and mitigating the security risks associated with LLMs is paramount. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/02/cisos-brace-for-llm-powered-attacks-key-strategies-to-stay-ahead/
-
Jeder fünfte CISO vertuscht Compliance-Probleme
Compliance-Verfehlungen unter den Teppich zu kehren, sollte sich für CISOs falsch anfühlen.CISOs befinden sich zunehmend in der Zwickmühle, wenn es darum geht, eine gesunde Balance zwischen Loyalität zu ihrer Organisation und ihren rechtlichen Verantwortlichkeiten zu finden. Zumindest legt das eine aktuelle Studie des Sicherheitsanbieter Splunk nahe, in deren Rahmen 600 CISOs weltweit befragt wurden. Demnach:geben…
-
Enhancements for BloodHound v7.0 Provide Fresh User Experience and Attack Path Risk Optimizations
Tags: access, attack, ciso, computer, control, cybersecurity, data, group, identity, incident response, metric, radius, risk, risk-assessment, threat, tool, update, vulnerability, vulnerability-managementGeneral Availability of Improved Analysis Algorithm and Security Posture Management Improvements The BloodHound team previewed several concepts in the last couple of releases that made it easier for customers to visualize attack paths and show improvements in identity risk reduction over time. This week’s release of BloodHound v7.0 includes significant enhancements focused on improving user experience…
-
Time to reimagine the CISO’s role as OT security takes center stage
Tags: cisoFirst seen on scworld.com Jump to article: www.scworld.com/perspective/time-to-reimagine-the-cisos-role-as-ot-security-takes-center-stage
-
The Current State of the CISO with Nick Kakolowski
Tags: cisoNick Kakolowski, senior research director for IANS, dives into a survey done in conjunction with Artico Search on the current state of the CISO. At its core, the study highlights how CISOs are facing an unprecedented expansion of responsibilities, with some thriving under the added scope and others struggling with burnout. Kakolowski explains that CISOs..…
-
CSO Award and Hall of Fame Nominations Open Now
Industry-Wide Recognition Winning a CSO Award affirms your organization’s commitment to excellence in cybersecurity and highlights your team’s success in tackling today’s biggest security challenges.Elite Networking The CSO Conference brings together top security leaders, industry experts, and academics worldwide. By attending, you’ll engage with peers, exchange ideas, and gain firsthand knowledge of emerging trends and…
-
Arvest Bank CISO on building a strong cybersecurity culture in banking
In this Help Net Security interview, Mike Calvi, CISO at Arvest Bank, discusses building a strong cybersecurity culture within the banking sector. He explains how leadership, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/02/11/mike-calvi-arvest-bank-banking-cybersecurity/
-
The Critical Role of CISOs in Managing IAM Including Non-Human Identities
NHIs outnumber human users in enterprises, yet many IAM strategies ignore them. Learn why CISOs must own NHI governance to prevent security breaches. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/02/the-critical-role-of-cisos-in-managing-iam-including-non-human-identities/
-
Datenleck durch GenAI-Nutzung
Tags: ai, chatgpt, ciso, compliance, data-breach, gartner, LLM, risk, strategy, tool, training, vulnerabilityViele Mitarbeiter teilen sensible Unternehmensdaten, wenn sie generative KI-Apps anwenden.Laut einem aktuellen Bericht über Gen-AI-Datenlecks von Harmonic enthielten 8,5 Prozent der Mitarbeiteranfragen an beliebte LLMs sensible Daten, was zu Sicherheits-, Compliance-, Datenschutz- und rechtlichen Bedenken führte.Der Security-Spezialist hat im vierten Quartal 2024 Zehntausende von Eingabeaufforderungen an ChatGPT, Copilot, Gemini, Claude und Perplexity analysiert. Dabei stellte…
-
Qualys führt Partner-Allianz für Managed Risk Operation Center (mROC) ein
mROC, powered by Qualys Enterprise TruRisk™ Management, beschleunigt die Umsatzmöglichkeiten für Partner, indem es CISOs hilft, Cyberrisiken als Geschäftsrisiken darzustellen First seen on infopoint-security.de Jump to article: www.infopoint-security.de/qualys-fuehrt-partner-allianz-fuer-managed-risk-operation-center-mroc-ein/a39728/
-
Qualys startet Partner-Allianz für Managed Risk Operation Center (mROC)
mROC, powered by Qualys Enterprise TruRisk™ Management, beschleunigt die Umsatzmöglichkeiten für Partner, indem es CISOs hilft, Cyberrisiken als Geschäftsrisiken darzustellen First seen on infopoint-security.de Jump to article: www.infopoint-security.de/qualys-fuehrt-partner-allianz-fuer-managed-risk-operation-center-mroc-ein/a39728/
-
CISOs: Stop trying to do the lawyer’s job
Tags: breach, business, ciso, compliance, cybersecurity, data, email, finance, group, guide, incident response, international, jobs, law, privacy, RedTeam, risk, risk-management, security-incident, service, skills, strategy, technology, training, updateThere’s a joke that’s been floating around boardrooms for years: “What’s the difference between lawyers and engineers? Lawyers don’t think they’re engineers.”This light-hearted jab highlights a fundamental difference between the two professions. Engineers, and by extension CISOs, focus on building and fixing things, learning a wide array of skills, sometimes sticking their hands into technologies…
-
Why 24/7 Security Monitoring Matters for Your Company
Gary Perkins, CISO at CISO Global Cyber threats don’t take evenings or weekends off, and neither should your security team. Companies need peace of mind knowing that dedicated professionals are continuously monitoring their infrastructure and data, ensuring both proactive prevention and rapid response to potential incidents. The Role of Expert Analysts in Securing Your Company……