10 New Information Security Roles for the Digitization Era

CEB IT

High demand and a limited pool of people with the right skills and experience make information security staffing a perennial challenge. Further complicating things is the fact that information security teams have not yet adapted to their changing role in digitizing companies.

2015 National Chief Information Security Officer Survey

Cloud Musings

Recent cases have highlighted identity theft, the loss of personal financial data, and the disclosure of sensitive national security information. The executive in the hot seat for preventing these failures is the Chief Information Security Officer (CISO).

IT Infrastructure: 3 Steps to Respond to Today’s Information Security Concerns

CEB IT

In fact, the security group is the only part of the infrastructure function where staffing levels are increasing. Blog Collaborate Across the Organization Information and Data Risk Management Information Technology IT Infrastructure

3 Ways to Protect Firms’ Information Security as they Digitize

CEB IT

The way companies create, sell, and market products, and run the operations to do so, is increasingly based on the use of technology and digital information (see chart 1), and this trend of digitization will only continue more quickly across the next five years.

Is Information Security the Right Profession for Me?

Linux Academy

Wondering if information security is the right profession for you? I’ve been working in information security for many years and have had the opportunity to fill a variety of roles. First off, there are many different jobs within information security.

Information Security Budgets: More Money and More Staff, But Growth Finally Slowing

CEB IT

Information security functions have become far more important to their companies in the past decade, and that’s reflected in how the resources they’re allocated has grown and grown. Security Staffing and Budget Increases.

Budget 130

IDG Contributor Network: Cyber crime as a service forces changes in information security

Network World

Also on Network World: DDoS-for-hire services thrive despite closure of major marketplace +. But for organizations still maturing their defensive measures, here’s what the transformation of cyber crime into an industry means for how you approach information security. Cyber crime has been commercialized. Infecting computers with ransomware or using an advanced persistent threat to pilfer intellectual property no longer requires deep technical knowledge.

Enterprise Meets Consumer Security: Exploring Approaches To Protect Employees At Home

Forrester IT

age of the customer cloud security content security cybersecurity data security endpoint security information security IoT security mobile security network security physical security privacy security & risk

IDG Contributor Network: How to build a thriving information security function despite the talent shortage

ComputerWorld IT Management

It seems that the industry has reached a nearly unanimous conclusion about a key essential for tight information security -- people. You don't have to look at online job postings for long to recognize that most of the posted IT jobs relate to information security, with employers attempting to fill many such positions to shore up their cybersecurity posture. As an example, following a major security breach at the U.S.

Zero Trust Goes Mainstream In Europe

Forrester IT

In addition, general awareness of the Zero Trust security model is much lower in Europe than in the US. age of the customer information security network security security & risk security information & event management (SIEM) zero trust

IDG Contributor Network: 3 new information security jobs for the digital enterprise

Network World

The responsibilities of information security are rapidly changing as enterprises digitize. In this new context, information security is expected to take a strategic role by helping business leaders understand the security implications of their digital strategies; support a quicker pace of technology exploitation and experimentation; and govern a larger, more varied project portfolio.

IDG Contributor Network: To improve information security, enterprises and government must share information

Network World

Information security is forever weaved into our daily lives. From the massive data breaches impacting Target, Yahoo and Anthem to IoT-powered DDoS attacks that take down substantial portions of the internet for extended periods of time, information security impacts everyone.

IDG Contributor Network: The devil is in the details: The importance of tight processes to strong information security

ComputerWorld IT Management

Have you ever pulled a policy or procedure down from the internet, changed a few things and called it your own? If not, you are probably one of a small minority. Most of us have done this from time to time, and building on the work of another (assuming of course that it is not copyrighted) is a good way to start, as long as you make the proper adjustments to meet your specific needs. Therein, however, lies the problem. .

Information Risk: 3 Threat Management Trends to Keep an Eye On

CEB IT

Although the threat management tools and techniques available to chief information security officers (CISOs) have also improved, this still leaves much to do. CISOs in CEB’s networks are focused on three shifts in particular at the moment.

Trends 130

The Self-Licking Ice Cream Cone of Misery for S&R Pro’s Starts with Start Ups

Forrester IT

cybersecurity information security network security security & riskOver the last 2 weeks I have been at the annual shenanigan bonanza that is RSA. I was invited to sit on a “Shark Tank” panel for emerging technology start-ups in Miami, FL. In the span of two weeks I went from seeing the big, well-established companies, who have massive marketing budgets and millions of […].

Budget 117

Information Risk: Bug Bounties Have Gone Mainstream

CEB IT

As the trickle of companies incorporating digitalization into their corporate strategy turns into a flood, information security professionals are warning anyone who’ll listen about the vast array of products and services that may contain critical vulnerabilities in their software.

Next Generation Access and Zero Trust

Forrester IT

A few years ago, the concepts of micro-segmentation and micro-perimeters for Zero Trust were championed by Jon Kindervag, and he showed us how those concepts and their technologies could enable a more secure enterprise. Once those concepts and their associated best practices hit the street, organizations from VMWare to Cisco and Palo Alto Networks quickly […].

Vmware 122

Why CISOs Need Cloud to Secure the Network

CEB IT

This type of connected employee, while a boon to the organization, can be a nightmare to the chief information security officer (CISO). Martha is not only exposing critical data to unknown networks while using WiFi services in public spaces, she is also exposing her company's network to possible threat exposures through external websites. In a modern cloud-centric digital business, the need to access information anywhere and everywhere is a top priority.

How Should CIOs Handle More Cybersecurity Regulations?

The Accidental Successful CIO

As our companies understand the importance of information technology and acquire more and more valuable information, the bad guys keep trying to find ways to break in and steal customer credit card and personal information.

