Your business has invested heavily in cybersecurity efforts to safeguard the organization against a range of threats. These investments are largely seen as a way to reduce the financial risks to the business—reduce being the key word. All the technology solutions you implement and the user awareness training you do are not sufficient to completely…
Former Oracle CEO Larry Ellison once famously said, “Privacy is Dead.” However, privacy had been resurrected and killed more times than a Tyrannosaurus Rex in a Spielberg sequel. A recent data breach https://www.wired.com/story/exactis-database-leak-340-million-records/ involving more than 340 million records of U.S. citizens demonstrates why privacy is dead. Again. It’s dead because you never heard of…
You might be perfectly happy in your job right now, but at some point in your career, you might decide that it’s time for a change. Or perhaps your company will be acquired, and the decision for you to move on won’t necessarily be yours to make. Whatever the scenario, the time to prepare for…
Over the years, I’ve counseled numerous information security leaders on how to assign a monetary value to a security solution. It’s important to be able to speak in terms of protecting asset value because that is the language of the board of directors and other executive leaders who must approve a significant expense. In many…
CISOs from across industries selected Aqua Security and LogicHub as the winners of Security Current’s Security Shark Tank® during RSA 2018. The event brought security solutions providers face-to-face with CISO buyers. Participating vendors were given 15 minutes each to pitch their solution in a rapid-fire question and answer format to a panel of information security…
One of the fiduciary responsibilities that CISOs and their fellow C-suite executives have is to ensure that their organization abides by all laws and government regulations pertaining to their business. Failure to follow the letter of the law – or a federal regulation, which operates with the same force and effect as a law passed…
Over the past year or so, board members have become more aware of cybersecurity and their responsibility in this area. As a result, more security officers are being invited to present at a board meeting for the first time. Perhaps you are one of them. If you are a CSO or a CISO and you…
There are specific state and federal laws that require companies to disclose when they have had a data breach, but there are few actual requirements to notify a law enforcement agency when a criminal cybersecurity incident takes place. However, it’s in your best interest to contact a law enforcement agency if an incident or…
This morning, the United States Supreme Court heard oral argument on a case that could decide the fate of the Cloud, the Internet, and the fate of the free world. Or not. The case deals with the thorny issue of “data sovereignty,” that is, whether the location of the data impacts the ability of governments…
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) becomes effective on May 25, 2018. It is an extensive and unifying regulation pertaining primarily to the privacy of personal data belonging to or derived from EU citizens and residents. With its focus on personal privacy, the GDPR is quite different from US regulations which tend…
