Category Archives: CISO Insights

CISO Insights

Security and Privacy are essential in today’s digital economy. 2014 was a year of large-scale security and privacy breaches, leaving everyone asking themselves how much should we trust companies with…

The Question of the Questions

CISO InsightsBy David Sheidlower January 13, 2015 Leave a comment

Incessant questioning can reduce the best thinking to no more than a background chorus of “Are we there yet?” But there are still some things that have to be asked.…

What’s Different About the Sony Hack… And What’s Not?

CISO InsightsBy Larry Whiteside Jr.December 23, 2014 Leave a comment

Sony, Sony, Sony. Do you even realize what has just happened to you? Can you even comprehend the ripple effect this event will have not just on your industry, but everywhere?…

GRC Debunker

CISO InsightsBy David Sheidlower December 11, 2014 Leave a comment

(UPDATED) CISO’s and their teams are not just producers of risk analyses and assessments. We are also consumers of them. They come from many sources. The main four are: Responses from…

For Whom the Bell Curve Tolls

CISO InsightsBy David Sheidlower December 2, 2014 Leave a comment

People prefer to choose the groups they are in. Even before social media exploited that, there were fan clubs, fraternities, sororities, and many different kinds of groups that people associated…

From the War Room to the Boardroom – The True Elevation of the CISO

CISO InsightsBy John Masserini November 21, 2014 Leave a comment

In the aftermath of the Target breach, there has been a lot of press on the need for a Chief Information Security Officer (CISO) in the boardroom. The Wall Street…

Walking the Security Tightrope

CISO InsightsBy Joel Rosenblatt November 20, 2014 Leave a comment

Some 38 years ago, I started working for the systems group at CUCCA (Columbia Center for Computing Activities). I was fresh out of engineering school (Columbia, by coincidence) and a…

Take the Test: Are You Ready to Tame Your Vendor Security Risk Monster?

CISO InsightsBy Farhaad Nero November 13, 2014 Leave a comment

How do you measure how mature your vendor security risk assessment program is? How do you measure your ability to lead or develop such a program? Would it be safe…

Application Security – Redux

CISO InsightsBy Randy Marchany November 7, 2014 Leave a comment

When you’re on a roll, ride it out. I’ve been on the “Redux” train for a couple of days. I usually do this when I review our security architecture initiatives…

Deja Vu All Over Again – DDoS Amplification Attacks

CISO InsightsBy Randy Marchany November 4, 2014 Leave a comment

Yep, it’s time to use this title again. This time we’re talking about Distributed Denial of Service (DDoS) amplification attacks. One of the lists I monitor posted the following: Christian…