The Importance of Building a Security Program for IoT

We live in an age of “smart” everything, from smartphones to smart televisions. Even our alarm systems and printers are connected to the Internet, remotely accessible with just the touch of a few buttons. This added convenience creates added security risks, as Sony discovered when hackers found a way into their smart TVs in 2016....

The Key to GDPR Compliance? A Data Privacy Program

If your organization does business in Europe or works with European clients, you may be aware of the EU’s work to create a standardized set of data protection regulations. This framework, known as GDPR (General Data Protection Regulation) gives individuals greater control over their personal data as well as imposing specific rules on organizations that...

CISO Suggestions for the Equifax Breach [One-Page Facts Sheet Included]

By now, most people are somewhat familiar with the facts of the Equifax data security breach. Millions of people had their social security numbers, credit card numbers, addresses, and other personal information stolen. The aftermath has been one of anger, confusion, and a feeling of extreme anxiety – not only among consumers but among other...

What is the General Data Protection Regulation (GDPR?)

If your organization deals with the processing of personal data, maintaining the security and privacy of that data should be an organization’s top priority. The regulation of data security and privacy are constantly changing, and organizations must be aware of these changes. These regulations and protections not only keep your organization’s data secure but are...

A Seasoned CIO Perspective | Top 10 Tips to Improve Your Information Security Program

Author: Mike Gentile with Cameron Cosgrove As security practitioners who have built hundreds of security programs for organizations around the world, the team at CISOSHARE is able to provide a unique perspective on what it takes to design an effective information security program. For this article, we thought it would be helpful to reach outside...

10 Signs You Should Invest in an Information Security Program

The 10 Signs You Should Invest in Security 1. You aren't sure if your company's at risk. 2. Nobody's on the same page about security. 3. Information security is only considered an "IT issue." 4. You don't consider your security program in your budget. 5. Your security program is all policy and no enforcement. 6....

NIST 800-171 Compliance — Is Your Organization Prepared?

When an organization works with government agencies such as the Department of Defense (DoD), protecting sensitive information is key. A whole host of rules and regulations govern how third parties must handle such information, and failure to ensure compliance could result in loss of government contracts. Starting in December 2015, the Defense Federal Acquisition Regulation...

What You Need to Know About Ransomware

Over the past few months, ransomware outbreaks of “WannaCry” and “Petya” have both achieved media headlines. Both outbreaks disrupted or halted business operations of organizations across the globe. Ransomware for past few years has been a growing threat, but now it has matured into a threat that cannot be ignored anymore. Most ransomware infections are...

How Does Information Security Outsourcing Benefit CISOs? | [White Paper Included]

It doesn’t matter if an organization specializes in healthcare, retail sales, or widget manufacturing: every organization needs a comprehensive information security program in order to secure its information from theft, loss, breaches, and other threats. Unfortunately, because of the limited number of available dedicated resources with the requisite skills to build a security program, coupled...

Information Security Architecture Program Explained

An information security architecture program is associated with the management and effectiveness of the suite of preventive and detective safeguards within an environment. The goal of an information security architecture program is to ensure that the implemented security technologies work together to meet organizational goals. This includes understanding the assets and associated data that live...