Blog, CISO and Risk - Cyber Security Informer

Why Predator is the ultimate CISO movie

Javvad Malik

OCTOBER 29, 2020

The movie starts on the outskirts of a jungle and the CISO (Arnie) with his team land in their helicopters. This is a perfect metaphor for how a CISO operates in day to day situations. This is a reminder to all security pros that they need to continually keep their skills up to date or risk becoming a dinosaur. Well read on.

CISO

CISO InfoSec Banking Ransomware

5 Tips to be an awesome CISO

Javvad Malik

NOVEMBER 22, 2021

I’m not a CISO, I never have been and hope I never will be. It seems like a lot of hard work and stress, and if you’re the CISO at a company when you suffer a breach it’s difficult to blame the intern without a mob of security professionals criticising you. Risk Appetite. Make everything about risk appetite.

CISO

CISO Risk Firewall Cybersecurity

GUEST ESSAY: Could CISOs be on the verge of disproving the ‘security-as-a-cost-center’ fallacy?

The Last Watchdog

MARCH 13, 2023

So how will this affect chief information security officers (CISOs) and security programs? Given the perennial skills and staffing shortage in security, it’s unlikely that CISOs will be asked to make deep budget or staffing cuts, yet they may not come out of this period unscathed. Related: Attack surface management takes center stage.

CISO

CISO Insurance Cybersecurity Risk

GUEST ESSAY: 5 tips for ‘de-risking’ work scenarios that require accessing personal data

The Last Watchdog

JANUARY 10, 2022

It’s possible to de-risk work scenarios involving personal data by carrying out a classic risk assessment of an organization’s internal and external infrastructure. This de-risks personal data that does not fit in a separate security contour. Related: The dangers of normalizing encryption for government use. Encryption.

Risk

Risk Encryption Data privacy CISO

Navigating PAM Implementation Risks: A Comprehensive Guide for CISOs

Heimadal Security

SEPTEMBER 11, 2023

Chief Information Security Officers (CISOs) bear the responsibility of safeguarding their organizations against an ever-evolving array of cyber threats. However, implementing PAM solutions involves navigating multifaceted risks and intricacies that demand the unwavering attention of these senior security executives.

CISO

CISO Risk Cyber threats Information Security

Developing a Risk Management Approach to Cybersecurity

Security Boulevard

MARCH 30, 2021

By now most CISOs understand that focusing your cybersecurity program on regulatory compliance is no longer sufficient. The post Developing a Risk Management Approach to Cybersecurity appeared first on Hyperproof. The post Developing a Risk Management Approach to Cybersecurity appeared first on Security Boulevard.

Risk

Risk Cybersecurity CISO Government

Nine Top of Mind Issues for CISOs Going Into 2023

Cisco Security

JANUARY 10, 2023

As the majority of the global Covid fog finally started lifting in 2022, other events – and their associated risks – started to fill the headspace of C-level execs the world over. In my role, I regularly engage with CISOs in all kinds of sectors, representatives at industry bodies, and experts at analyst houses.

CISO

CISO Insurance Cyber Insurance Phishing

Cybersecurity Insights with Contrast CISO David Lindner | 10/28

Security Boulevard

OCTOBER 28, 2022

CVSS score does not directly relate to the risk to your organization. Please for everyone’s sake, including your developers, produce a better algorithm for managing risk in your organization. See my first insight from this week, find a better algorithm that fits your organization that mirrors your risk profile and tolerance.". .

CISO

CISO Cybersecurity Risk

GUEST ESSAY: Why the arrests of cyber criminals in 2021 will incentize attackers in 2022

The Last Watchdog

DECEMBER 16, 2021

After all, a malicious actor only needs a few minutes of time with a privileged account to take over the entire directory, and there are volumes of exploitable identity risks at every organization. The ascendency of CISOs. In 2022 we expect to see organizations increasingly moving identity management systems into the CISO organization.

CISO

CISO Ransomware Risk Authentication

My Top 5 Blogs of the Year

Javvad Malik

NOVEMBER 27, 2020

I saw Cygenta posted their top 5 blogs of the year on Twitter and thought that it was a wonderful idea to rip off / borrow / be inspired by. So, I proudly present, my top 5 read blogs during the course of 2020. From my blog that is. 5: Writing better risk statements Do you struggle to articulate security risks?

InfoSec

InfoSec CISO Risk

Is fighting cybercrime a losing battle for today’s CISO?

