Tag: ciso
-
Unmanaged Devices: The Overlooked Threat CISOs Must Confront
No matter the strategy, companies must approach securing unmanaged devices with sensitivity and respect for employee privacy. First seen on darkreading.com Jump to article: www.darkreading.com/remote-workforce/unmanaged-devices-overlooked-threat-cisos-must-confront
-
How to create an effective incident response plan
Tags: access, advisory, attack, backup, breach, business, ceo, ciso, communications, corporate, cyber, cybersecurity, email, endpoint, exploit, finance, governance, guide, incident, incident response, insurance, law, lessons-learned, malicious, monitoring, network, office, phone, ransomware, risk, security-incident, service, strategy, supply-chain, technology, threat, updateEstablish a comprehensive post-incident communications strategy: Another key element that can make or break an incident response strategy is communications. Without clear communications among the major stakeholders of the business, a company might experience much longer downtimes or the loss of vital processes for extended periods.”How are you going to go about communicating? With whom?…
-
CIO des Jahres 2025 Wettbewerb startet
Siegerinnen und Sieger des vergangenen Jahres jubeln über ihre CIO des Jahres Awards. Machen Sie mit und bewerben Sie sich dann stehen Sie vielleicht im Oktober 2025 auf der großen Gala-Bühne und dürfen sich über die renommierteste IT-Auszeichnung Deutschlands freuen. cio.de / Tobias TschepeEs ist wieder so weit: Der renommierteste IT-Award Deutschlands ist startklar. Bis…
-
The CISO’s dilemma of protecting the enterprise while driving innovation
CISOs are constantly navigating the challenge of protecting their organizations while ensuring business agility and innovation. For example, as companies move workloads to the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/02/25/ciso-protecting-enterprise-driving-innovation/
-
Strategic? Functional? Tactical? Which type of CISO are you?
Tags: breach, business, ceo, cisco, ciso, cloud, compliance, cybersecurity, finance, governance, group, guide, healthcare, infrastructure, jobs, risk, service, skills, startup, strategy, technology, trainingTransformational, as in program-builders or turnaround agents.Operational, often early-career CISOs who are closer to the technology and work at small-to-midsize companies where they still perform some technical duties.Compliance, that is, risk experts typically found in highly regulated industries.Steady-state CISOs, who, in opposition to the transformational type, keep everything on an even keel.Customer-facing CISOs, usually found…
-
How CISOs can sharpen their board pitch for IAM buy-in
Tags: access, automation, breach, business, ciso, cloud, compliance, control, cybersecurity, data, finance, guide, iam, identity, metric, risk, security-incident, strategy, supply-chainthe top focus area going into 2025. However, communicating IAM’s value to the board remains a challenge”, it isn’t enough for these security leaders to craft effective IAM strategies”, they must also secure their board’s support.CISOs know that executive buy-in is critical for obtaining the necessary funding and setting the right tone from the top. The…
-
What is SIEM? Improving security posture through event log data
Tags: access, ai, api, automation, ciso, cloud, compliance, data, defense, detection, edr, endpoint, firewall, fortinet, gartner, google, guide, ibm, infrastructure, intelligence, kubernetes, LLM, microsoft, mitigation, mobile, monitoring, network, openai, regulation, risk, router, security-incident, service, siem, soar, soc, software, threat, toolAt its core, a SIEM is designed to parse and analyze various log files, including firewalls, servers, routers and so forth. This means that SIEMs can become the central “nerve center” of a security operations center, driving other monitoring functions to resolve the various daily alerts.Added to this data are various threat intelligence feeds that…
-
Katie Arrington Returns to Pentagon as DoD CISO
New Pentagon CISO Appointed as Pentagon Budget Cuts Loom. The White House appointed a Trump ally and former Department of Defense cybersecurity official as DOD CISO, an unexpected return to the Pentagon for an official previously removed under a cloud of security concerns. Arrington returns to the Pentagon just as it faces budget cuts. First…
-
Trump’s DoD CISO pick previously faced security clearance suspension
Tags: cisoHey, at least Katie Arrington brings a solid resume First seen on theregister.com Jump to article: www.theregister.com/2025/02/19/trumps_pentagon_ciso_pick_was/
