CISO Insights

Back to Vendor Listings

What Would Harold Do?

I tell users all the time “Forget everything you learned in Kindergarten.”  It always gets a laugh, gets their attention and gets my point across. It’s not nice to share (your password).  Secrets are really ok (your IP address).  Not only should you not take candy from strangers, you should not take strange candy from…

The Evolution of the CISO

We are seeing that in quite a few organizations the Chief Information Security Officer (CISO) role is going through a period of transition. Leading organizations that didn’t have a CISO role are now actively scoping the responsibilities of this role. To date, the security budget often remains a fraction of total IT spend, and a…

Making Insurance Part of Your Enterprise Risk Management Program – Part Two

In this series, Grace Crickette provides C-Level executives a comprehensive overview of cyber insurance, while addressing business impacts and offering best practices for implementing a risk-management strategy that includes a cyber-liability policy. Part Two: A Very Brief History of Insurance and Coffee Houses Coffee houses or cafés have served as centers of social interaction for patrons…

RSA Conference 2016 – Real-world Metrics, Security Shark Tank and Other Important Highlights

RSA Conference 2016 was a great opportunity to connect with the expansive and expanding world of information security. Just like the threat landscape is continuously changing, so is the landscape of security technology and solution providers to help combat this growing risk. Initially, I was shocked by the volume of people attending the conference. However,…

RSA Conference 2016 Highlights – IT Security as a True Part of the Business

RSA provides great opportunities for the CISO to learn in a compressed and diverse way to help further the implementation and management of their IT Security Programs. My goal this year was to look for guidance that didn’t focus on the old view of aligning the IT Security Program with the business. Mostly this message had the IT Security Program engaging in technical security with a goal of not upsetting business leaders. I was looking for sessions that…

An Assessment of the Framework for Improving Critical Infrastructure Cybersecurity – Part 5

In this five-part series CISO Brian Lozada examines the state of cybersecurity in our nation’s critical infrastructure, what is at risk, what makes it unique and what measures can be taken to bolster its safeguards. Review of the first four installments In the first article in this series, I addressed the growing possibility of cyberwarfare. Many…