Evan Schuman SC Media

Evan Schuman

Most recent articles by Evan Schuman

Rethinking cyber risk

Everyone agrees that risk is essential. They just have different versions of what risk is, Evan Schuman reports. It’s time to rethink risk – both how to operationalize it and how to define it. With all the incompatible views of risk from different stakeholders through an enterprise, it’s hardly surprising that so many organizations struggle…

Where enterprise CISOs go wrong

The best laid plans are often fraught with mistakes – some big, some more nuanced. Evan Schuman looks at where CISOs can fall short. Enterprise security today, at least at the $4 billion annual revenue level and up, is in a precarious place. Despite GDPR and best security practices insisting on having complete global datamaps,…

Compliance: Watch your step!

Avoiding the perilous pitfalls of compliance It’s no secret that Fortune 1000 CISOs struggle with compliance, but the pitfalls that fuel the most fury aren’t typically the ones with regulators (although regulator arguments do come in a close second). No, the battle is often internal, such as fighting over jurisdiction, with the California Consumer Privacy Act…

Going down the ransomware rabbithole

Looking for insights in modern literature to address the challenges facing CISOs might seem farfetched, but there is some logic to this. Lewis Carroll’s Alice’s Adventures in Wonderland and Through the Looking Glass illustrates the challenges posed by ransomware. While this might seem contradictory on the surface, the options and twisted logic Alice faced are…

Inside-out analytics: Solving the enigmatic insider threat

At the risk of potentially alienating a high-demand workforce that potentially can jump to a new company for seemingly minor perks such as company-paid cafeterias or flex time with little oversight, CISOs today find themselves with a challenge. In order to protect their corporations against data breach from internal and external sources, CISOs have a…

CISOs vs. the board

Security chiefs need to tell the board the truth, albeit a more palatable version of the truth. For Fortune 1000 CISOs and CSOs, reporting to their boards of directors is, at best, a complicated and disquieting situation. CISOs must be specific and technical, but not too specific nor technical. They must be honest and comprehensive,…

Next post in Security News