Information Security: What You Should Know About Agile, DevOps, and Continuous Delivery

CEB IT

Information security teams, who themselves are no strangers to a rapidly changing work environment , are under pressure to ensure that all this activity doesn’t result in important confidential data ( itself more valuable than it’s ever been ) leaking out of the company – either from carelessness or criminal intent. 10 Ways Digitalization is Upending Information Security. unfulfilled security requirements) in the past twelve months.

The Small Business Guide to Information Security

Galido

Information Technology Blog - - The Small Business Guide to Information Security - Information Technology Blog. Information security is a major issue in the business world, and security breaches cost businesses millions of dollars per year. As a matter of fact, it was reported that each cyber attack costs small business owners $200,000 on average, which is more than enough to put many out of business. IT Security

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

10 New Information Security Roles for the Digitization Era

CEB IT

High demand and a limited pool of people with the right skills and experience make information security staffing a perennial challenge. Further complicating things is the fact that information security teams have not yet adapted to their changing role in digitizing companies. Digitization requires security staff to play a more diverse range of roles to meet a wider spectrum of demand from the rest of the firm. Product security specialists/managers.

Red Owl Analytics: Enabling information security and compliance teams to proactively tackle insider risk

CTOvision

Red Owl Analytics is a highly regarded provider of a software solution that enables security and compliance teams to proactively tackle their most pressing problem-- insider risk. Their enterprises are awash in data, insider-related security breaches have become a constant, and regulators continue to demand better oversight and surveillance. We offer a software solution that provides unprecedented capabilities to support better monitoring, reporting, and post-incident forensics.

Is Information Security the Right Profession for Me?

Linux Academy

Wondering if information security is the right profession for you? I’ve been working in information security for many years and have had the opportunity to fill a variety of roles. In this post, I’ll fill you in about some of the available jobs in information security and what it takes to succeed in each one. First off, there are many different jobs within information security. Security Analyst (Blue Teamer).

9 biggest information security threats through 2019

Network World

The information security threat landscape is constantly evolving. To help you navigate the terrain, each year the Information Security Forum (ISF) — a nonprofit association that researches and analyzes security and risk management issues on behalf of its members — puts out its Threat Horizon report to provide members with a forward-looking view of the biggest security threats over a two-year period.

2015 National Chief Information Security Officer Survey

Cloud Musings

Recent cases have highlighted identity theft, the loss of personal financial data, and the disclosure of sensitive national security information. The executive in the hot seat for preventing these failures is the Chief Information Security Officer (CISO). Commissioned by the National Cybersecurity Institute at Excelsior College , this data will be used to develop and publish actionable information for use by the day to day cybersecurity professionals.

The CISO Technology Report: Twice A Week Review For Enterprise Security Professionals

CTOvision

Our site CISOtech.com is a repository of articles and information of interest to enterprise security professionals. Any reporting we do here at CTOvision that has relevance for the CISO is archived at that site, plus evaluations on cyber security technologies of interest. We also tailor this reporting in a twice weekly CISO Technology Report. This has become one of our most popular lists, with over 2,000 security professionals subscribing to the report.

The Accellion Data Breach Seems to Be Getting Bigger

GizModo VR

Data breaches have a tendency to grow past initially reported figures. accellion data breach business finance information governance cryptography technology internet articles security security breaches information security data security vulnerability computer security

Report 111

Information Risk: Three Lessons for CISOs from Yahoo’s Rough Six Months

CEB IT

And now, a few months down the line, Yahoo has disclosed what is thought to be the biggest breach yet, which has led to reports that the Verizon deal could be scuttled altogether. But for now, chief information security officers (CISOs) should take three core lessons on board. CISOs also play a critical role in helping the senior M&A team understand how information risks associated with M&A can manifest as business risks with poor financial outcomes.

