Security News

He has been at Infosys for four years as the chief information security officer. The future is going to be about cyber resilience, and CISOs need to lead the charge to recalibrate how security teams and entire companies think about security.

What role can technology now play in improving insider threat detection and response? Three CISOs share their insights. Joining ISMG's Tom Field to discuss insider threat are: Dawn Cappelli, vice president of global security and CISO of Rockwell Automation; Sujeet Bambawale, CISO of 7-Eleven; Solomon Adote, chief security officer of the state of Delaware; and Tony Pepper, CEO and co-founder of Egress Software Technologies.

The speed and complexity of software development is rapidly increasing. Development teams have little to no time to ensure these applications are secure, even while the biggest and most severe data breaches that have affected both the public and private sectors all operate at the application layer.

Reducing security complexity remains one of the toughest challenges facing CISOs, driven by the non-stop increase in threats, says Jeff Reed of Cisco. While many organizations are reducing the number of tools they use, creating a sustainable solution to the complexity problem also requires vendors to ensure their tools are increasingly interoperable and facilitate improved visibility as well as automation, he says.

Security leaders need to connect their work to broader business goals and create a culture of learning to attract talent. Chief information security officers need to focus on communication, collaboration and culture in 2020 to improve cybersecurity and boost the profile of the security team as well.

Security leaders can no longer adopt the role of enforcer, but rather need to pivot to a new role: the enabler. Security leaders must now be able to transform their security practices in lockstep with all the other changes wrought by business-wide digital transformation.

Veeam Software, the leader in Backup solutions that deliver Cloud Data Management, announced that Gil Vega has been appointed Chief Information Security Officer. Vega, whose previous experience includes serving as Managing Director and CISO at CME Group and as the Associate Chief Information Officer & CISO for the U.S. Department of Energy and U.S. Immigration & Customs Enforcement in Washington, DC, will be responsible for establishing and maintaining Veeam's vision and strategy to ensure its information assets and solutions are adequately protected, and will be pivotal in driving strategies to help customers protect their critical data across multiple environments and ensure regulatory compliance.

"Every request to access a resource starts from a position of zero trust. Access decisions are then made and enforced based on a set of trust metrics selected by the organization. These trust metrics could relate to the user, their access device, the resource to be accessed, or a combination thereof." What other business justification could CISOs spell out? One of the benefits is micro-segmentation, which is both a cause and a pre-requisite of zero trust architectures - depending on the organization's starting point.

A joint report by the International Association of Privacy Professionals and Ernst & Young, published last year, revealed inconsistencies in how companies are implementing the DPO role, including whether the CISO also serves as DPO. When Is DPO Required? While some say it's appropriate for CISOs to serve as DPOs because the roles complement each other, others argue the DPO position should be separate.

Standard Insurance Company announced that Laxman Prakash has been promoted to assistant vice president and chief information security officer. Prakash joined The Standard in 2011 as director of Information Security and Business Continuity and focused on strengthening the company's information security organization.