CyberSecurity Insiders

JANUARY 12, 2022

In this blog, we’ll look at the root causes of concern for today's CISO and share some practical strategies to deter cybercriminals. The CISO role can be an unenviable one. Is the cyber deck stacked against today's CISO? If you own the risks, who owns the elimination? ' is usually swift.

CISO

CISO Cybercrime Risk Healthcare

GUEST ESSAY: Why CISOs absolutely must take authentication secrets much more seriously

The Last Watchdog

MARCH 1, 2023

The linked white paper explains the three stages of this process: •Assessing secrets leakage risks •Establishing modern secrets management workflows •Creating a roadmap to improvement in fragile area This model emphasizes that secrets management is more than just how an organization stores and shares secrets.

Authentication

Authentication CISO Passwords Software

GUEST ESSAY: In pursuit of smarter cybersecurity — to overcome complex risks and grow revenue

The Last Watchdog

JANUARY 8, 2023

Smarter security to me broadly refers to relentlessly focusing on fundamentals while maturing the program, making sure your risk posture aligns with your business strategy. When it comes down to it, C-level goals and CISO initiatives are not all that misaligned. This leads to revenue gains and positive customer outcomes.

Risk

Risk Cybersecurity Technology CISO

New Office of the CISO Paper: Organizing Security for Digital Transformation

Anton on Security

SEPTEMBER 13, 2024

Ideally, we think this conversation should start with defining security goals framed in business outcomes like capabilities, velocity, quality, cost, and risk.”

Digital transformation

Digital transformation CISO Technology Cybersecurity

Valentine’s Day for CISOs: How to Woo Your CEO

Security Boulevard

FEBRUARY 14, 2022

CISO is a high-stakes position, and possibly the most important business relationship/direct report a CEO can have. At Axio, our platform enables companies to perform cyber risk quantification (CRQ), which analyzes the unique risks to.

CISO

CISO Cyber Risk Risk Cyber Attacks

Seven Ways DSPM Helps CISOs Buy Down Cyber Risk

Security Boulevard

APRIL 23, 2024

Have you heard someone indicate they buy down risk? In today’s digital economy, cyber risk is a top concern of everyone from the Board and CEO to the CFO and ultimately the CISO. The post Seven Ways DSPM Helps CISOs Buy Down Cyber Risk appeared first on Security Boulevard.

Cyber Risk

Cyber Risk CISO Risk Data breaches

GUEST ESSAY: The case for network defenders to focus on leading — not lagging — indicators

The Last Watchdog

JANUARY 17, 2022

Minimum adherence to security requirements policy, based on an application’s inherent risk profile, can lead to reduction in risk vulnerabilities. Accountability for software security often falls under the Chief Information Security Officer (CISO). Like other major changes, it’s important to set realistic expectations.

CISO

CISO Software B2B Marketing

How CISOs Can Impact Security for All

Cisco Security

APRIL 26, 2021

Insights from our new Advisory CISO, Helen Patton. If there’s anyone who’s been put through their paces in the security industry, it’s Helen Patton , our new Advisory Chief Information Security Officer (CISO). Helen has come to Cisco from The Ohio State University, where she served as CISO for approximately eight years.

CISO

CISO Education Technology Media

GUEST ESSAY: 5 steps all SMBs should take to minimize IAM exposures in the current enviroment

The Last Watchdog

FEBRUARY 14, 2022

Which topics should CEOs, CIOs and CISOs have on their radar when it comes to Identity and Access Management ( IAM ) and cyber security risks in 2022? recurring re-confirmations of initially assigned rights and roles in all connected systems by the employees’ manager – to reduce the risk of abuse and accidents.

CISO

CISO Social Engineering Authentication Risk

What is the CISO Experience in a Red Team Exercise?

NetSpi Executives

JANUARY 16, 2024

You’re about to have your first Red Team experience, or maybe your first one in the CISO seat of your organization. Besides the debrief meeting and handing you deliverables, what’s next for a CISO after a Red Team exercise? The post What is the CISO Experience in a Red Team Exercise? What Happens After a Red Team Exercise?

CISO

CISO Penetration Testing Social Engineering Engineering

Hello, I am CISO Helen. Nice To Meet You :-)

Duo's Security Blog

FEBRUARY 23, 2021

Hello, I am Helen Patton, and I am the newest Advisory CISO at Duo. While I was a CISO at Ohio State we partnered with Duo to implement MFA across our organization. Talk to a Higher Education CISO (note to security product engineers – if you ever want a testbed for your ideas, partner with a university). We don’t care.