How OPM Could Have Avoided the Data Breach

CTOvision

Recently, a data breach at the Office of Personnel Management ( OPM ) demonstrated once again the vulnerability of data and how even when an organization has seemingly deployed the right tools, security holes can be exploited to gain access to highly sensitive information. This includes highly sensitive records about individuals with clearances and even information that could expose those living undercover.

Prepare for The Cyber Threat : What Executives Need to Know to Manage Risk

CTOvision

Available data suggest that 84% of corporations have malware on their networks. Conducting a holistic review of the organization to identify areas of vulnerability and improve network security is a proactive measure that no organization should overlook. By Matt Southmayd.

Sources of cyber intelligence from governments and academia

CTOvision

Cyber intelligence is a growing discipline in the cybersecurity community, providing important information for cyber defenders in enterprises large and small. This very likely includes an array of external information sources that will include threat news, listings of IP addresses that are known to be associated with malicious sites, information on malicious code, and a variety of other threat information feeds. Striving to make cyber security understandable by people.

Patient Portal Puts a Spotlight on Secure Messaging

CTOvision

Stage 2 requires expanded use of patient portals, as well as implementation of secure messaging, allowing patients to exchange information with physicians regarding their health care. Secure Messaging Requires Authentication and Secure Networks. Network Security.

Internet Two Seeks Chief Cyberinfrastructure Security Officer

CTOvision

Chief Cyberinfrastructure Security Officer. Position Summary: The Internet2 Chief Cyberinfrastructure Security Officer (CCSO) is the leader responsible for establishing the cyberinfrastructure security strategy and direction for Internet2′s global infrastructure programs. The CCSO provides leadership for the Internet2 cyber security program through strong working relationships and collaboration across the staff and community, including policy and operational areas.

How To Use The AWS API With S3 Buckets In Your Pen Test

Perficient - Digital Transformation

In the AWS Management Console, look for the “IAM” link in the Security, Identity, & Compliance section as seen above. Review the information seen on the review page, then complete the “create user” operation by clicking on the “Create user” button.

Symantec Government Symposium 11 March 2014 at the Renaissance Hotel Washington DC

CTOvision

By Bob Gourley DC seems to have a cyber security related event every week. Here are details from the invite: Don’t miss this exciting opportunity to join 1500 IT leaders and innovators on March 11 to collaborate and discuss the top issues in IT security and management.

Catelas: Next-Generation ‘Relationship Forensics’ Software

CTOvision

Catelas is a solution on the market today that maps out large communications networks. Analytical Tool Companies Company Catelas FCPA Financial Services Information security The software''s unique value is its ability to automatically identify the people that matter in any dataset – a specific case (collected data) or across the entire company (log files or email meta-data).

InfoSec Policies and Standards: Some strategic context for those just diving into this world

CTOvision

Organizations are giving more priority to development of information security policies, as protecting their assets is one of the prominent things that needs to be considered. So an organization makes different strategies in implementing a security policy successfully. An information security policy provides management direction and support for information security across the organization. Policies can be enforced by implementing security controls.

The Security Innovation Network Showcase: 3-4 Dec in DC

CTOvision

We have been long-term supporters of the Security Innovation Network (SINET) and believe this group plays an important role in being a catalyst for innovation around enterprise cyber security. This event helps highlight emerging technologies with potential dramatic positive impact on enterprise missions and also helps advance the exchange of ideas around mission needs and concepts of operation on enterprise cyber security. 7 hours Networking and Networking Reception.

The Importance of an Online Encryption Policy

CTOvision

IBM’s latest Cyber Security Intelligence index report shows that: 1.5 There is a 12% year-to-year increase in security events to educate and inform organizations. There are 91,765,453 security events annually. It covers the systematic data management of the company and can also be referred to as information security policy standards when working in an on-premise, cloud, or a hybrid-computing environment.

How Certifications Can Help You Land a Position | Hacking In to Cybersecurity

Linux Academy

The blogs will consist of introducing you to some techniques you can use to help to land a security position, as well as covering some concepts that anyone considering joining the career field should know about. Every day the bad guys get just a little stronger, adding more and more people and crafting more and more attacks that the Security industry just simply cannot keep up with. For individuals coming from outside the IT industry , I recommend Network+ in addition to Security+.

IDG Contributor Network: Security talent management for the digitization era

Network World

Stiff competition for talent and a limited pool of security specialists make information security staffing a perennial challenge. Complicating this is the fact that security has not yet adapted to its changing role as organizations digitize. Now more than ever, information security leaders need to understand the new business environment and adapt how they hire, compete for and manage talent for the digital era.

How Microsoft Word “Protected View” Stops Information Leaks

Perficient - Digital Transformation

Microsoft Word has long offered support for loading images and templates over the network. This often means that the document will look incomplete, because the user is only able to see a preview of the document without any of the content that is linked to a network location.

The Era of Security Breaches

CIO Dashboard

A full 85% of all data-related security breaches today are masterminded by organized crime, according to a 2010 Verizon Data Breach research report. Security experts are warning of a rise in spear phishing attacks. Guest post by Gary Loveland and Nalneesh Gaur.

IDG Contributor Network: Top 5 InfoSec concerns for 2017

Network World

Each and every day, it seems, the tech community wakes up to news of another attack on data security and privacy. As IT professionals, we spend our days working to the best of our knowledge and ability to keep company information secure. Cloudbleed , WannaCry, ransomware , hackers. Some days, however, when news of new attacks hit, it can feel like we’ll never get ahead. As soon as we learn one method of protection, the hackers have invented a new workaround.