-
Energy CISO: Agencies can’t implement zero trust alone
Federal IT and cybersecurity officials said companies who sell zero trust technologies to the government must do more to make them interoperable. First seen on cyberscoop.com Jump to article: cyberscoop.com/zero-trust-federal-government-vendors-interoperable/
-
CISO success story: Predicting cyber risk (accurately) is easier with this guy’s formula
This article was written by Danny Bradbury and originally appeared in Focal Point magazine. First seen on csoonline.com Jump to article: www.csoonline.com/article/3828287/ciso-success-story-predicting-cyber-risk-accurately-is-easier-with-this-guys-formula.html
-
From Defense to Offense: Inside-Out Data Security Strategies for CISOs in 2025
Challenging the status quo and advocates for “inside-out” security, placing data at the heart of the strategy from the very beginning, rather than securing it last. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/02/from-defense-to-offense-inside-out-data-security-strategies-for-cisos-in-2025/
-
CISO Conversations: Kevin Winter at Deloitte and Richard Marcus at AuditBoard
Tags: cisoSecurityWeek speaks with Kevin Winter, Global CISO at Deloitte, and Richard Marcus, CISO at AuditBoard. The post CISO Conversations: Kevin Winter at Deloitte and Richard Marcus at AuditBoard appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/ciso-conversations-kevin-winter-at-deloitte-and-richard-marcus-at-auditboard/
-
How to prevent AI-based data incidents
AI lowers the barriers for attackers: AI has made the days when attackers had to “hack” systems and slowly and carefully scout out the environment a thing of the past. Now they can simply ask an AI assistant for sensitive information or access data to move laterally within the environment.The biggest challenges for cybersecurity posed…
-
Think being CISO of a cybersecurity vendor is easy? Think again
Tags: access, business, ciso, compliance, control, cybersecurity, framework, infrastructure, phishing, strategy, tool, updateand that our product was securing us gave me a perspective I might never have gained elsewhere. I wasn’t just testing controls or rolling out new tools; I was immersed in a feedback loop between our product team, our security operations, and our customers.Every time we identified ways to improve the product internally, those insights…
-
How CISOs can rebuild trust after a security incident
Tags: attack, breach, business, cisco, ciso, cloud, communications, cybersecurity, data, firewall, group, incident response, jobs, linux, mobile, monitoring, risk, security-incident, service, software, strategy, vulnerabilityMaintaining sensitivity in accountability: Cisco’s Lidz emphasizes that transparency does not end at incident resolution.”Being transparent, internally in particular, by making sure stakeholders understand you and your team have learned from the incident, that there are things you would do better not just in terms of protections, but how you respond and react to incidents”…
-
New family of data-stealing malware leverages Microsoft Outlook
certutil application which handles certificates, to download files.Espionage seems to be the motive, says the report, and there are Windows and Linux versions of the malware. But fortunately the gang “exhibited poor campaign management and inconsistent evasion tactics,” it notes. Nevertheless, CISOs should be watching for signs of attack using this group’s techniques, because their…
-
CISO’s Expert Guide To CTEM And Why It Matters
Cyber threats evolve”, has your defense strategy kept up? A new free guide available here explains why Continuous Threat Exposure Management (CTEM) is the smart approach for proactive cybersecurity.This concise report makes a clear business case for why CTEM’s comprehensive approach is the best overall strategy for shoring up a business’s cyber defenses in the…
-
How to evaluate and mitigate risks to the global supply chain
Tags: access, business, ceo, ciso, communications, compliance, control, cyberattack, cybersecurity, data, framework, governance, government, intelligence, international, ISO-27001, kaspersky, microsoft, mitigation, monitoring, office, resilience, risk, risk-assessment, risk-management, russia, service, soc, software, supply-chain, technology, threat, tool, update, vulnerabilityMaintain a diversified supply chain: Organizations that source from international technology suppliers need to ensure they are not overly reliant on a single vendor, single region or even a single technology. Maintaining a diversified supply chain can mitigate costly disruptions from a cyberattack or vulnerability involving a key supplier, or from disruptions tied to regulatory…
