Blog, CISO and Risk - Cyber Security Informer

GUEST ESSAY: How AI co-pilots boost the risk of data leakage — making ‘least privilege’ a must

The Last Watchdog

FEBRUARY 25, 2025

Related: Weaponizing Microsoft’s co-pilot Until now, lackluster enterprise search capabilities kept many security risks in checkemployees simply couldnt find much of the data they were authorized to access. Ive spoken with numerous CIOs and CISOs who say these issues are directly impacting rollout plans at major enterprises.

Risk

Risk CISO Engineering

Why Predator is the ultimate CISO movie

Javvad Malik

OCTOBER 29, 2020

The movie starts on the outskirts of a jungle and the CISO (Arnie) with his team land in their helicopters. This is a perfect metaphor for how a CISO operates in day to day situations. This is a reminder to all security pros that they need to continually keep their skills up to date or risk becoming a dinosaur. Well read on.

CISO

CISO InfoSec Banking Ransomware

5 Tips to be an awesome CISO

Javvad Malik

NOVEMBER 22, 2021

I’m not a CISO, I never have been and hope I never will be. It seems like a lot of hard work and stress, and if you’re the CISO at a company when you suffer a breach it’s difficult to blame the intern without a mob of security professionals criticising you. Risk Appetite. Make everything about risk appetite.

CISO

CISO Risk Firewall Cybersecurity

GUEST ESSAY: Could CISOs be on the verge of disproving the ‘security-as-a-cost-center’ fallacy?

The Last Watchdog

MARCH 13, 2023

So how will this affect chief information security officers (CISOs) and security programs? Given the perennial skills and staffing shortage in security, it’s unlikely that CISOs will be asked to make deep budget or staffing cuts, yet they may not come out of this period unscathed. Related: Attack surface management takes center stage.

CISO

CISO Insurance Cybersecurity Risk

Navigating PAM Implementation Risks: A Comprehensive Guide for CISOs

Heimadal Security

SEPTEMBER 11, 2023

Chief Information Security Officers (CISOs) bear the responsibility of safeguarding their organizations against an ever-evolving array of cyber threats. However, implementing PAM solutions involves navigating multifaceted risks and intricacies that demand the unwavering attention of these senior security executives.

CISO

CISO Risk Cyber threats Information Security

Shifting from Business Continuity to Continuous Business in Cyber

Jane Frankland

OCTOBER 25, 2024

As ITDMs, CISOs and cyber risk owners this is our dream scenario, and he got me thinking. It’s a subtle shift in focus, and requires a fundamental change in how we, as ITDMs, CISOs and cyber risk owners view and action resilience—not as a one-time project, but as an ongoing programme that provides strategic advantage.

Cyber Risk

Cyber Risk CISO Cyber threats Risk

GUEST ESSAY: 5 tips for ‘de-risking’ work scenarios that require accessing personal data

The Last Watchdog

JANUARY 10, 2022

It’s possible to de-risk work scenarios involving personal data by carrying out a classic risk assessment of an organization’s internal and external infrastructure. This de-risks personal data that does not fit in a separate security contour. Related: The dangers of normalizing encryption for government use. Encryption.

Risk

Risk Encryption Data privacy CISO

Nine Top of Mind Issues for CISOs Going Into 2023

Cisco Security

JANUARY 10, 2023

As the majority of the global Covid fog finally started lifting in 2022, other events – and their associated risks – started to fill the headspace of C-level execs the world over. In my role, I regularly engage with CISOs in all kinds of sectors, representatives at industry bodies, and experts at analyst houses.

CISO

CISO Insurance Cyber Insurance Phishing

Secure Communications: Relevant or a Nice to Have?

Jane Frankland

FEBRUARY 7, 2025

But as a CISO or cyber risk owner, it’s not just about locking down sensitive informationits about doing it without slowing down your people. This is where the real opportunity lies, and what Im exploring in this blog. For CISOs and cyber risk owners, this isnt just a riskits a gamble no one can afford to take.

Cyber Risk

Cyber Risk CISO Risk Encryption

Developing a Risk Management Approach to Cybersecurity

Security Boulevard

MARCH 30, 2021

By now most CISOs understand that focusing your cybersecurity program on regulatory compliance is no longer sufficient. The post Developing a Risk Management Approach to Cybersecurity appeared first on Hyperproof. The post Developing a Risk Management Approach to Cybersecurity appeared first on Security Boulevard.

