ciso

White House kicks infosec team to curb in IT office shakeup

Enlarge / The White House is kicking its information security team to the curb. An internal White House memo published today by Axios reveals that recent changes to the information operations and security organizations there have left the security team in tumult, with many members headed for the door. And the chief of the White […]

White House kicks infosec team to curb in IT office shakeup Read More »

The First 100 Days of the New CISO: Expectations vs. Reality

The situation the new CISO finds on arrival is often different to what they were expecting, but who’s to blame? A painfully recurrent complaint among Chief Information Security Officers (CISO) is the disconnect between what they were promised during the recruitment process, and the actual situation they find upon starting the job. Indeed, it is

The First 100 Days of the New CISO: Expectations vs. Reality Read More »

Every Enterprise Has the Security it Deserves

“Every Enterprise has the security it deserves,” says Oracle Chief Information Officer Mark Sunday. “It begins at the very top. It truly begins with the board, CEO, and the Executive Committee to set the culture and to ensure that the people, process, technology, and the governance processes are in place to ensure the security of

Every Enterprise Has the Security it Deserves Read More »

How to Avoid the “Curse of Firefighting”?

Constant firefighting downgrades the role and the CISO must fight to avoid its gravitational pull With regards to many other C-level roles, the Chief Information Security Officer (CISO) position is a fairly recent creation for many organisations. Although it started to emerge over 15 years ago, it has been spurred further recently by growing concerns

How to Avoid the “Curse of Firefighting”? Read More »

The “Three Lines of Defense” Model Only Works On Trust

A “people” perspective on GRC models It is no big secret that the “Three Lines of Defence” model underpinning many GRC practices in large firms is poorly understood and poorly applied at grass-root levels. Anecdotal evidence we observe in the field every day suggests that many organisations operate it in a variety of hybrid fashions

The “Three Lines of Defense” Model Only Works On Trust Read More »

Managing Risk or managing risks?

The keys to a successful second line of defence There are many risk management methodologies in existence but it is not uncommon to come across large firms still following today simplistic, dysfunctional or flawed practices, in particular around operational risk management. The main issue with many of those approaches is that they are plagued by

Managing Risk or managing risks? Read More »

The CISO and the Business

Keep appointing pure technologists in CISO roles and you’ll never win The Wannacry ransomware attack that affected so many large firms in May 2017 led to a number of animated discussions amongst InfoSec communities. The corrective patch (fixing the vulnerability targeted by the malware) was out since March for supported systems and many firms were

The CISO and the Business Read More »

?
WP Twitter Auto Publish Powered By : XYZScripts.com