Automation For The Better Good - Security

Forrester IT

What these tasks have in common (in addition to relying on automation): a critical dependence on security. When you accept that jury duty request, you have faith that your PII (personally identifiable information) is being protected. In a world where infrastructure-as-code scales quickly and massively scales, it is crucial to bake in security at every level of the stack. Information Security. Security Operations & Program Governance.

CISOs top traits revealed in report: Improvement needed

Tech Republic Security

A new Gartner report found only 12% of chief information security officers (CISOs) met the criteria for being considered highly effective

Information Risk: Bug Bounties Have Gone Mainstream

CEB IT

As the trickle of companies incorporating digitalization into their corporate strategy turns into a flood, information security professionals are warning anyone who’ll listen about the vast array of products and services that may contain critical vulnerabilities in their software. As the chief security officer at a technology firm in CEB’s networks explained recently, “We have 40 engineers on staff whose sole job is to break software.

Survey: Data Breaches Driving Customers Away

CIO Dashboard

According to our new Global State of Information Security Survey 2013 , data breaches are driving customers away from businesses around the world. In conjunction with CIO Magazine and CSO Magazine, we recently surveyed 9,300 c-Suite executives, vice presidents and directors of IT & information security from 128 countries. 52% of executives confessed they have lost customers as a result of inadequate information security. The Era of Security Breaches.

Internet Two Seeks Chief Cyberinfrastructure Security Officer

CTOvision

Chief Cyberinfrastructure Security Officer. Position Summary: The Internet2 Chief Cyberinfrastructure Security Officer (CCSO) is the leader responsible for establishing the cyberinfrastructure security strategy and direction for Internet2′s global infrastructure programs. The CCSO provides leadership for the Internet2 cyber security program through strong working relationships and collaboration across the staff and community, including policy and operational areas.

Security industry largely welcomes NCA cyber crime report

Computer Weekly

Most information security professionals support the National Crime Agency's call for help from businesses in pursuing cyber criminals

UPS Data Breach

CTOvision

In a recent report, the company actually lowered its earnings forecasts for the second half of the year. Sensitive information at eBay was recently compromised as well, and the re. Company Cyber Security Trends Cybersecurity Data breach Data security Information security Malware Target Corporation United Parcel Service UPS Data breaches have captured the attention of the American media several times this year.

Data 233

Prepare for The Cyber Threat : What Executives Need to Know to Manage Risk

CTOvision

FBI Director James Comey consistently underscores the threat of cybercrime to corporate America by repeating what security professionals have long known: “there are two kinds of companies in the United States, those who know they have been hacked and those that don’t know they have been hacked.” After action reports of many breach incidents prove that those firms that have prepared in advance can mitigate the damage of attack. Compliance absolutely does not equal security.

Things To Do Right Now About Your Cybersecurity Workforce Crisis

CTOvision

Intel Security has released Hacking the Skills Shortage , a report revealing the current cybersecurity workforce crisis. The report is full of interesting observations. Additional key findings of the survey include: 82% of respondents reported a shortage of cybersecurity skills. Security and IT teams play important roles, but business leaders from across the organization must be involved to mitigate digital risk. Bob Gourley.

Survey 207

New Video: Automating Your Cyber Defenses Including Malware Removal

CTOvision

It highlights ten requirements CTOs, CIOs, CISOs and CFOs should articulate as critical to success in automating security response. Additional context into this topic is available in our research report downloadable here: . Analysis Big Data Cloud Computing CTO Cyber Security DoD and IC Strategy The Future Trends Video Automation Chief information security officer CISO Computer security Malware By Bob Gourley.

Sources of cyber intelligence from governments and academia

CTOvision

Cyber intelligence is a growing discipline in the cybersecurity community, providing important information for cyber defenders in enterprises large and small. This very likely includes an array of external information sources that will include threat news, listings of IP addresses that are known to be associated with malicious sites, information on malicious code, and a variety of other threat information feeds. Striving to make cyber security understandable by people.

