Big Data And Us Little People
The last series I wrote for securitycurrent dealt with principles of data security and privacy. Many authorities charged with enforcing data protection accept the principles. They are based on the idea that…
CISO Insights
Back to Vendor ListingsAre CISOs Better Off When They Think Like Security Entrepreneurs?
Recently I have begun to think about the strengths that make a good CISO. Some of those include technical understanding, business acumen, strategic vision, collaborative mindset, risk management mindset, and…
Thanks for the CISO Recognition (I think)
Most of you reading this are security practitioners, and I can safely assume that each of you has discussed this topic at conferences and airports for years: Is our role…
Advice for the Incoming CISO of Target
There is no task more difficult for a CISO than stepping into that role at a large organization that has never had a CISO and has recently experienced a devastating…
When is it a Breach?
One of the most difficult decisions a CISO has to make is the one that says the organization suffered a data breach. A data breach starts a chain of events…
CISOs as Rock Stars. Really?
Life as a Chief Information Security Officer can oftentimes be hard on the ego. It is surely one career in which it is easy to fall in to an identity…
Heartbeat, Heartbleed or Heartache?
You almost have to be on some deserted island with no Internet access to have not heard about the OpenSSL Heartbleed vulnerability. This vulnerability is very serious and pervasive because…
Why I Hate Phishing
Thursday, April 18 started out as a normal day (except for all of the Heartbleed hubbub), that was, until we realized that the University had been hit with about 32K…
Securing the Enterprise: Crazy Ideas from the Ivory Tower
Doing security at a university is both interesting and scary. Because you have to provide both an open environment for research and instruction, and enterprise level security for the business…
Cyber Defense: We’ve Been Doing It Backwards
The number of breaches that have occurred in the past 12 months (Target, U of MD, etc.) serve as a warning that traditional defense mechanisms are not working. I ask…