CISO

CISO Education Banking Retail

News alert: Qualys unveils ‘Enterprise TruRisk Platform’ to help businesses eliminate cyber risks

The Last Watchdog

NOVEMBER 20, 2023

The Qualys Enterprise TruRisk Platform centers around helping customers holistically measure, effectively communicate, and proactively eliminate cyber risk, with a hyper focus on the impact of cyber risk on business risk.

Cyber Risk

Cyber Risk Risk CISO Insurance

What’s It Like for a New CISO?

Lenny Zeltser

FEBRUARY 13, 2020

As of this writing, I’ve spent six months in the role of Chief Information Security Officer (CISO) at Axonius , a rapidly growing technology company. I’ve shared some of my lessons learned with a group of CISOs at a recent Bessemer Venture Partners event (that’s the photo at the top of this post).

CISO

CISO Information Security Architecture Technology

Navigating the Supply Chain Security Maze with SBOMs

Appknox

OCTOBER 18, 2023

Dive into Appknox's SBOM blog guide. Essential for CISOs & CTOs to elevate supply chain security with unmatched transparency & proactive risk mitigation.

CISO

CISO Risk Software

GUEST ESSAY: Essential cyber hygiene practices all charities must embrace to protect their donors

The Last Watchdog

MARCH 4, 2024

Assess risks. Creating a solid cybersecurity foundation begins with understanding the organization’s risks. A recent study found only 27% of charities undertook risk assessments in 2023 and only 11% said they reviewed risks posed by suppliers. Keep software updated.

Social Engineering

Social Engineering Risk Cybersecurity Authentication

Okta’s Breach Highlights Risk of Putting Crown Jewels in the Cloud

Security Boulevard

MARCH 24, 2022

Identity credentials and source code are critical assets that can create major risks for your organization when exposed by breaches of third-party cloud service companies that provide identity management and software composition analysis. Know the risks of pushing your crown jewels into other services running in the cloud.

Risk

Risk Software Engineering Passwords

Cyber Risk Quantification: Three Key Use Cases

Security Boulevard

NOVEMBER 1, 2022

CISOs continue to face an uphill battle, and one of their biggest headaches is where to focus cyber investments. The post Cyber Risk Quantification: Three Key Use Cases appeared first on Axio. The post Cyber Risk Quantification: Three Key Use Cases appeared first on Axio.

Cyber Risk

Cyber Risk Risk Cyber Insurance Insurance

No Deep AI Security Secrets In This Post!

Anton on Security

MAY 24, 2023

talk to us :-) These are the episodes: EP52 Securing AI with DeepMind CISO EP68 How We Attack AI? What portion of AI-related “badness” (harm, risk, etc) fits within the cybersecurity domain? BTW, if you have anything fun to say about LLM security (easy!) and you actually know what you are talking about (hard!),

Artificial Intelligence

Artificial Intelligence CISO Risk Marketing

LinkedIn Adds Verified Emails, Profile Creation Dates

Krebs on Security

NOVEMBER 4, 2022

LinkedIn also said it is adding a warning to some LinkedIn messages that include high-risk content, or that try to entice the user into taking the conversation to another platform (like WeChat). “These warnings will also give you the choice to report the content without letting the sender know.” A follow-up story on Oct.

Scams

Scams Artificial Intelligence Cryptocurrency Accountability

Third-Party Security Risk: How to Protect and Respond

Duo's Security Blog

JUNE 15, 2023

Third party security risk is an issue that frequently comes up in my discussions with clients. Meanwhile, Prevalent noted that companies are currently big on exposure but small on preparation, with a staggering 45% still relying on manual spreadsheets to assess third party risk. Control the risk. How simple is the solution?

Risk

Risk Authentication Phishing Insurance

GUEST ESSAY: The role advanced ‘VM’ is ideally suited to play in combating modern cyber attacks

The Last Watchdog

APRIL 3, 2023

Related: Taking a risk-assessment approach to VM Unlike a typical cyber attack that exploits a software vulnerability, recent cyber attacks exploit other security risks, such as misconfigurations, security deviations, and posture anomalies. But VM vendors tend to focus more on software vulnerabilities and leave out everything else.

