CISO Insights

Back to Vendor Listings

Audited and Jaded

A company I know was audited some years ago. One of the findings was that there were no Unix server logs. Over the next year server logging was enabled. The following audit noted that nobody was reviewing the logs.  So the company invested in a SIEM solution and reviewed the alerts.  (Of course, no one…

Plight of Passwords

I read an article recently about how a CISO talked his way out of having an internal auditor write up a finding about weak passwords – which eventually lead to a significant and highly publicized breach. The CISO’s argument was that, by implementing strong passwords, users would end up just writing them down, thereby, weakening…

Be Very, Very Quiet – Your Devices May Be Listening

According to Wikipedia, “The Internet of Things (IoT) is the interconnection of uniquely identifiable embedded computing devices within the existing Internet infrastructure. Typically, IoT is expected to offer advanced connectivity of devices, systems, and services that goes beyond machine-to-machine communications (M2M) and cover a variety of protocols, domains, and applications.[1] The interconnection of these embedded devices (including smart objects) is expected to usher…

The Wisdom of the CISO Crowd…In an Era of Security Products and Technologies DELUGE

The list of security products and technologies resulting from searches by even the least sophisticated Internet Search Engines across any of the major security product categories can be quite overwhelming. These categories include ‘firewalls,’ ‘IDS/IPS’, ‘SIEM’ and don’t even mention “Threat Intelligence” since, thanks to the associated market hype-cycle, even vulnerability scanners are now being…

Business Continuity Planning, The CISOs Secret Weapon

BCP.  Three little letters that, unfortunately, strike mind-numbing boredom into most CIOS’s.  The truth is, Business Continuity Planning isn’t synonymous with the excitement that is typically found in the Information Security world. There aren’t nation states trying to subvert your controls, or insiders trying to get away with industrial espionage, or some faceless hactivist group…