Security News

Identity in a remote world has taken on added importance for cybersecurity leaders speaking in a webinar on the state of security and the evolving role of CISOs at VMworld 2020. "As security leaders, we have to make sure we don't make it a guessing game for employees, and they don't feel they have to be security experts." Sanders said his security team is building architecture and tools so that employees only need to think about whether they are doing their job.

Twitter's search for a new chief information security officer has come to an end. According to her LinkedIn profile, Sethi previously held management positions at eBay, Intuit, Palo Alto Networks, IBM and Rubrik.

read more

A roundtable discussion among Cisco chief information security officer advisers Wendy Nather, Richard Archdeacon, and J. Wolfgang Goerlich outlined how the enterprise cybersecurity world is changing, and what CISOs need to do to ensure the "New normal" is a secure one. Archdeacon said that users have to be made the front line of security in this situation, which means implementing security systems that don't rely on enterprise security products connecting directly to remote user's PCs. Multifactor authentication, DNS security, VPNs, and other familiar security products that put the security onus on users will be necessary for now.

Only 12% of CISOs excel in all four categories of the Gartner CISO Effectiveness Index. The measure of CISO effectiveness is determined by a CISO's ability to execute against a set of outcomes in the four categories of functional leadership, information security service delivery, scaled governance and enterprise responsiveness.

Attacked by ransomware? Five steps to recoveryWhile there is a lot of discussion about preventing ransomware from affecting your business, the best practices for recovering from an attack are a little harder to pin down. Justifying your 2021 cybersecurity budgetSitting in the midst of an unstable economy, a continued public health emergency, and facing an uptick in successful cyber attacks, CISOs find themselves needing to enhance their cybersecurity posture while remaining within increasingly scrutinized budgets.

Gartner defines "Effective CISOs" as those who scored in the top one-third of the CISO effectiveness measure. "As the push to digital deepens, CISOs are responsible for supporting a rapidly evolving set of information risk decisions, while also facing greater oversight from regulators, executive teams and boards of directors. These challenges are further compounded by the pressure that COVID-19 has put on the information security function to be more agile and flexible."

CISOs are tasked with preparing for more than three audits on average in the next 6-12 months, but struggle with inadequate tools, limited budgets and personnel, and inefficient manual processes. "This survey clearly shows that CISOs at major companies are caught between a rock and hard place when it comes to security and compliance audits over the second half of 2020 and want automated tools to help dig them out. Unfortunately, they're simply not able to find them," said Scott Schwan, Shujinko CEO. "Teams are cobbling together scripts, shared spreadsheets, ticketing systems and a hodgepodge of other applications to try to manage, resulting in inefficiency, lengthy preparation and limited visibility. More than two-thirds of CISOs are looking for something better."

Calendars for security and compliance audits are largely unchanged despite COVID-19, but the pandemic is straining security teams as they work remotely, according to the findings of a recent survey by automated audit prep provider Shujinko. The survey of North American CISOs documented the challenges facing security and compliance professionals preparing for a wave of upcoming audits and was conducted by Pulse in late June 2020.

Today more than ever, CISOs can use their influence to do more than just drive technological change by piercing the silos across the enterprise. In order to validate cyber investment with a cyber budget holder, one must first understand cyber event types the organization may face and the range of business assets and operations in question.