InfoSec Policies and Standards: Some strategic context for those just diving into this world

CTOvision

Organizations are giving more priority to development of information security policies, as protecting their assets is one of the prominent things that needs to be considered. So an organization makes different strategies in implementing a security policy successfully. An information security policy provides management direction and support for information security across the organization. Policies can be enforced by implementing security controls.

Explaining discrepancies in different security assessment reports

IT Toolbox

In my work performing independent information security assessments , I love seeing when my clients’ network environments become more secure over time. Steady and predictable progress is key to building a solid information security program and minimizing the risk of incidents and breaches. One thing that comes up every now and then

The Importance of an Online Encryption Policy

CTOvision

With millions of data breach and identity fraud cases reported frequently, Americans are the fraudsters’ favorite targets. IBM’s latest Cyber Security Intelligence index report shows that: 1.5 There is a 12% year-to-year increase in security events to educate and inform organizations. There are 91,765,453 security events annually. The recipient uses a private key that he or she alone can access to decrypt the information.

Photograph Leak Demonstrates Importance of Good Hygiene

CTOvision

The Washington Post , The New York Times , and The Wall Street Journal have dedicated front-page links to the story, in a press wave that will contribute to the public’s increasing exposure to cybersecurity concepts and the growing importance of information security. Several news sources have reported that the photos were stolen from iCloud, Apple’s cloud service for storing media and documents. By Shannon Perry.

Video Shows What To Do When Your Cyber Adversaries Are Automating

CTOvision

It highlights ten requirements CTOs, CIOs, CISOs and CFOs should articulate as critical to success in automating security response. Additional context into this topic is available in our research report downloadable here: . Analysis CTO Cyber Security DoD and IC Automation Chief information security officer CISO Computer security ctovision Malware By Bob Gourley.

Video 235

How OPM Could Have Avoided the Data Breach

CTOvision

Recently, a data breach at the Office of Personnel Management ( OPM ) demonstrated once again the vulnerability of data and how even when an organization has seemingly deployed the right tools, security holes can be exploited to gain access to highly sensitive information. This includes highly sensitive records about individuals with clearances and even information that could expose those living undercover.

Home Depot Breach Update

CTOvision

Last week, CTOVision shared a story from KrebsonSecurity.com , reporting that Home Depot had potentially suffered a large data breach in recent months. In a release dated September 8 th , The Home Depot provided an update on the breach, confirming that a breach had occurred and providing more specific information about the theft, which began in April and lasted through the Summer. The report did not provide about the amount of customers affected. By Shannon Perry.

What You Need To Know About The Administration’s Cybersecurity National Action Plan

CTOvision

The plans calls for the creation of a federal chief information security officer. Will be interesting to see who the CISO reports to. Establish an action plan to enhance the ability of citizens to exchange information with government in ways that keep it secure. Big Data CTO Cyber Security Government Internet of Things Chief information security officer Computer securityBob Gourley.

GovLoop Releases Report: Winning the Cybersecurity Battle

CTOvision

By Pat Fiorenza As part of the Agency of the Future Series, GovLoop has released the report, “ Winning the Cybersecurity Battle. As a nation, we must work collaboratively to ensure that cyber defense strategies are robust and effective to secure our way of life. You can read the report online or can download a PDF here. 49 percent of respondents cited phishing as the largest threat to cyber security at their agency. Cyber Security

Report 179

CISOs forced to adapt to pandemic and other geopolitical risks

Tech Republic Security

A new report finds cyber resilience, security culture, and cloud security are hot topics for chief information security officers

How Should CIOs Handle More Cybersecurity Regulations?

The Accidental Successful CIO

As our companies understand the importance of information technology and acquire more and more valuable information, the bad guys keep trying to find ways to break in and steal customer credit card and personal information. It turns out that regulators have been watching us and they now think that securing the company is important enough that they are starting to create regulations in this area. Keeping the company safe is the job of the CIO Image Credit: Bill Smith.

