You may be naturally inclined to conceal risks from the prying eyes of concerned leadership that may reflect poorly on you or your team, but you must resist the temptation.
If you don’t communicate cyber security matters – including organizational failures – from the people who run the business, you harm the organization.
Mobile devices and applications have drastically reshaped the way we do business. More change is on the horizon as voice recognition, virtual and augmented reality, and artificial intelligence create new customer interfaces and business platforms. But is new technology driving the increased sense of risk?
If you’re a CISO, your Board generally knows who you are and what you do. But do you know who they are? No Board is monolithic. Each Board member brings unique value to the Board. Each is selected for what they add to the Board’s perspective, vision, and decisions. If you know your Board, you can tailor your message to your audience and avoid some potential surprises.
Data classification can help secure your data for compliance and company policy. But where should you even begin in the classification process?
To start, let’s go through the main data classification types.
Since the advent of space exploration in the 1960s, every child understands that the success of the space mission is dependent not only on the astronauts, but also on the engineers in the mission operation center. All complex missions or operations are high risk and subject to failure. These failures are also hard to predict. Operations centers therefore play an important role in responding to failures in real-time to reduce their impact on the mission.
Understanding what to do when you have EOL software becomes crucial to the security of your organization. So, what happens when your system reaches EOL?
When software reaches EOL, it means that program will no longer be supported by the developer and there will be no more updates. Without updates and bug fixes, this software becomes vulnerable to hackers and cyber criminals.
It’s no secret that employees – whether they’re your employees or a partner’s – are the weakest link in your cybersecurity program. Regardless of an organization’s product, service, size, or industry, employees play an integral role in ensuring the business operates efficiently. Unfortunately, employees also play an integral role in exposing the organization’s intellectual property to unauthorized parties.
When a CISO starts a new job, she naturally wants to build a cybersecurity program of which she and her employer can be proud. But her success depends largely on the tools she has, including people, tools, and processes.
Jimmy Xu, Director of DevSecOps & Cloud Security at Trace3, recently presented “Mastering DevSecOps.” Jimmy’s presentation generated lots of great questions, which he graciously answered below. If you missed his presentation or would like to watch it again, you can view it below.
Schools will struggle with more than COVID-19 as kids return this Fall – whether virtually, on campus, or a combination of the two. Colleges and universities contain lots of sensitive data that hackers cherish. Unless schools protect this PII, PHI, and IP, hackers will use it for social engineering, financial fraud, or a competitive advantage.
No man is an island. The same can be said about your business. Your organization relies on countless people for its survival, let alone its success. Ironically, many of these contributors work for someone else. Suppliers, vendors, consultants, contractors, and other service providers deliver tremendous value to organizations. Unfortunately, these service providers also pose significant risk.
The only constant in life is change. Sometimes change comes from an existential crisis. Need proof? Ask a CISO. The cybersecurity function traditionally solved technology problems with technology solutions. Cybersecurity experts learned however that technology is only part of the equation. Businesses do not function without people.
Cyber-crime complaints increased 69% from 2019, according to the FBI’s 2020 Internet Crime Report. It’s no surprise therefore that industries are now setting higher standards and requirements, especially in the government sector where a breach could have catastrophic consequences. The Cybersecurity Maturity Model Certification, or CMMC, is a unified standard designed to enhance the protection of Controlled Unclassified Information (CUI) and Federal Contract Information (FCI). CMMC measures an organization’s ability to protect FCI and CUI and applies to over 300,000 DoD contractors. Requiring CMMC certification is a good first step for setting a security standard, but there is still a lot more organizations can do to protect classified information.
As more working adults receive vaccinations, it’s time for CISOs to create their post-pandemic plans. These plans must address employee concerns about returning to the office, protocols for employees who wish to continue to work remotely, and whether or not the organization will employ out-of-state talent. CISOs must consider these and other important questions as business leaders start to look ahead.
Being an effective leader is difficult during ordinary times, let alone during a global pandemic. Covid completely changed our lives, including the way we work. The best leaders adjusted quickly. CISOs, no strangers to adaption, led this change in many companies. The pandemic’s effects will be felt long after the last person is vaccinated. Business and security leaders therefore must continue to evolve in how they lead and defend their organizations against cyberattacks. Secure remote technologies, beef up security education and awareness for employees, and even mix up daily board briefs. These and other examples keep businesses nimble and responsive. They also keep employees alert and engaged.
The shift to remote work forced organizations to accelerate their digital transformation initiatives, creating significant security risks. While a zero-trust model may mitigate work from home risks, it may not be realistic for smaller organizations. However, there are several steps CISOs can take to improve their security profile as part of a broader digital transformation.
The pandemic has eradicated the traditional 9-to-5 workday. Employees are juggling kids, pets, and family during the day on top of their daily work responsibilities. Some employees handle it better than others. The younger workforce, in fact, has not only adapted to this new work environment, they’ve thrived in it. CISOs and other leadership members must accept this new work environment, including flexible work hours and trust the work will get done. Delegate tasks and give a hard deadline then trust the work will be completed on time. Adapt a trust but verify approach and check in if needed, but otherwise refrain from micromanaging.
The concept of a zero trust architecture is fantastic, in theory. How realistic is it in a post-pandemic world? Businesses rushed to implement cloud applications at the start of the pandemic. Employees accessed those applications from shared home networks using myriad devices. Verifying a user’s identity in this current environment therefore seems challenging at best. Can an organization realistically adopt a true zero trust model, or is a ‘Trust-But-Verify’ approach more attainable?
CISO Street recently moderated a virtual CISO panel and asked panelists about their perspectives on current cyber trends and challenges. In this video, Richard Rushing, CISO for Motorola Mobility and Jeff Lush, CIO for Air University at U.S. Air Force share their thoughts on zero trust during the pandemic.
The page you requested could not be found. Try refining your search, or use the navigation above to locate the post.
The page you requested could not be found. Try refining your search, or use the navigation above to locate the post.