Survey | Do you Have a Security Program and How do you measure it?

We’d love to get your feedback! Take this 3 min survey. The goal is to understand how organizations are measuring their security program today and how they want to measure it moving forward. The CISOSHARE team needs your support to find new ways to serve and educate our clients. We will provide the results of...

HIPAA Compliance — Best Practices for Healthcare

A CISO’s most valuable tool, apart from their team, is their security program. These procedures govern an organization’s processes in order to protect its information, as well as computer systems, and assets. Potential threats are always looming, and the possibility of a breach by a hacker, theft of information, or system crash is always at...

CISO Top Roles and Responsibilities [Checklist included]

Many people mistakenly think a CISO (Chief Information Security Officer) is simply the head of technical security operations – sort of an IT manager – and that’s the extent of their role. The truth is that while CISOs must be tech-savvy, their responsibilities demand much more. They must be excellent communicators and leaders, as well...

CISO Best Practices to Communicate and Make Informed Decisions

As the lead protector of information security within an organization, a chief information security officer (CISO) must understand the risks that exist, as well as be able to clearly communicate those risks and possible solutions to the organization’s leadership. In addition to this, they have to be able to make informed decisions about what risks...

Which Security Assessment Frameworks Are Best For Your Organization?

SOC vs ISO vs HITRUST CSF — Which to use? An information security framework organizes the requirements that your security program will be built on and measured against, so choosing the right framework is important. Many times, organizations choose their frameworks based on what a client, partner, or external assessor suggests. This is a big...

Top 5 Tips to Keep in Mind When Implementing a New Security Policy

Any time you implement new security policy into an environment, you’re implementing change. Change can have positive effects, but there are often very specific considerations when producing a new security policy that can make the difference between a policy that meets business needs and one doesn’t Top 5 Tips to Implementing New Security Policy Tip...

RSA Recognizing Security Program Development

RSA Recognizing Security Program Development Thank you, RSA! It started in 2014 when a Security Strategy track was added to the agenda, one that was defined as a covering security program development issues. This year, it’s actually going to the next level, with multiple sessions that talk about security program development. This counts as a...

A Quick Overview of a Security Program and its Components

A security program is the system of policies and processes for protecting the confidentiality, integrity, and availability of information within a business. If you were to walk into an organization and ask “Who is in charge of your information security program?” you would most likely get this answer: It’s with the group charged with managing...

Top 3 Components of a Healthy Security Program

There’s a lot of moving parts to a security program, and trying to keep track of what’s important and what isn’t can quickly become overwhelming. Although there are lots of things to consider when you’re building, retrofitting, or managing an existing security program, there are three main components that to any healthy information security program:...

A List of Information Security Program Documentation

Information security program documentation is important to ensuring that the program is adhered to throughout an organization. This documentation can serve as a means of establishing a benchmark for the security program so that your organization can see the impact of any change and progress. The documentation should also provide enough information to help employees...