Moving Security Programs Forward
Governance, risk, and compliance, commonly referred to as GRC, has been a component of legacy security dogma and cyber security programs for years. It was created during a time (near the early 2000’s, depending on who you ask) when any definition of a security program was considered valid. Because of this, it persists in cyber...
There is a lot of talk about a cyber security resource shortage in our discipline. I get this may seem like the case, and maybe it even is, however what I don’t understand is if the time of our cyber security resources is so valuable then why are all of us wasting so darn much...
Cyber Security Tips for CFOs As organizations continue to prioritize security, CFOs are getting more involved with information security spend and even certain cyber security reporting frameworks. Here are our top tips for CFOs as they become more involved in different areas of cyber security: Sales Process and Customer Requests – Account for security planning...
Why CFOs Need to Start Paying Attention to Security The current cyber security landscape is bringing itself to the forefront of company priorities, especially CFOs. The reason for this can be attributed to the coming trends in security, especially in the way that the current state of security and the coming changes impact the bottom...
Developing Progress-Based Security Programs to Meet Company Goals We’ve discussed why a strict compliance-based approach to security doesn’t work, but these frameworks make a good starting point for progress-based approach to security. So, what does that mean? A progress-based approach to security focuses on the ability to make good decisions, as well as the ability...
Progress-based security program development focuses on the ability to make good decisions while being able to implement those decisions in the shortest possible time frame. Unfortunately, most organizations aren’t taking a progress-based approach to security. Instead, most are strictly complying with different best practice frameworks such as ISO 27001 or NIST 800-53, suggestions from certification...
In our last article, we discussed what’s happened in 2018 that will carry over into 2019. Everyone who interacts with information security in 2019 will be facing tough decisions in the coming year. They will be forced to look in the mirror and ask what kinds of security programs they want to run. This means...
What Happened in Information Security in 2018? Different trends in information security throughout 2018 have set the stage for 2019, which is the year that we’ll all have to look in the mirror and think about where our moral boundaries lie in security. Before we dive into the upcoming information security trends in 2019, we...
Security program trends tend to move in a cycle. I sit in meetings today and hear people asking the same questions they asked back when I started in the cyber security space, only this time there are slightly different answers and solutions. I’ve highlighted some of the security program trends that I’ve seen previously to map...
When a cyber security incident happens, time is of the essence. This is why organizations need to design a plan of action in advance. Simply building a plan isn’t enough, however; every member of your team needs to know what steps to take first. This is why tabletop exercises are an essential part of every...