It's not the number of moving pieces in your security program that matter; it's how those pieces are making your organization more resilient that truly counts. How do you achieve that goal?
When reporting to the board of directors, the majority of CISOs measure the effectiveness of their program against a proven model. But what exactly should a CISO be measuring and reporting? Here are some top recommendations.
By looking at hospitals – and the resulting mad scramble and actions they took to protect their patients – there are four lessons that can be distilled to help those in the thick of a spike or for those planning for the next surge.
The vpnMentor cybersecurity research team, led by Noam Rotem and Ran Locar, have uncovered an unsecured AWS S3 bucket with over 5.5 million files and more than 343GB in size that remains unclaimed.
As much of the world continues to hunker down at home in response to COVID-19, threat actors continue to find ways of exploiting the crisis to gather sensitive and valuable information from individuals. But while we’re busy making sure that our primary computers and cloud-based accounts are locked down, it’s often the devices we least suspect – our smartphones – that provide the opening that hackers need. The 2018 hacking of Jeff Bezos’s iPhone X, perhaps the most famous example of smartphone hacking, provides an important reminder that these most personal of devices should be used with appropriate caution, especially in this time of upheaval.
The National Security Agency released a Limiting Location Data Exposure Cybersecurity Information Sheet (CSI) to guide National Security System (NSS) and Department of Defense (DoD) mobile device users on how they might reduce risk associated with sharing sensitive location data.
The Cybersecurity and Infrastructure Security Agency (CISA) released the Cyber Career Pathways Tool, an interactive approach for current and future cybersecurity professionals to envision their career and navigate next steps within the NICE Cybersecurity Workforce Framework.
Today's challenging reality presents an opportunity for CISO’s to reevaluate the economics and efficiencies of their current infosec program. To do so, CISO’s must narrow their focus on maximizing their return on investments and shift to a risk-based prioritization strategy. No matter the situation, CISO’s are always expected to meet goals and drive results. Even though security professionals cannot reduce risk to zero, they can reduce risk significantly by first eliminating the most impactful risks facing their organization. Below, I discuss the four critical steps of leading an economical and efficient information security program while following a risk-based approach.
Countless businesses export data from the European Union to the United States. Does your human resources office have information on European employees? The sales department information on European clients? That is personal data. The question is if data exports can continue in the wake of the Court of Justice of the European Union’s (CJEU) ruling in the “Schrems II” case.