The best laid plans are often fraught with mistakes – some big, some more nuanced. Evan Schuman looks at where CISOs can fall short. Enterprise security today, at least at the $4 billion annual revenue level and up, is in a precarious place. Despite GDPR and best security practices insisting on having complete global datamaps,…
Avoiding the perilous pitfalls of compliance It’s no secret that Fortune 1000 CISOs struggle with compliance, but the pitfalls that fuel the most fury aren’t typically the ones with regulators (although regulator arguments do come in a close second). No, the battle is often internal, such as fighting over jurisdiction, with the California Consumer Privacy Act…
Looking for insights in modern literature to address the challenges facing CISOs might seem farfetched, but there is some logic to this. Lewis Carroll’s Alice’s Adventures in Wonderland and Through the Looking Glass illustrates the challenges posed by ransomware. While this might seem contradictory on the surface, the options and twisted logic Alice faced are…
At the risk of potentially alienating a high-demand workforce that potentially can jump to a new company for seemingly minor perks such as company-paid cafeterias or flex time with little oversight, CISOs today find themselves with a challenge. In order to protect their corporations against data breach from internal and external sources, CISOs have a…
MDM strategies: An embarrassment of niches It is Christmas Day at 2 a.m. and a new mobile device just connected to your network. Your servers are configured to send a text message to alert you when new devices connect, so you immediately know that something has happened. But you have no policy that requires that…
Security chiefs need to tell the board the truth, albeit a more palatable version of the truth. For Fortune 1000 CISOs and CSOs, reporting to their boards of directors is, at best, a complicated and disquieting situation. CISOs must be specific and technical, but not too specific nor technical. They must be honest and comprehensive,…
The future of SIEM is cloudy, literally and figuratively, as companies strive to keep up with potentially billions of events. It has become an industry cliché to say that SIEM (security information and event management) is dead. Some SIEM vendors love those pronouncements because it drives wavering customers to make purchases before their SIEM systems…
Man vs machine: The future of AI Fear of successful cyberattacks meets fear of unintended consequences when machine learning is your first line of defense. Evan Schuman reports. Fear can be a great motivator. If you are afraid that a human cannot make a decision fast enough to stop a cyberattack, you might opt for…
The long-acknowledged core problem with threat intelligence today is the software equivalent of a Yin and Yang situation. The algorithms are smart enough to catch a massive number of log anomalies, detecting any pattern deviation that might indicate an attack attempt. That said, they are not yet smart enough to identify accurately the real threats…
The future of SIEM is cloudy, literally and figuratively, as companies strive to keep up with potentially billions of events. It has become an industry cliché to say that SIEM (security information and event management) is dead. Some SIEM vendors love those pronouncements because it drives wavering customers to make purchases before their SIEM systems…