Risk

Risk Cybersecurity CISO Government

Navigating the SEC’s Cybersecurity Disclosure Rules: One Year On

Security Boulevard

DECEMBER 30, 2024

In this post, we look at the enforcement actions the SEC has taken and what public company CISOs should do to stay in compliance. As part of their fiduciary duties, boards play a key role in the oversight of risks from cybersecurity threats. This pushed C-level executives and boards to adopt measures for compliance and transparency.

Cybersecurity

Cybersecurity Cyber Risk CISO Risk

How CISOs Can Impact Security for All

Cisco Security

APRIL 26, 2021

Insights from our new Advisory CISO, Helen Patton. If there’s anyone who’s been put through their paces in the security industry, it’s Helen Patton , our new Advisory Chief Information Security Officer (CISO). Helen has come to Cisco from The Ohio State University, where she served as CISO for approximately eight years.

CISO

CISO Education Technology Media

Cybersecurity Insights with Contrast CISO David Lindner | 10/28

Security Boulevard

OCTOBER 28, 2022

CVSS score does not directly relate to the risk to your organization. Please for everyone’s sake, including your developers, produce a better algorithm for managing risk in your organization. See my first insight from this week, find a better algorithm that fits your organization that mirrors your risk profile and tolerance.". .

CISO

CISO Cybersecurity Risk

Hello, I am CISO Helen. Nice To Meet You :-)

Duo's Security Blog

FEBRUARY 23, 2021

Hello, I am Helen Patton, and I am the newest Advisory CISO at Duo. While I was a CISO at Ohio State we partnered with Duo to implement MFA across our organization. Talk to a Higher Education CISO (note to security product engineers – if you ever want a testbed for your ideas, partner with a university). We don’t care.

CISO

CISO Education Banking Retail

GUEST ESSAY: Why the arrests of cyber criminals in 2021 will incentize attackers in 2022

The Last Watchdog

DECEMBER 16, 2021

After all, a malicious actor only needs a few minutes of time with a privileged account to take over the entire directory, and there are volumes of exploitable identity risks at every organization. The ascendency of CISOs. In 2022 we expect to see organizations increasingly moving identity management systems into the CISO organization.

CISO

CISO Ransomware Risk Authentication

My Top 5 Blogs of the Year

Javvad Malik

NOVEMBER 27, 2020

I saw Cygenta posted their top 5 blogs of the year on Twitter and thought that it was a wonderful idea to rip off / borrow / be inspired by. So, I proudly present, my top 5 read blogs during the course of 2020. From my blog that is. 5: Writing better risk statements Do you struggle to articulate security risks?

InfoSec

InfoSec CISO Risk

Is fighting cybercrime a losing battle for today’s CISO?

CyberSecurity Insiders

JANUARY 12, 2022

In this blog, we’ll look at the root causes of concern for today's CISO and share some practical strategies to deter cybercriminals. The CISO role can be an unenviable one. Is the cyber deck stacked against today's CISO? If you own the risks, who owns the elimination? ' is usually swift.

CISO

CISO Cybercrime Risk Healthcare

GUEST ESSAY: Why CISOs absolutely must take authentication secrets much more seriously

The Last Watchdog

MARCH 1, 2023

The linked white paper explains the three stages of this process: •Assessing secrets leakage risks •Establishing modern secrets management workflows •Creating a roadmap to improvement in fragile area This model emphasizes that secrets management is more than just how an organization stores and shares secrets.

Authentication

Authentication CISO Passwords Software

GUEST ESSAY: In pursuit of smarter cybersecurity — to overcome complex risks and grow revenue

The Last Watchdog

JANUARY 8, 2023

Smarter security to me broadly refers to relentlessly focusing on fundamentals while maturing the program, making sure your risk posture aligns with your business strategy. When it comes down to it, C-level goals and CISO initiatives are not all that misaligned. This leads to revenue gains and positive customer outcomes.

Risk

Risk Cybersecurity Technology CISO

New Office of the CISO Paper: Organizing Security for Digital Transformation

Anton on Security

SEPTEMBER 13, 2024

Ideally, we think this conversation should start with defining security goals framed in business outcomes like capabilities, velocity, quality, cost, and risk.”

Digital transformation

Digital transformation CISO Technology Cybersecurity

Valentine’s Day for CISOs: How to Woo Your CEO

Security Boulevard

FEBRUARY 14, 2022

CISO is a high-stakes position, and possibly the most important business relationship/direct report a CEO can have. At Axio, our platform enables companies to perform cyber risk quantification (CRQ), which analyzes the unique risks to.

