Survey | Do you Have a Security Program and How do you measure it?

How do you measure your security program? We’d love to get your feedback! Take this 3 min survey. The goal is to understand how organizations are measuring their security program today and how they want to measure it moving forward. The CISOSHARE team needs your support to find new ways to serve and educate our...

The Healthcare CISO’s Best Practice to HIPAA Compliance [HIPAA Best Practices Download Included]

HIPAA Compliance Best Practice for Healthcare A CISO’s most valuable tool, apart from their team, is their security program. These procedures govern an organization’s processes in order to protect its information, as well as computer systems, and assets. Potential threats are always looming, and the possibility of a breach by a hacker, theft of information,...

CISO | Top Roles & Responsibilities of a Chief Information Security Officer [Checklist included]

CISO | Top Roles and Responsibilities Many people mistakenly think a CISO (Chief Information Security Officer) is simply the head of technical security operations – sort of an IT manager – and that’s the extent of their role. The truth is that while CISOs must be tech-savvy, their responsibilities demand much more. They must be...

CISOs | Best Practices to Understand, Communicate and Make Informed Decisions

CISOs | Guide to Informed Decision Making and Moving it Forward As the lead protector of information security within an organization, a chief information security officer (CISO) must understand the risks that exist, as well as be able to clearly communicate those risks and possible solutions to the organization’s leadership. In addition to this, they...

What Security Assessment Framework Is Best For Your Organization?

How to Choose a Security Assessment Framework | SOC vs ISO vs HITRUST CSF The most important thing that should drive which framework you select is to always begin by understanding your internal business objectives for information security and then to select the framework that best supports this objective. While this is what you should...

Security Policy | Top 5 Tips for Implementing a New Security Policy

Considerations to Keep in Mind When Implementing New Security Policies Any time you implement a new security policy into an environment you are implementing change. Change can have positive effects, but there are often very specific considerations when producing a new security policy that can be the difference between a policy that meets business needs...

Security Program | Start of Security Program Development Content at RSA

RSA Conference Starting to Acknowledge Security Program Development Thank you, RSA! It started in 2014 when a Security Strategy track was added to the agenda, one that was defined as a covering security program development issues. This year, it actually is going to the next level, though, as there are actually a couple sessions that...

Security Program | Overview of a Security Program and the Team that Leads it

What is a Security Program? Who Leads It? A security program is a system for protecting the confidentiality, integrity, and availability of information within a business. If you were to walk into an organization and ask “Where is the information security program?” you would most likely get this answer… It is the group within the organization that...

Security Program Components | Top 3 Components of Healthy Security Program

Top 3 Primary Components of a Healthy Security Program The Primary Security Program Components Include: 1. The structural make-up of the security program This describes what the structure of the program will be. Will there be one security officer for the whole organization or one for each business unit? What are the scope of the...

Security Program Documentation

List of the Security Program Documentation Security Program Charter: This document will illustrate the mission and mandate of the information security program, as well as its overall strategy. It also generally has the scope of the program, documented roles, and responsibilities, the risk mgmt. A system that will be utilized, and the communication framework for...