Security Leadership and Management
RSS

5 minutes with Tim Sulzer - The rise of gun violence and physical security technology

November 23, 2020

In today's ever changing environment, no organization and enterprise is immune from violence. Whether it is a church, movie theater, mall, or healthcare setting the need to plan for an act of violence, including active shooter events, is of paramount importance. And while public safety situational awareness and vigilance is an absolute must in our modern world, much thought has been given to how to develop plans, procedures, training and technology to stop these acts of violence. Here, we talk to Tim Sulzer, Chief Technology Officer (CTO) of ZeroEyes, about how physical security technology has evolved over the years to help make a difference in situations involving an active shooter or to reduce workplace and gun violence in various settings.

VDI improvements ensure business continuity in the age of remote work

Babak Roushanaee

November 23, 2020

Working at home poses many challenges. One smart solution for enterprises that continues to help maintain business continuity is Virtual Desktop Infrastructure (VDI). It enables IT organizations to deliver a corporate endpoint experience on relatively inexpensive hardware while maintaining strict IT standards that will provide benefits well into the future.

A cluster without RBAC is an insecure cluster

Robert Brennan

November 23, 2020

The Principle of Least Privilege is one of the longest standing principles of security. People (as well as applications) should only have access to the things they need to do their job, and nothing else. While being overly permissive may make life a bit easier in the short-term, it can easily come back to haunt you long-term, whether due to a malicious attack, misplaced credentials, or even an honest mistake.

How the Security Operations Center Can Create Customer Confidence

Curiosity, creativity, collaboration: The human elements of the SOC

Chris Calvert

November 23, 2020

Machines are better at speed and scale than humans. But humans have the edge over machines at thinking outside of the box, using their curiosity and creativity to come up with solutions, and reasoning that machines cannot define or replicate. When it comes to security operations, humans and automation are the duo that’s stronger and more effective in partnership than when they’re apart. Using extended detection and response (XDR) can bring these skills to the forefront of the Security Operations Center (SOC), leaving the repeatable, boring tasks to the machines and allowing for these human traits to shine.

Duke Energy announces new CSO and other leadership changes

November 20, 2020

Duke Energy, a Fortune 150 company headquartered in Charlotte, N.C., named Keith Butler as Senior Vice President and Chief Security Officer. He is currently senior vice president, global risk management and insurance, chief risk officer and acting chief ethics and compliance officer. The company also named new leaders in the critical areas of corporate security, risk management and ethics and compliance.

How to build a culture of security

Steve Thomas

November 20, 2020

No matter how much you spend on your security infrastructure, it won’t do a bit of good if the people you employ aren’t using it correctly. For example, you could install the best antivirus in the world, but if an employee falls for a spear-phishing scam and inadvertently gives their password to a hacker, it’s all for nothing. That’s why it’s more critical than ever to have a culture of security.

If Michael Jordan is zero trust, then identity governance is Scottie Pippen — Why cybersecurity is a team sport

Grady Summers

November 20, 2020

Basketball can teach us a lot about managing the cybersecurity of an enterprise: it takes teamwork. This is perhaps most evident as organizations seek to adopt zero trust principles. The zero trust concept is not new, but I hear more organizations discussing it than ever before — driven by a desire for greater security, more flexible access, and accelerated by the shift to remote work due to COVID-19. At its core, zero trust focuses on providing least-privilege access to only those users who need it. Put it this way: don't trust anyone and even when you do, only give them what they need right now. This security philosophy would make Jordan proud, but in that vein, zero trust would not work without another player: identity management (perhaps it’s the Pippen factor!).

Combating Complacency: Getting the Most Out of Your Data Breach Response Plan

Analyzing the EDPB’s draft recommendations on supplementary measures

In the wake of Schrems II, the EDPB’s much-anticipated recommendations provide extensive guidance on supplementary measures parties can use to legally transfer data out of the EEA in the absence of an adequacy decision.

David M. Stauss

November 20, 2020

In a flurry of activity last week, the European Data Protection Board (EDPB) and the European Commission made major announcements affecting cross-border data transfers out of the EEA. First, the EDPB announced the adoption of draft recommendations on measures that supplement cross-border data transfer tools as well as recommendations on the European Essential Guarantees for surveillance measures. The below post will examine the EDPB’s draft recommendations on supplementary measures. The draft new standard contractual clauses will be discussed in a separate post.

CESER’s Clear Path Exercise tests energy sector’s earthquake response

November 20, 2020

On November 19 and 20, more than 200 industry and government officials exercised the energy sector’s response and recovery to a Wasatch earthquake during CESER’s Clear Path VIII. This year’s scenario impacted critical energy infrastructure within Utah and the surrounding states with cascading impacts across the Western United States. The regional, all hazards Clear Path Exercise series brings together energy sector partners on an annual basis to update policies and procedures, identify areas for collective improvement, and strengthen relationships and cooperation.

Cyber resilience through deception: What businesses can learn from federal cybersecurity frameworks

Michael Saintcross

November 20, 2020

With cyber resilience, it is the same kind of philosophy: reducing your cyber incident risk and not just relying on one line of defense or one capability you think will be the one that finally stops the bad actors. Looking at the standards for cyber resilience in federal agencies will help businesses understand both the essentials and the additional steps they need to take to fully safeguard their assets.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.

Security Leadership and Management
RSS

5 minutes with Tim Sulzer - The rise of gun violence and physical security technology

VDI improvements ensure business continuity in the age of remote work

A cluster without RBAC is an insecure cluster

Curiosity, creativity, collaboration: The human elements of the SOC

Duke Energy announces new CSO and other leadership changes

How to build a culture of security

If Michael Jordan is zero trust, then identity governance is Scottie Pippen — Why cybersecurity is a team sport

Analyzing the EDPB’s draft recommendations on supplementary measures

CESER’s Clear Path Exercise tests energy sector’s earthquake response

Cyber resilience through deception: What businesses can learn from federal cybersecurity frameworks

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

Security Leadership and Management RSS

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

Security Leadership and Management
RSS