CISO

CISO Cyber Risk Risk Cyber Attacks

Cross-post: Office of the CISO 2024 Year in Review: AI Trust and Security

Anton on Security

JANUARY 28, 2025

In addition to publishing blogs and papers, our Cloud Security Podcast by Google episodes have featured experts discussing AIs impact on security, offering practical implementation advice, and addressing emerging challenges. A recap of our key blogs, papers and podcasts on AI security in 2024follows.

CISO

CISO Risk Government Artificial Intelligence

Seven Ways DSPM Helps CISOs Buy Down Cyber Risk

Security Boulevard

APRIL 23, 2024

Have you heard someone indicate they buy down risk? In today’s digital economy, cyber risk is a top concern of everyone from the Board and CEO to the CFO and ultimately the CISO. The post Seven Ways DSPM Helps CISOs Buy Down Cyber Risk appeared first on Security Boulevard.

Cyber Risk

Cyber Risk CISO Risk Data breaches

The CISO’s Midset for 2025: Outcomes, Automation, and Leadership

Lenny Zeltser

FEBRUARY 10, 2025

As the year 2025 rushes forward, the responsibilities of CISOs are continuing to evolve. We increasingly recognize the importance of not just identifying risks but actively addressing them through direct action and influence. The year will continue to shape the CISO role into an exciting combination of leadership and tech expertise.

CISO

CISO Technology Risk Data breaches

Third-Party Security Risk: How to Protect and Respond

Duo's Security Blog

JUNE 15, 2023

Third party security risk is an issue that frequently comes up in my discussions with clients. Meanwhile, Prevalent noted that companies are currently big on exposure but small on preparation, with a staggering 45% still relying on manual spreadsheets to assess third party risk. Control the risk. How simple is the solution?

Risk

Risk Authentication Phishing Insurance

GUEST ESSAY: The case for network defenders to focus on leading — not lagging — indicators

The Last Watchdog

JANUARY 17, 2022

Minimum adherence to security requirements policy, based on an application’s inherent risk profile, can lead to reduction in risk vulnerabilities. Accountability for software security often falls under the Chief Information Security Officer (CISO). Like other major changes, it’s important to set realistic expectations.

CISO

CISO Software B2B Marketing

Female Cybersecurity Leaders (CISOs) Wanted

Jane Frankland

OCTOBER 13, 2021

I went through some of them this week at the Cyber Security Virtual Conference: Celebrating Women in Cyber, and with PWC Canada when they engaged me to open their one day event – SheProtects: Future CISO Program. She sees risk everywhere, is accountable for it, and is mostly at odds with the business. Tip 2 – Believe you can do it.

CISO

CISO Cybersecurity Risk Marketing

GUEST ESSAY: 5 steps all SMBs should take to minimize IAM exposures in the current enviroment

The Last Watchdog

FEBRUARY 14, 2022

Which topics should CEOs, CIOs and CISOs have on their radar when it comes to Identity and Access Management ( IAM ) and cyber security risks in 2022? recurring re-confirmations of initially assigned rights and roles in all connected systems by the employees’ manager – to reduce the risk of abuse and accidents.

CISO

CISO Social Engineering Authentication Risk

News alert: Qualys unveils ‘Enterprise TruRisk Platform’ to help businesses eliminate cyber risks

The Last Watchdog

NOVEMBER 20, 2023

The Qualys Enterprise TruRisk Platform centers around helping customers holistically measure, effectively communicate, and proactively eliminate cyber risk, with a hyper focus on the impact of cyber risk on business risk.

Cyber Risk

Cyber Risk Risk CISO Insurance

Navigating the Supply Chain Security Maze with SBOMs

Appknox

OCTOBER 18, 2023

Dive into Appknox's SBOM blog guide. Essential for CISOs & CTOs to elevate supply chain security with unmatched transparency & proactive risk mitigation.

CISO

CISO Risk Software

LinkedIn Adds Verified Emails, Profile Creation Dates

Krebs on Security

NOVEMBER 4, 2022

LinkedIn also said it is adding a warning to some LinkedIn messages that include high-risk content, or that try to entice the user into taking the conversation to another platform (like WeChat). “These warnings will also give you the choice to report the content without letting the sender know.” A follow-up story on Oct.

