Hackers Are Not Afraid of Frameworks – Part 2
Read Part One All Infrastructure and the NIST Framework. In this series I will take a close look at the Framework for Improving Critical Infrastructure Cybersecurity which NIST first published in…
CISO Insights
Back to Vendor ListingsGoing Down the Slippery Slope
One of the most useful things to me in trying to secure an enterprise like Columbia University is information, and the more information, the better. This means that for most…
The Evolution of Analytics in Cybersecurity
Although information systems logs have been around since the early mainframe days, the concept of collecting and analyzing logs for security purposes is still a relatively new concept. From my…
The Business of Security
More and more devices are being Internet-enabled daily. To securely drive an organization’s digital strategy, CISOs need to better understand business and new technologies across groups within the enterprise. It…
All Infrastructure and the NIST Framework
Each infrastructure is critical to someone. Go ahead: ask a CIO if they are in charge of something other than “critical infrastructure” and see what they say. In fact, the…
Security: It’s Not the Speed that Kills
My friend Randy Marchany tweeted a link to an article “Millennials Value Speed Over Security, Says Survey” that started me thinking about the apparent conflict between speed and security. If…
6 Key Steps to Building an Award-Winning Security Team
It’s impossible to build out a really strong IT security program without the solid foundation of a great security team. Pritesh Parekh, VP and CSO of Zuora, winner of the…
Did the Panama Papers End the Honeymoon for Law Firms?
Try and do an information security risk assessment of a law firm your company uses. Give them an InfoSec security questionnaire to fill out and request key information security documents. And…
It’s the Data, Stupid
I was looking at Facebook the other day (yes, I know – a security guy that uses Facebook – just wait until you have grandkids and a scary message appeared…
And the Password Is…Password!
Passwords are not a means of securing information. Bill Gates told us this in 2004, but it’s 2016 now and this time, we really mean it. Gates’ reasoning was that passwords…