CISO Tips for Risk Communication: How to Effectively Position Yourself in the Boardroom

There is always a silver lining. When it comes to the recent surge of information security issues, the silver lining is these breaches have given CISOs increased prominence within their enterprises. What was once just one aspect of a CIO or CTO's role is now a full-fledged area of responsibility with direct access to the highest levels of the organization. Presenting to the C-suite or the boardroom can be massively beneficial for your department overall; it can also be incredibly daunting. Learning the right process for risk communication, as detailed in a recent handbook from Forrester...

Read More

Supply-Chain Risk Management: 4 Tips to Tackle the Elephant in the Room

Most companies don't want to talk about their supply chains and risk management in the same sentence, let alone bring this topic to the boardroom. Why? Because, as a recent Harvard Business Review (HBR) article points out, "suppliers tend to be optimistic about the information they provide," while companies looking to bolster their bottom lines without breaking the budget are often willing to accept overly optimistic promises, layer in third-party software and hope that's enough to cover any supply-chain risk management issues. In any other line-of-business effort, this...

Read More

Veracode Webinar Explains How to Beef Up Vulnerability Disclosure and Breach Response

You don't have to be a top-flight security company to understand that breach response and vulnerability disclosure are a huge part of the security process. And you don't need to be a security expert to know that, while they're all very important at a high level, not all actionable flaws are created equal. It's a problem eminent security minds across the industry have spent lots of energy trying to solve: When breaches are as varied as the software they're used to exploit, how do you create a response plan that'll fit all the shapes the average attack can take? The good...

Read More

To Understand How a Secure Application Layer Can Prevent Disaster, Look No Further Than 2014's High-Profile Cyberattacks

2014 was a good year for cybercriminals. Several marquee hacks cost corporations billions of dollars — and, as Veracode's "2014: The Year of the Application Layer Breach" ebook points out, almost all of them originated in the application layer. As businesses of all types become increasingly dependent on software, the number of potential vulnerabilities in their systems skyrockets. From point-of-sale systems to auxiliary event websites, enterprises weave tangled webs of interconnected e-commerce, and a single vulnerability can spell disaster. Here's a look at a few of...

Read More

Threat Intelligence Sharing: Is Your Enterprise Ready?

There's little wonder why the concept of threat-information sharing is becoming so popular: It represents a state where security professionals can share and access real-time threat information, greatly increasing their ability to respond to emerging threats. But while the concept of open threat intelligence is gaining significant traction, the movement is still truly in its infancy. Enterprise CISOs need to understand where this trend stands in order to better prepare intelligence efforts within their organizations. The Industry's New Buzzword The recent surge toward open technologies...

Read More

Beyond the Quadrant: What the 2015 'Gartner Magic Quadrant for AST' Says About the AppSec Market

On August 6, Gartner published the 2015 edition of the "Magic Quadrant for Application Security Testing¹" – and once again, Veracode is positioned in the "Leaders" quadrant. Our position in the quadrant, as well as the subsequent write-up of the company's strengths and cautions, is exciting, as we feel it validates that we are the best pure-play provider of application security. While our position within the quadrant, and Gartner's analysis of our company, is exciting, I found the market write-up equally interesting. Once the Magic Quadrant is released,...

Read More

Embracing Security Analytics and Automation: The Scalability of Security

Depending on your role within an organization, metrics and security analytics can be invaluable benchmarking tools. They can provide ways to improve performance (personal or organizational), as well as paths to more busywork. But whatever you think about them, it's a given that you work with them daily. The statement holds true no matter the size of your company. Tiny companies and multinational megacorps alike use their daily (or hourly, or whatever-ly) numbers fix to get a grip on all sorts of information: employee performance, product performance, how the business stacks up against...

Read More

Are CISOs Spending Too Much Time Focusing on Technology?

Following the onslaught of high-profile cyberattacks reported in the past 12 to 18 months, cybersecurity has become a more frequent topic in board-level conversations. This has created a need for CISOs to better understand board member perceptions and become more effective at communicating their cybersecurity strategies. However, a new study from Deloitte's CISO Transition Lab found CISOs spend 77 percent of their time on technical aspects of the job rather than business strategy aspects. With CISOs spending so much extra time on technology tasks, how can they find time to focus on the...

Read More

SOS: Security Remediation and the Future of Training

In some ways, training is one of the most inherently scalable practices a growing business can implement. What's easier than putting a bunch of employees in a conference room or requiring them to sign into a web-based program, after all? In other ways, however, crucial tasks such as coaching and continuing education don't always get the treatment they deserve, especially as an organization grows. The problem often comes down to two points, namely context and consistency. Take security remediation and other related tasks in the development profession: Putting software together requires...

Read More

The Rise in Global Cyberattacks Highlights the Dangers of Cyberespionage

Recently, the US government announced that a major data breach, likely backed by Chinese hackers, had exposed the data of over 4 million government workers. Government officials believe this incident could be one of the largest breaches of federal employees' data. Though drastic, this is just one of many episodes demonstrating the rise of cybercrime. The number of cyberattacks on the global scale is constantly increasing, with a growing number of advanced persistent threat (APT) groups having run cyberespionage campaigns under the radar for years. The primary targets of these attacks are...

Read More

Pages