Security News
The Clorox Company's chief security officer has left her job in the wake of a corporate network breach that cost the manufacturer hundreds of millions of dollars. Amy Bogac held the title of chief information security officer and VP of enterprise security and infrastructure at Clorox since June 2021, per her LinkedIn profile.
There is a clear disconnect and even some distrust between CISOs and developers related to how security-conscious each department is within the organization, who is responsible for preventing and mitigating security issues, how well CISOs understand developers' day-to-day tools, and how well developers understand the risk associated with aspects of their job and the tools they use. Only 43% of developers believe that CISOs are "Very familiar" with how container images fit into their work, which is low when compared to other aspects of how developers perceive their security team to understand their work: open-source software libraries and projects, source code repositories and source code management systems, and software build tools.
Two groups in particular play a key and critical role in ensuring data governance and security: the CISO and the CDO. CISOs are responsible for identifying and managing risks associated with data security, while CDOs are responsible for ensuring data accuracy, quality, and consistency. Together, they can establish a framework for managing data risks and provide a clear understanding of data ownership and accountability - but they must be speaking the same language.
The Securities and Exchange Commission brought charges against both Austin, TX-based information security software company SolarWinds and its CISO Timothy G. Brown on October 30. The SEC alleges that between SolarWinds' October 2018 initial public offering and the December 2020 announcement of the large-scale cyberattack, SolarWinds and Brown specifically " defrauded investors by overstating SolarWinds' cybersecurity practices and understating or failing to disclose known risks.
The Securities and Exchange Commission announced charges against SolarWinds and its CISO, Timothy G. Brown, for fraud and internal control failures relating to allegedly known cybersecurity risks and vulnerabilities. The complaint alleges that, from at least its October 2018 initial public offering through at least its December 2020 announcement that it was the target of a massive, nearly two-year long cyberattack, dubbed SUNBURST, SolarWinds and Brown defrauded investors by overstating SolarWinds' cybersecurity practices and understating or failing to disclose known risks.
TechRepublic Premium Hiring Kit: Cloud Engineer Regardless of what business or what industry you are in, the potential benefits of cloud computing and cloud computing services are self-evident. With so many businesses flooding .... TechRepublic Premium Hiring Kit: Data Architect To make their best decisions, businesses need the best actionable information.
Many CISOs are grappling with the conundrum of the purpose and value of security controls data in supporting critical business decisions, according to Panaseer. Only 36% of security leaders are totally confident in their security data and use it for all strategic decision making.
Joe Sullivan, Uber's CEO during their 2016 data breach, is appealing his conviction. Prosecutors charged Sullivan, whom Uber hired as CISO after the 2014 breach, of withholding information about the 2016 incident from the FTC even as its investigators were scrutinizing the company's data security and privacy practices.
The complexity and change experienced by organisations as they grow is one reason we are seeing similar cyber security risks to a decade ago, says Rapid7's CISO Jaya Baloo. Speaking on ethics in information security at the 2023 Australian Cyber Conference, Baloo said the Australian market has truly woken up to cyber risks in the last year due to a number of high-profile data breaches that have affected millions of Australians.
Boards should prioritize conversations around how an organization can modernize their technology infrastructure, leveraging architectures where security is built in, not bolted on, to drive better security, agility, and efficiency. How can boards balance fostering innovation and ensuring that security remains a priority throughout the organization's initiatives?