What a CISO Needs to Know about Cybersecurity and the Law: Privacy, Trends, and the Vagaries of Cyber Law

One of the fiduciary responsibilities that CISOs and their fellow C-suite executives have is to ensure that their organization abides by all laws and government regulations pertaining to their business. Failure to follow the letter of the law – or a federal regulation, which operates with the same force and effect as a law passed…

Details

It’s 10 PM. Do You Know Where Your Data Is? By Mark Rasch

This morning, the United States Supreme Court heard oral argument on a case that could decide the fate of the Cloud, the Internet, and the fate of the free world. Or not. The case deals with the thorny issue of “data sovereignty,” that is, whether the location of the data impacts the ability of governments…

Details

Get Ready for the GDPR, Part 1: An Overview of the Regulation and What It Requires of Data Controllers

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) was enacted on April 27, 2016, with the enforcement date being May 25, 2018. It replaces the European Data Protection Directive (DPD) (Directive 95/46/EC), which was the previous privacy and data protection scheme for the European Union. GDPR is intended to strengthen and unify data protection…

Details

Model-Driven Security is the Future of Identity and Access Management

The most common identity and access management (IAM) authentication control in use today is a user ID and password, and there is growing awareness that passwords are incrementally becoming obsolete as an authentication control. Three billion credentials were harvested in North America in 2016 alone according to Shape Security. You and I know there’s only…

Details

The FBI CISO Academy

If your organization were to experience some sort of cyber incident – e.g., an intrusion of your network, theft of your intellectual property or sensitive data, Internet fraud – does your company have an incident response plan that includes notifying federal law enforcement? If so, do you know what agencies like the FBI do when…

Details

Ideas for Overcoming a Security Talent Shortage

We have all read and probably even lived the statistics. ISACA claims there will be a global shortage of two million cyber security professionals by 2019. Every year in the U.S., 40,000 jobs for information security analysts go unfilled. Maybe some of those positions are in your organization. It’s tough for all of us who…

Details