-
How CISOs can balance security and business agility in the cloud
In this Help Net Security interview, Natalia Belaya, CISO at Cloudera, discusses common misconceptions about cloud security, the balance between protection and business … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/02/17/natalia-belaya-cloudera-enterprise-cloud-security/
-
CISOs struggling to balance security, business objectives
Only 14% of security leaders can ‘effectively secure organisational data assets while also enabling the use of data to achieve business objectives’, according to Gartner First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366619373/Gartner-CISOs-struggling-to-balance-security-business-objectives
-
CISO success story: How LA County trains (and retrains) workers to fight phishing
Tags: ai, awareness, breach, business, chatgpt, cio, ciso, cloud, compliance, computing, control, corporate, cybersecurity, data, dos, election, email, endpoint, government, hacker, healthcare, incident response, jobs, law, lessons-learned, malicious, marketplace, network, phishing, privacy, regulation, risk, risk-management, service, software, strategy, supply-chain, tactics, technology, threat, tool, training, vulnerability(The following interview has been edited for clarity and length.)At first glance, LA County’s reporting structure who reports to whom seems, well, fairly complex.We have a federated model: I report to the county CIO. Each department acts as an independent business and has its own department CIO and information security officer. Their job is to…
-
KI, Quantencomputing & neue Gesetze – Die 5 wichtigsten CISO-Trends 2025
First seen on security-insider.de Jump to article: www.security-insider.de/-trends-fuer-cisos-2025-ki-quantencomputing-a-08dc3df53f2eb82690aae1b15a5ea2f1/
-
What is anomaly detection? Behavior-based analysis for cyber threats
a priori the bad thing that you’re looking for,” Bruce Potter, CEO and founder of Turngate, tells CSO. “It’ll just show up because it doesn’t look like anything else or doesn’t look like it’s supposed to. People have been tilting at that windmill for a long time, since the 1980s, trying to figure out what…
-
Die besten IAM-Tools
Tags: access, ai, api, authentication, automation, business, ciso, cloud, compliance, endpoint, gartner, governance, iam, identity, infrastructure, login, mfa, microsoft, okta, password, risk, saas, service, tool, windows, zero-trustIdentity & Access Management ist für sicherheitsbewusste Unternehmen im Zero-Trust-Zeitalter Pflicht. Das sind die besten IAM-Anbieter und -Tools.Identität wird zum neuen Perimeter: Unternehmen verlassen sich immer seltener auf die traditionelle Perimeter-Verteidigung und forcieren den Umstieg auf Zero-Trust-Umgebungen. Sicherer Zugriff und Identity Management bilden die Grundlage jeder Cybersicherheitsstrategie. Gleichzeitig sorgt die Art und Weise, wie sich…
-
CISOs lavieren zwischen Datenschutz und Business-Support
Gar nicht so einfach, die richtige Balance zwischen Datenschutz und Business-Support zu finden.Die wenigsten Führungskräfte im Bereich Security & Risk Management (SRM) schaffen eine ausgewogene Balance zwischen Datenschutz und Business-Unterstützung. Das hat eine Umfrage von Gartner ergeben. Demzufolge priorisieren 35 Prozent der Befragten den Schutz von Datenbeständen, während gut jeder fünfte (21 Prozent) seinen Fokus…
-
How to Steer AI Adoption: A CISO Guide
CISOs are finding themselves more involved in AI teams, often leading the cross-functional effort and AI strategy. But there aren’t many resources to guide them on what their role should look like or what they should bring to these meetings. We’ve pulled together a framework for security leaders to help push AI teams and committees…
-
CISOs Brace for LLM-Powered Attacks: Key Strategies to Stay Ahead
For chief information security officers (CISOs), understanding and mitigating the security risks associated with LLMs is paramount. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/02/cisos-brace-for-llm-powered-attacks-key-strategies-to-stay-ahead/
-
Jeder fünfte CISO vertuscht Compliance-Probleme
Compliance-Verfehlungen unter den Teppich zu kehren, sollte sich für CISOs falsch anfühlen.CISOs befinden sich zunehmend in der Zwickmühle, wenn es darum geht, eine gesunde Balance zwischen Loyalität zu ihrer Organisation und ihren rechtlichen Verantwortlichkeiten zu finden. Zumindest legt das eine aktuelle Studie des Sicherheitsanbieter Splunk nahe, in deren Rahmen 600 CISOs weltweit befragt wurden. Demnach:geben…