Rick Holmes, assistant VP and CISO at Union Pacific Railroad, detailed at InfoSec World 2020 how the transportation giant incorporates cybersecurity risk into its larger enterprise risk management process in order to help senior executives estimate losses caused by potential cyber incidents and make better decisions on where to invest in defenses. “We think that…
At InfoSec World 2020 on Tuesday, a pair of risk officers from Party City offered an inside glimpse into how the $2.1 billion specialty retailer pulled off its first-ever top-down enterprise-wide IT risk assessment. Among the chief success factors they cited were: executive buy-in, the collaboration of skilled partners, assuring adequate resources, well-planned project scoping,…
Considering a company’s cybersecurity posture should be partof M&A due diligence, but often it isn’t. Doug Olenick explainswhy that must change. Most home buyers wouldn’t think of paying top dollar for a house, no matter how beautifully designed without considering whether it sits in a crime-ridden neighborhood. Yet, venture capitalists and corporate boards, with all…
The concept of resiliency – whether we’re talking cybersecurity strategies, job markets or individuals – is particularly resonant these days. True, the resiliency of whole nations and their citizens has been tested in the past. During the years of World War II, our great grandparents and maybe even some of our parents saw days of…
Doug Barbin, principal at Schellman and Company, discusses the challenges that security professionals face when it comes to security and privacy assessments, but also provides tips on which assessments bring in the most return on investment.
Updating your risk management program is a critical component of becoming a successful security leader. InfoSec Insider caught up with Argo AI’s CSO Summer Craze Fowler who shared her thoughts on the topic, as well as some proven tips.
Should individuals have the right to have their data removed from search engine results and providers’ systems, and what impact would that have on information security?
A security roadmap is a powerful tool for aligning security processes with business requirements and goals, and improving the general efficacy of the security program.
As a leader, you need to be able to see the forest and chart a path through it.
The security community often gets caught up in the latest and greatest tools and technologies, using those trends as a way to garner attention for the security program. But this strategy can backfire when it comes to real risk management and how seriously security is taken.