Scams

Scams Artificial Intelligence Cryptocurrency Accountability

Okta’s Breach Highlights Risk of Putting Crown Jewels in the Cloud

Security Boulevard

MARCH 24, 2022

Identity credentials and source code are critical assets that can create major risks for your organization when exposed by breaches of third-party cloud service companies that provide identity management and software composition analysis. Know the risks of pushing your crown jewels into other services running in the cloud.

Risk

Risk Software Engineering Passwords

What is the CISO Experience in a Red Team Exercise?

NetSpi Executives

JANUARY 16, 2024

You’re about to have your first Red Team experience, or maybe your first one in the CISO seat of your organization. Besides the debrief meeting and handing you deliverables, what’s next for a CISO after a Red Team exercise? The post What is the CISO Experience in a Red Team Exercise? What Happens After a Red Team Exercise?

CISO

CISO Penetration Testing Social Engineering Engineering

Did You Hire a Spy? Risks and Strategies for Securing Remote Workers

Security Boulevard

JANUARY 24, 2025

Former Military Intelligence Agents Turned Cybersecurity Experts at CISO Global In todays high-stakes digital landscape, hiring remotely requires diligence and vigilance. Risks and Strategies for Securing Remote Workers appeared first on CISO Global. Trust is important, but verifying that trust is non-negotiable.

Risk

Risk CISO Cybersecurity

ConnectWise Quietly Patches Flaw That Helps Phishers

Krebs on Security

DECEMBER 1, 2022

29, roughly the same time Pyle published a blog post about his findings , ConnectWise issued an advisory warning users to be on guard against a new round email phishing attempts that mimic legitimate email alerts the company sends when it detects unusual activity on a customer account. ET: Included statement from ConnectWise CISO.

Phishing

Phishing Architecture Passwords Accountability

Cyber Risk Quantification: Three Key Use Cases

Security Boulevard

NOVEMBER 1, 2022

CISOs continue to face an uphill battle, and one of their biggest headaches is where to focus cyber investments. The post Cyber Risk Quantification: Three Key Use Cases appeared first on Axio. The post Cyber Risk Quantification: Three Key Use Cases appeared first on Axio.

Cyber Risk

Cyber Risk Risk Cyber Insurance Insurance

People Skills Outweigh Technical Prowess in the Best Security Leaders

SecureWorld News

OCTOBER 5, 2023

Michael Gregg, the CISO for the State of North Dakota, speaks across the country, including keynoting at SecureWorld Detroit on Sep. A recent blog by Frank Domizio titled " The CISO Role: Beyond Technology " explores exactly what I am talking about. That's a soft skill that even the most adept CISOs are still trying to master.

CISO

CISO Risk Government Cybersecurity

No Deep AI Security Secrets In This Post!

Anton on Security

MAY 24, 2023

talk to us :-) These are the episodes: EP52 Securing AI with DeepMind CISO EP68 How We Attack AI? What portion of AI-related “badness” (harm, risk, etc) fits within the cybersecurity domain? BTW, if you have anything fun to say about LLM security (easy!) and you actually know what you are talking about (hard!),

Artificial Intelligence

Artificial Intelligence CISO Risk Marketing

Budget Approved: 13 Cybersecurity KPIs That CISOs Can Present to the Board

Security Boulevard

FEBRUARY 26, 2025

When reporting to the board, a CISO must translate risk into identifiable terms to present key findings and ensure that all cybersecurity initiatives are aligned with business objectives. Cyber risk mitigation expenditures help translate risk into potential additional profit.

CISO

CISO Cybersecurity Cyber Risk Risk

How to Relieve Vendor Risk Assessment Headaches (With a Vendor Risk Management Solution)

Security Boulevard

JUNE 7, 2021

The post How to Relieve Vendor Risk Assessment Headaches (With a Vendor Risk Management Solution) appeared first on Hyperproof. The post How to Relieve Vendor Risk Assessment Headaches (With a Vendor Risk Management Solution) appeared first on Security Boulevard. SaaS vendors, cloud infrastructure, Read More.

Risk

Risk CISO Government Cybersecurity

Security Roundup January 2025

BH Consulting

JANUARY 30, 2025

Cyber risk remains top of mind for business leaders A regular January fixture, the World Economic Forums Global Risk Report 2025 features two technology-related threats among the top five risks for the year ahead and beyond. The report ranks risks by severity over two-year and 10-year timeframes.

