Get Ready for the GDPR, Part 1: An Overview of the Regulation and What It Requires of Data Controllers

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) was enacted on April 27, 2016, with the enforcement date being May 25, 2018. It replaces the European Data Protection Directive (DPD) (Directive 95/46/EC), which was the previous privacy and data protection scheme for the European Union. GDPR is intended to strengthen and unify data protection…

Details

Model-Driven Security is the Future of Identity and Access Management

The most common identity and access management (IAM) authentication control in use today is a user ID and password, and there is growing awareness that passwords are incrementally becoming obsolete as an authentication control. Three billion credentials were harvested in North America in 2016 alone according to Shape Security. You and I know there’s only…

Details

The FBI CISO Academy

If your organization were to experience some sort of cyber incident – e.g., an intrusion of your network, theft of your intellectual property or sensitive data, Internet fraud – does your company have an incident response plan that includes notifying federal law enforcement? If so, do you know what agencies like the FBI do when…

Details

Ideas for Overcoming a Security Talent Shortage

We have all read and probably even lived the statistics. ISACA claims there will be a global shortage of two million cyber security professionals by 2019. Every year in the U.S., 40,000 jobs for information security analysts go unfilled. Maybe some of those positions are in your organization. It’s tough for all of us who…

Details

How Important Is a College Degree to a CISO Position?

As we at Security Current talk to CISOs and other information security leaders on a daily basis, we are often asked career-oriented questions. One frequently asked question is about college degrees: Which degree(s) is most important to help advance a CISO’s career? We understand that people are positioning themselves to climb the corporate ladder, or…

Details

11 CISOs Say Open Source Software Can Be As or More Secure Than Commercial Software, With a Potential for Savings

Eleven Chief Information Security Officers (CISOs) from across industries share insights on the use of open source software in their enterprise environments. Most CISOs agree that open source software generally has been well vetted by a vast development community that quickly finds and fixes vulnerabilities in the software libraries. What’s more, open source provides flexibility…

Details

Rhymes with CISO

In my 10+ years as a CISO, I’ve noticed a trend that appears to only be increasing. What I have observed is a proliferation of job titles that rhyme with CISO. But rather than describing the Chief Information Security Officer, these new titles swap out the word “chief” and come up with something else to describe…

Details