Ransomware in Healthcare – Strategies for Protecting the Enterprise – Part One

In this three-part series, Academic Health care CISO Mitch Parker shares his insights on ransomware, incident response and best practices for building a world class prevention program. Ransomware has been the buzzword du jour for the past year in computer security.  This mostly unsophisticated attack type uses deception and already-existing means of communication to destroy…

Details

Will Corporate Security Models Move Toward the EDU Security Model?

No network is impenetrable, a reality that business executives and security professionals alike must accept. The traditional perimeter focused approach to cybersecurity has often failed to prevent intrusions, especially in an application-focused paradigm. While prevention is crucial, timely incident detection of anomalous behaviors for data ex-filtration are key. Continuous monitoring assumes the attackers are already…

Details

Making Insurance Part of Your Enterprise Risk Management Program – Part Three

In this series, Grace Crickette provides C-Level executives a comprehensive overview of cyber insurance, while addressing business impacts and offering best practices for implementing a risk-management strategy that includes a cyber-liability policy. Part One Part Two Part Three: Risk Management and Insurance Basics Insurance and Risk Management Basics Insurance is just one tool in the Risk…

Details

Protecting the Republican National Convention – My Reflections

As the 2016 Republican and Democratic National Conventions are about to begin, Security Current has challenged me to reflect on an assignment I was given when I was an IT security executive at a major cable, telecommunications and Internet Service Provider. Over four years ago, I was given the opportunity to build from the ground…

Details

The Business of Security

More and more devices are being Internet-enabled daily. To securely drive an organization’s digital strategy, CISOs need to better understand business and new technologies across groups within the enterprise. It is critical to learn how to create value from their data, and understand technical capabilities for the whole business, not just in the IT domain,…

Details

Security: It’s Not the Speed that Kills

My friend Randy Marchany tweeted a link to an article “Millennials Value Speed Over Security, Says Survey”  that started me thinking about the apparent conflict between speed and security.  If you google “Agile software development,” you will see a Wikipedia page, which extensively covers the topic. “Agile software development is a set of principles for software development in…

Details