Enterprise CISOs are used to worrying about corporate data leaks via typical mobile, remote locations, IoT and Shadow IT. But what about the vehicles used by so many people who have access to the systems and data you are paid to protect? Although those vehicles technically fall into many of those categories (mobile, remote and…
Everyone agrees that risk is essential. They just have different versions of what risk is, Evan Schuman reports. It’s time to rethink risk – both how to operationalize it and how to define it. With all the incompatible views of risk from different stakeholders through an enterprise, it’s hardly surprising that so many organizations struggle…
When wrestling with compliance requirements, CISOs often feel like they are a performer in the middle of a three-ring circus, rapidly trying to juggle sharp knives. No matter how fast or perfectly they juggle, there is an assistant, or in this case regulator, behind the curtain constantly throwing out more and more knives, each one…
The best laid plans are often fraught with mistakes – some big, some more nuanced. Evan Schuman looks at where CISOs can fall short. Enterprise security today, at least at the $4 billion annual revenue level and up, is in a precarious place. Despite GDPR and best security practices insisting on having complete global datamaps,…
Avoiding the perilous pitfalls of compliance It’s no secret that Fortune 1000 CISOs struggle with compliance, but the pitfalls that fuel the most fury aren’t typically the ones with regulators (although regulator arguments do come in a close second). No, the battle is often internal, such as fighting over jurisdiction, with the California Consumer Privacy Act…
Looking for insights in modern literature to address the challenges facing CISOs might seem farfetched, but there is some logic to this. Lewis Carroll’s Alice’s Adventures in Wonderland and Through the Looking Glass illustrates the challenges posed by ransomware. While this might seem contradictory on the surface, the options and twisted logic Alice faced are…
At the risk of potentially alienating a high-demand workforce that potentially can jump to a new company for seemingly minor perks such as company-paid cafeterias or flex time with little oversight, CISOs today find themselves with a challenge. In order to protect their corporations against data breach from internal and external sources, CISOs have a…
MDM strategies: An embarrassment of niches It is Christmas Day at 2 a.m. and a new mobile device just connected to your network. Your servers are configured to send a text message to alert you when new devices connect, so you immediately know that something has happened. But you have no policy that requires that…
Security chiefs need to tell the board the truth, albeit a more palatable version of the truth. For Fortune 1000 CISOs and CSOs, reporting to their boards of directors is, at best, a complicated and disquieting situation. CISOs must be specific and technical, but not too specific nor technical. They must be honest and comprehensive,…
The future of SIEM is cloudy, literally and figuratively, as companies strive to keep up with potentially billions of events. It has become an industry cliché to say that SIEM (security information and event management) is dead. Some SIEM vendors love those pronouncements because it drives wavering customers to make purchases before their SIEM systems…