Cyber Attacks

Cyber Attacks Risk Software Technology

How to Relieve Vendor Risk Assessment Headaches (With a Vendor Risk Management Solution)

Security Boulevard

JUNE 7, 2021

The post How to Relieve Vendor Risk Assessment Headaches (With a Vendor Risk Management Solution) appeared first on Hyperproof. The post How to Relieve Vendor Risk Assessment Headaches (With a Vendor Risk Management Solution) appeared first on Security Boulevard. SaaS vendors, cloud infrastructure, Read More.

Risk

Risk CISO Government Cybersecurity

People Skills Outweigh Technical Prowess in the Best Security Leaders

SecureWorld News

OCTOBER 5, 2023

Michael Gregg, the CISO for the State of North Dakota, speaks across the country, including keynoting at SecureWorld Detroit on Sep. A recent blog by Frank Domizio titled " The CISO Role: Beyond Technology " explores exactly what I am talking about. That's a soft skill that even the most adept CISOs are still trying to master.

CISO

CISO Risk Government Cybersecurity

Time is Not on Your Side: Why Every CISO needs a Cyber Risk Quantification Strategy before It’s Too Late

Security Boulevard

SEPTEMBER 23, 2021

Cyber Risk Quantification needs to be the strategy driving your cybersecurity roadmap and priorities starting now. Read article > The post Time is Not on Your Side: Why Every CISO needs a Cyber Risk Quantification Strategy before It’s Too Late appeared first on Axio.

Cyber Risk

Cyber Risk CISO Risk Ransomware

What is Third-Party Risk?

Security Boulevard

APRIL 5, 2021

As if managing your own risk profile isn’t challenging enough today, your organization must concern itself with how. The post What is Third-Party Risk? The post What is Third-Party Risk? appeared first on Hyperproof. appeared first on Security Boulevard.

Risk

Risk CISO Government Cybersecurity

ConnectWise Quietly Patches Flaw That Helps Phishers

Krebs on Security

DECEMBER 1, 2022

29, roughly the same time Pyle published a blog post about his findings , ConnectWise issued an advisory warning users to be on guard against a new round email phishing attempts that mimic legitimate email alerts the company sends when it detects unusual activity on a customer account. ET: Included statement from ConnectWise CISO.

Phishing

Phishing Architecture Passwords Accountability

Moving From ‘the log dustbin’ to Effective Security Operations

Security Boulevard

MAY 25, 2022

Guest Blog Post by Bryan Littlefair, CEO Cambridge Cyber Advisers former Global CISO of Vodafone. The post Moving From ‘the log dustbin’ to Effective Security Operations appeared first on Gurucul. The post Moving From ‘the log dustbin’ to Effective Security Operations appeared first on Security Boulevard.

CISO

CISO Risk Government

Unmasking the Cracks of Today’s Cyber Defence

Jane Frankland

OCTOBER 31, 2023

Instead, they’ve become complacent in their defence practices and may be exposing themselves to increased risks without even realising it. Having surveyed over 500 CISOs and ITDMs responsible for cybersecurity on the challenges faced with SOCs, their insights are not to be missed.

CISO

CISO Threat Detection Cyber threats Cybercrime

Many Businesses Have GRC Software, Yet Most Still Struggle to Manage IT Risks Consistently

Security Boulevard

MARCH 1, 2021

Even if you haven’t used any Governance, Risk and Compliance (GRC) software yourself, you’re likely familiar with this. The post Many Businesses Have GRC Software, Yet Most Still Struggle to Manage IT Risks Consistently appeared first on Hyperproof.

Software

Software Risk Government CISO

Shifting from Business Continuity to Continuous Business in Cyber

Jane Frankland

OCTOBER 25, 2024

As ITDMs, CISOs and cyber risk owners this is our dream scenario, and he got me thinking. It’s a subtle shift in focus, and requires a fundamental change in how we, as ITDMs, CISOs and cyber risk owners view and action resilience—not as a one-time project, but as an ongoing programme that provides strategic advantage.

Cyber Risk

Cyber Risk CISO Cyber threats Risk

New Office of the CISO Paper: Organizing Security for Digital Transformation

Security Boulevard

SEPTEMBER 13, 2024

Ideally, we think this conversation should start with defining security goals framed in business outcomes like capabilities, velocity, quality, cost, and risk.” The post New Office of the CISO Paper: Organizing Security for Digital Transformation appeared first on Security Boulevard.