Stand By For Reporting From the Intelligence and National Security Summit 18-19 Sep 2014 #Intelligence2014

CTOvision

For the next two days in DC over 1000 key leaders from the national security community will be converging in a dynamic examination of intelligence and national security issues at the Intelligence and National Security Summit. Will the National Security Community be capable of offering security protection, including security advice, for massive commercially or privately owned networks of sensors and remotely controllable devices? National Security Agency.

Report 279

Our Security Recommendations Will Help You Handle The Worst Of What 2019 Throws At You

Forrester's Customer Insights

Today we released our 2019 Security & Risk Recommendations report. We collected contributions from our colleagues across the Forrester Security & Risk team to identify the most important actions security leaders should take in 2019. Security leaders have earned board level visibility, […].

Zero Trust Goes Mainstream In Europe

Forrester's Customer Insights

Over the Easter weekend, we released a new research report looking at implementing Zero Trust in Europe. In addition, general awareness of the Zero Trust security model is much lower in Europe than in the US. age of the customer information security network security security & risk security information & event management (SIEM) zero trust

Kaspersky Lab employee reportedly arrested in Russia on treason charges

Network World

One of the leading cybercrime investigators at antivirus vendor Kaspersky Lab was reportedly arrested in Russia as part of a probe into activities that could represent high treason. Russian authorities are investigating Mikhailov in connection to the receipt of money from a foreign organization, an unnamed source close to the FSB reportedly told the newspaper.

Digital Risk Protection In 2018: New Vendors, New Leaders, New Wave

Forrester's Customer Insights

Digital Risk Protection In 2018: New Vendors, New Leaders, New Wave Our “The Forrester New Wave™: Digital Risk Protection, Q3 2018” report is out! cybersecurity information security physical security security & risk security automation & orchestration cyber risk Digital Risk DRP emerging technology Risk Intelligence S&R pros Security & Risk threat intel Wave

Why CIOs Can't Believe All That They Read About Security Breeches (a chief information officer needs an IT strategy to create IT alignment)

The Accidental Successful CIO

This type of assault has almost become part of the definition of information technology. This means that you can’t afford to let your guard down because in most cases the basic steps that you take to secure the company will be good enough to keep most of the bad guys out. The importance of information technology to your company is too great. This is so critical that it should almost be a part of the definition of information technology.

The Era of Security Breaches

CIO Dashboard

A full 85% of all data-related security breaches today are masterminded by organized crime, according to a 2010 Verizon Data Breach research report. With the rise in outsourcing and the advent of cloud-based services , more and more private- business and customer information gets shared among affiliates. Security experts are warning of a rise in spear phishing attacks. If you liked this, you might also like: Cloud Computing and Security: Do You Know Where Your Data Is?

The biggest risk in cloud computing is not doing it

David Linthicum

Gartner’s latest quarterly report “Emerging Risks Report” surveyed 110 senior executives about risk, audit, finance, and compliance at large global organizations. The Top 2 high-impact risks of moving to the cloud are related to information security threats. Not surprisingly, they identified cloud computing as the top concern for the second consecutive quarter. Moving to the cloud means changing major business processes, which adds risk, and the cost of risk.

Survey 282

Information Risk: Growing Budgets Aren’t Enough to Help with Exploding Demand

CEB IT

Over the past few years, as the importance of information security has crept on to the agenda of board meetings at all of the world’s big companies, information security teams have been showered with cash. But those that lead these teams – often called chief information security officers (CISOs) – now find themselves capital rich but labor poor. A more pragmatic solution involves finding efficiencies in existing security processes.

Budget 165

Biden's COVID Plan Includes Billion$ For Cybersecurity

SecureWorld News

Because of this, the President-elect is calling upon Congress to modernize and secure federal IT and its networks. Build shared, secure services to drive transformational projects. Improving security monitoring and incident response activities.

Home Depot Data Breach Settlement: 5 Things It Must Do Now

SecureWorld News

The data breach compromised payment card information of roughly 40 million customers. It has also agreed to strengthen its information security program through a series of steps, which must be done within 180 days of the agreement.