Current Topics and Information

Focused on the ever-changing information security landscape

Sub-header Photo


How Do You Measure Third-Party Risk?

How often do thieves use the front door to commit a robbery? I don’t know from experience, but I’ve been told that most go through a window or back door. Third parties can be the back door of a company, and increasingly the source of security failures, financial difficulties, and other problems that disrupt business [...] Read more

Read more

Managing Third-Party Risk

Today, most organizations are outsourcing critical business operations to third parties. While internal business activities present a level of risk, third-party relationships can significantly increase the level of risk an organization is facing.  The quantity, cost and difficulty of performing due diligence on third parties makes managing third-party risk especially challenging. Earlier today we published [...] Read more

Read more

Why Shift Information Risk Management Out of IT?

In my previous blog posts, I discussed how the role of the CISO is changing due to the additional responsibilities that come with managing the risk of information regardless of where it resides, and the shift in security strategies. It is important to understand this background information as it frames the discussion for moving the [...] Read more

Read more

The Evolution of Security Strategies

In my last blog post, I discussed how the role of the Chief Information Security Officer (CISO) has evolved into the Chief Information Risk Officer (CIRO), and the growing list of responsibilities associated with this evolution. This shift raises questions on how to structure reporting relationships that support open communication and collaboration between the CIRO [...] Read more

Read more

The Hard Cold Truth – Somebody Else’s Breach Could Become Your Problem

Did you read yesterday’s article in The New York Times about eBay’s breach? The piece stated that “Security experts warned that stolen information would make eBay customers easy targets for phishing attacks…” And then this morning, Businessweek reported that eBay assured users and stockholders that hackers gained no credit card numbers or other financial information. [...] Read more

Read more

Using Fusion Centers to Improve Situational Awareness

I have been having many discussions lately around the concept of threat intelligence fusion centers. If you haven’t heard of a fusion center, it is an idea originally created by the government to promote information sharing between federal agencies, the military, and state and local governments. According to the National Fusion Center Association, the goals [...] Read more

Read more

The Evolution of the CISO to CIRO

Over the past five years the role of the Chief Information Security Officer (CISO) has changed dramatically, and will probably go through an even more dramatic change during the next five. The CISO typically had a technical role, coming up through the ranks with an IT background, and then moved into security. Their main job function [...] Read more

Read more

Host Based Antivirus Near Its End

I read an article the other day where Symantec's information security chief declares the traditional antivirus is "dead" and "doomed to failure." With recent stories like this in the news, it is apparent that an organization’s security strategy has to include more than just host based antivirus. Antivirus has been seen as a checkbox item organizations [...] Read more

Read more
(128 Results)