Digital transformation

Digital transformation CISO Technology Cybersecurity

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

The Last Watchdog

APRIL 13, 2022

Although there’s no one magic solution to eliminating cyberattacks and cybercrime risks, there are steps you can take to reduce the chances of becoming a victim. Cybersecurity and Infrastructure Security Agency (CISA) has started a campaign to increase awareness of these risks to U.S. businesses called #ShieldsUp.

Cybersecurity

Cybersecurity Cybercrime Education Passwords

How to build a security-first culture with remote teams

Security Boulevard

JULY 20, 2021

Sixty-one percent of CISOs are more concerned about security risks targeting employees than they were pre-COVID [IDG], and much of […]. The post How to build a security-first culture with remote teams appeared first on Blog.

CISO

CISO Risk

Cyber Insurance Reduces Risk: Five Ways to Lower Your Rates

Security Boulevard

APRIL 4, 2024

Suddenly, panic mode kicks in, and you’re transported back to those school days, facing an exam that seemed more daunting than Mount Everest. […] The post Cyber Insurance Reduces Risk: Five Ways to Lower Your Rates appeared first on CISO Global.

Cyber Insurance

Cyber Insurance Insurance Risk CISO

Why Predator is the ultimate CISO movie

5 Tips to be an awesome CISO

Trending Sources

GUEST ESSAY: Could CISOs be on the verge of disproving the ‘security-as-a-cost-center’ fallacy?

GUEST ESSAY: 5 tips for ‘de-risking’ work scenarios that require accessing personal data

Navigating PAM Implementation Risks: A Comprehensive Guide for CISOs

Developing a Risk Management Approach to Cybersecurity

Nine Top of Mind Issues for CISOs Going Into 2023

Cybersecurity Insights with Contrast CISO David Lindner | 10/28

GUEST ESSAY: Why the arrests of cyber criminals in 2021 will incentize attackers in 2022

My Top 5 Blogs of the Year

Is fighting cybercrime a losing battle for today’s CISO?

GUEST ESSAY: Why CISOs absolutely must take authentication secrets much more seriously

GUEST ESSAY: In pursuit of smarter cybersecurity — to overcome complex risks and grow revenue

New Office of the CISO Paper: Organizing Security for Digital Transformation

Valentine’s Day for CISOs: How to Woo Your CEO

Seven Ways DSPM Helps CISOs Buy Down Cyber Risk

GUEST ESSAY: The case for network defenders to focus on leading — not lagging — indicators

How CISOs Can Impact Security for All

GUEST ESSAY: 5 steps all SMBs should take to minimize IAM exposures in the current enviroment

What is the CISO Experience in a Red Team Exercise?

Hello, I am CISO Helen. Nice To Meet You :-)

News alert: Qualys unveils ‘Enterprise TruRisk Platform’ to help businesses eliminate cyber risks

What’s It Like for a New CISO?

Navigating the Supply Chain Security Maze with SBOMs

GUEST ESSAY: Essential cyber hygiene practices all charities must embrace to protect their donors

Okta’s Breach Highlights Risk of Putting Crown Jewels in the Cloud

Cyber Risk Quantification: Three Key Use Cases

No Deep AI Security Secrets In This Post!

LinkedIn Adds Verified Emails, Profile Creation Dates

Third-Party Security Risk: How to Protect and Respond

GUEST ESSAY: The role advanced ‘VM’ is ideally suited to play in combating modern cyber attacks

How to Relieve Vendor Risk Assessment Headaches (With a Vendor Risk Management Solution)

People Skills Outweigh Technical Prowess in the Best Security Leaders

Time is Not on Your Side: Why Every CISO needs a Cyber Risk Quantification Strategy before It’s Too Late

What is Third-Party Risk?

ConnectWise Quietly Patches Flaw That Helps Phishers

Moving From ‘the log dustbin’ to Effective Security Operations

Unmasking the Cracks of Today’s Cyber Defence

Many Businesses Have GRC Software, Yet Most Still Struggle to Manage IT Risks Consistently

Shifting from Business Continuity to Continuous Business in Cyber

New Office of the CISO Paper: Organizing Security for Digital Transformation

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

How to build a security-first culture with remote teams

Cyber Insurance Reduces Risk: Five Ways to Lower Your Rates

Stay Connected