What the Board Thinks About Cybersecurity

Simply put, they’re concerned. Based on a survey of 200 board members by NYSE Governance Services, 66% said they were not confident their companies are properly secured against cyberattacks. The results show that while its clear board members understand the connection between cybersecurity and their companies’ financial viability, there’s a significant disconnect when it comes to breach prevention. This has created a need for CISOs to better understand board member perceptions and become more effective at communicating their cybersecurity strategies in the boardroom. While...

Read More

Backdoor Hacking: Two Dirty Words Worth Learning

Revelations about NSA spying are old news and barely raise eyebrows now that the initial fervor has come and gone. In the information era, people seem to accept that information online isn't as private as it seems — but that complacency is a risky lackadaisy. Backdoor hacking built for justice can be exploited by cybercriminals. Just because some basic spying has been deemed innocuous doesn't mean all monitoring activities are created equal. And with the recent news about alleged backdoors inserted into widely distributed software, it's time to take a look at the reality of...

Read More

How CISOs Can Make a Better Case For Security

As more enterprises become digital businesses and rely on applications to keep pace with innovation, the value of security will continue to grow. However, CISOs often struggle with non-IT executive communication and demonstrating how their programs provide value. For enterprises to remain competitive in this application economy, it is up to CISOs to communicate how strong security programs are linked to corporate performance. For years CISOs have struggled to gain the respect the importance of their role deserves. This is in part because the CISO's role was seen as necessary, but tactical...

Read More

CISO Corner: Barry Caplin, VP, Chief Information Security Official, Fairview Health Services

I spoke with Barry Caplain, VP, Chief Information Security Official, Fairview Health Services, at legnth regarding his security philosophy and the changing role of the CISO. Our conversation can be found here: Who were some of the early influencers in your career? Barry: "I've worked under some great leaders, yet I don't think there is any single person who significantly shaped my career. My views on security and the role of the CISO have evolved over time, so my influencers are varied. I continue to listen to Bruce Schneier as I find his views on security valuable." What...

Read More

Managing Third-Party Security Means Getting Compliance in Check

Compliance is tricky, and vendors are necessary. These two facts account for a lot of headaches in software development, especially in heavily regulated industries (e.g., healthcare and finance) that handle huge volumes of sensitive data as a matter of course. Further compounding these issues is the fact that first parties are generally just as liable for third-party missteps as they are their own errors. Governmental bodies such as the OCC, government-regulated mandates such as the Dodd-Frank Act and industry standards such as PCI all hold first parties accountable when third parties make...

Read More

Hiring App Developers: Secure Traits to Search for in Third Parties

In some ways, hiring a third-party development team is like bringing on a new employee: You look for the traits, skills and experience you want, and you make a qualified decision based on your research. But the process can be much more complex in practice. After all, hiring app developers for a particular project requires you to make a number of considerations and take several risks. While there is no one-size-fits-all test you can use to evaluate your third-party prospects, there are more than a few general traits you can expect all vendors to exhibit, regardless of your industry. Here's...

Read More

Why Security Compliance Is a Yearlong Commitment

Security isn't just a scheduled event or a box on a checklist — and increasingly, neither is security compliance. Sure, countless people reading this article have pulled the "prepare for audit" shuffle, in which entire departments run around like proverbial headless chickens to ready themselves for that dreaded moment when the auditor walks through the door. And that stress makes sense: Keeping up with all those rules, which often seem like they were crafted by people who've never spent a day in development, can be a nightmare. But not all rules are arbitrary —...

Read More

Target Data Breach Settlement Provides Takeaways for Other Businesses

After the 2013 data breach of Target's retail systems, which exposed the customer records of over 70 million customers, some of those affected filed a class-action lawsuit against the company. Target recently settled that lawsuit, putting aside a substantial sum of money, and became a rare example of a data breach victim that had to pay damages. This lawsuit should be seen as a warning to other businesses that additional damages could add to the already costly negative PR and direct financial losses poor security controls can cause. The Target Data Breach Settlement Court documents filed...

Read More

The Internet of Things Puts a Threat on Every Wrist

The Internet has been abuzz with things lately — or maybe it's the other way around. The Internet of Things is here to stay, and that has meant a lot of changes for application and enterprise security. As apps diversify and everything from seemingly innocuous Fitbits to complicated bring-your-own-device programs become the norm, managing threats to secure enterprises will become an increasingly creative and multifaceted endeavor. Soon, keeping track of smartphone OS versions and apps will seem easy compared to the problems brought about by wearables and the latest crop of tablet-...

Read More

Build Third-Party Relationships Through Effective Communication

The fact that communication is a vital aspect of successful third-party relationships is obvious. ("You mean to tell me I have to talk to the companies producing my code? Jeez, next you'll say I have to give them money or something!") That said, simple statements can hold a lot of meaning, and woe be unto companies that don't do a good job communicating in all the forms that interactions with vendors and others can take. Effectively navigating a vendor/customer relationship from start to finish requires a concentrated effort from multiple arms of an organization; on the...

Read More

Pages