Security News
"Every request to access a resource starts from a position of zero trust. Access decisions are then made and enforced based on a set of trust metrics selected by the organization. These trust metrics could relate to the user, their access device, the resource to be accessed, or a combination thereof." What other business justification could CISOs spell out? One of the benefits is micro-segmentation, which is both a cause and a pre-requisite of zero trust architectures - depending on the organization's starting point.
A joint report by the International Association of Privacy Professionals and Ernst & Young, published last year, revealed inconsistencies in how companies are implementing the DPO role, including whether the CISO also serves as DPO. When Is DPO Required? While some say it's appropriate for CISOs to serve as DPOs because the roles complement each other, others argue the DPO position should be separate.
Standard Insurance Company announced that Laxman Prakash has been promoted to assistant vice president and chief information security officer. Prakash joined The Standard in 2011 as director of Information Security and Business Continuity and focused on strengthening the company's information security organization.
As a venture capital investor who was previously a Chief Information Security Officer, I have noticed an interesting phenomenon: although cybersecurity makes the news often and is top of mind for consumers and business customers, it doesn't always get the attention it deserves by the board of directors. Even on a macro level, security concepts might be difficult to fully understand, so a short and dedicated security training for the board can come in handy.
How can you make a proactive business case for justifying expenses that advance your security program? I have a few suggestions based on my prior consulting experience and my recent work as a CISO at a cybersecurity firm. Security practitioners used to point to the need for defense-in-depth when explaining why the organization should fund yet another cybersecurity measure.
Trustmark Mutual Holding Company, a national employee benefits provider, has selected Britt Lindley as its new Chief Information Security Officer (CISO). Bradley Bodell, Chief Information Officer,...
If there is one work-related New Year's resolution I'd like CISOs to make as we enter 2020, it's to give the challenge of third-party cyber risk the attention it needs. If CISOs continue to focus cybersecurity tools and resources within the company perimeter, they are fighting the wrong battle in an increasingly multi-front cybersecurity war.
If your organization does software development in-house, there are a myriad of development workflows and processes to choose from. Some organizations still implement old-school waterfall development workflows; some are agile shops.
As Threats Continue to Evolve, So too Must DefensesThe cybersecurity outlook for 2020 and the new decade will be characterized by more advanced, targeted and coordinated attack vectors designed to...
TMF Group's Devender Kumar on Effectively Handling Vendor RiskIt's important to look into the inherent risks of engaging with vendors before getting into assessing individual companies, says...