CISOs Investigate: Vulnerability Management Released to CISOs

A Vulnerability Management Program is made up of a complex matrix of policies, processes and tools that enable security professionals to turn a detective control into an ongoing risk-management operation. Effective risk management is a function of the organization’s ability to manage vulnerabilities. That makes managing vulnerabilities a particularly crucial part of the CISO role.…

Details

The Obsolescence of Passwords

Passwords as a means of authentication have been around for a long time. Their existence is based on the fundamental premise that it is only the consumer or user who has the secret. And in these past 60 years, passwords have served us well. But the premise is becoming less and less true. These days,…

Details

Solving the security fear of commitment

  Here is a fun exercise if you are bored. Go into any grocery or superstore. If you prefer online shopping, log onto your favorite retailer and find/pick any one category of products. Next, count how many brands there are in that one category. Then, count how many different options or different stock keeping units…

Details

Security status unknown

Do CEOs and Boards have any idea what the company’s cybersecurity status is? Cybersecurity and privacy compliance should be a top priority of the Board of Directors and senior management of any publicly traded company, right? Not so fast, kemo sabe. The problem is, everyone thinks that their problems, their issues, their topics should be…

Details

The link between self-control and security

It’s no secret that all it takes is the weakest human link to compromise a company’s cybersecurity. To mitigate this risk, companies need to understand their employees’ habits and behaviors; they need to be aware of their people’s self-control levels when implementing security programs. In a study of 6,000 participants in the Netherlands, a team…

Details

A seat at the table

I’m sometimes asked if I ever experienced difficulties being a woman in the male-dominated cybersecurity field. My answer: “I could write a book on it!” I remember very clearly an incident that took place in a former role when, as a cybersecurity professional, I had to deliver a presentation to a group of men at…

Details

What would the enemy do?

To better train and prepare their company’s employees for cyber attacks, CISOs need to put themselves in the attackers’ shoes to anticipate their motives, means and actions. In a KnowBe4 webinar last week, hacker turned pentesting professional Kevin Mitnick talked about real-life cases of human vulnerability that threat actors could exploit for their benefit and…

Details

Must-Have Skills for CISOs: A CISOs Connect Report

While cybersecurity is dynamic, there are things that are constant. These are the skills that every CISO must have to be successful, whatever the organization and industry, today and in the foreseeable future. In this latest Security Current/ CISOs Connect report, ASRC Federal’s CISO Darren Death combines previous research and his own findings to provide…

Details

Stay tuned for CISOs Investigate: Vulnerability Management

Vulnerabilities cannot be eliminated; they can only be managed. In Security Current’s upcoming report CISOs Investigate: Vulnerability Management, lead writer David Sheidlower (CISO for a construction company) and executive editor Bob Turner (CISO for a higher education institution) share their experiences and best practices in managing vulnerabilities for their organizations. The report also features seven…

Details