Cyber Risk

Cyber Risk Computers and Electronics Risk CISO

GUEST ESSAY: The role advanced ‘VM’ is ideally suited to play in combating modern cyber attacks

The Last Watchdog

APRIL 3, 2023

Related: Taking a risk-assessment approach to VM Unlike a typical cyber attack that exploits a software vulnerability, recent cyber attacks exploit other security risks, such as misconfigurations, security deviations, and posture anomalies. But VM vendors tend to focus more on software vulnerabilities and leave out everything else.

Cyber Attacks

Cyber Attacks Risk Software Technology

GUEST ESSAY: Essential cyber hygiene practices all charities must embrace to protect their donors

The Last Watchdog

MARCH 4, 2024

Assess risks. Creating a solid cybersecurity foundation begins with understanding the organization’s risks. A recent study found only 27% of charities undertook risk assessments in 2023 and only 11% said they reviewed risks posed by suppliers. Keep software updated.

Social Engineering

Social Engineering Risk Cybersecurity Authentication

If I Had to Start Over in Cybersecurity, Here's What I'd Do Differently

SecureWorld News

MARCH 11, 2025

If I were starting over, I wouldn't spend years in school unless I had a very specific goal, like: Becoming a CISO or security executive (some companies still prefer degrees) Working in federal security or a government contractor role (many require one) Pivoting from a non-technical background (if I had zero IT/security knowledge) Otherwise?

Cybersecurity

Cybersecurity CISO Risk Government

GUEST ESSAY: How AI co-pilots boost the risk of data leakage — making ‘least privilege’ a must

Why Predator is the ultimate CISO movie

Trending Sources

5 Tips to be an awesome CISO

GUEST ESSAY: Could CISOs be on the verge of disproving the ‘security-as-a-cost-center’ fallacy?

Navigating PAM Implementation Risks: A Comprehensive Guide for CISOs

Shifting from Business Continuity to Continuous Business in Cyber

GUEST ESSAY: 5 tips for ‘de-risking’ work scenarios that require accessing personal data

Nine Top of Mind Issues for CISOs Going Into 2023

Secure Communications: Relevant or a Nice to Have?

Developing a Risk Management Approach to Cybersecurity

Navigating the SEC’s Cybersecurity Disclosure Rules: One Year On

How CISOs Can Impact Security for All

Cybersecurity Insights with Contrast CISO David Lindner | 10/28

Hello, I am CISO Helen. Nice To Meet You :-)

GUEST ESSAY: Why the arrests of cyber criminals in 2021 will incentize attackers in 2022

My Top 5 Blogs of the Year

Is fighting cybercrime a losing battle for today’s CISO?

GUEST ESSAY: Why CISOs absolutely must take authentication secrets much more seriously

GUEST ESSAY: In pursuit of smarter cybersecurity — to overcome complex risks and grow revenue

New Office of the CISO Paper: Organizing Security for Digital Transformation

Valentine’s Day for CISOs: How to Woo Your CEO

Cross-post: Office of the CISO 2024 Year in Review: AI Trust and Security

Seven Ways DSPM Helps CISOs Buy Down Cyber Risk

The CISO’s Midset for 2025: Outcomes, Automation, and Leadership

Third-Party Security Risk: How to Protect and Respond

GUEST ESSAY: The case for network defenders to focus on leading — not lagging — indicators

Female Cybersecurity Leaders (CISOs) Wanted

GUEST ESSAY: 5 steps all SMBs should take to minimize IAM exposures in the current enviroment

News alert: Qualys unveils ‘Enterprise TruRisk Platform’ to help businesses eliminate cyber risks

Navigating the Supply Chain Security Maze with SBOMs

LinkedIn Adds Verified Emails, Profile Creation Dates

Okta’s Breach Highlights Risk of Putting Crown Jewels in the Cloud

What is the CISO Experience in a Red Team Exercise?

Did You Hire a Spy? Risks and Strategies for Securing Remote Workers

ConnectWise Quietly Patches Flaw That Helps Phishers

Cyber Risk Quantification: Three Key Use Cases

People Skills Outweigh Technical Prowess in the Best Security Leaders

No Deep AI Security Secrets In This Post!

Budget Approved: 13 Cybersecurity KPIs That CISOs Can Present to the Board

How to Relieve Vendor Risk Assessment Headaches (With a Vendor Risk Management Solution)

Security Roundup January 2025

GUEST ESSAY: The role advanced ‘VM’ is ideally suited to play in combating modern cyber attacks

GUEST ESSAY: Essential cyber hygiene practices all charities must embrace to protect their donors

If I Had to Start Over in Cybersecurity, Here's What I'd Do Differently

Stay Connected